摘要
非信任代码的安全执行是移动代码安全的重要问题之一。携带模型代码方法同时从移动代码的生产者和使用者的角度考虑,为安全执行非信任代码提供了一个系统、全面且有效的解决方案。该方法主要包括安全策略的定义、安全行为模型的生成,以及其验证和安全策略的强制实施。针对已被广泛使用的Java平台,在深入分析其基于访问控制的安全体系结构的基础上,通过对Java核心类的修改和扩展,提出了一种能增加新的安全策略,以及实现MCC方法中安全行为模型验证的方法,为提高Java安全策略的描述能力,以及基于Java平台实现MCC方法,确保更全面的安全机制提供了可行的途径。
Safe execution of untrusted mobile code is one of the key problems in mobile code security. Model-carrying code (MCC) provides a systematic, complete and effective solution to the problem from the viewpoints of both the producer and the consumer of mobile code. MCC mainly includes the specification of security policies, the generation and verification of the security-related behavior model, and the enforcement of security policies. The Java 2 platform is widely used currently. Through the analysis of its access-control-based security architecture, an approach to adding new security policies and the implementation of security-related model verification is presented through modifying and extending the Java 2 kernel classes. The approach can improve Java 2 in supporting security policies, and provides a feasible way to guarantee a more complete security mechanism by implementing MCC based on the Java 2 platform.
出处
《计算机工程与科学》
CSCD
2007年第10期7-10,共4页
Computer Engineering & Science
基金
国家自然科学基金资助项目(60603031)
关键词
携带模型代码
Java安全机制
安全行为模型
形式验证
model carrying code
java security mechanism
security related behavior model
formal verification