When to trust mobile objects: access control in the Jini/sup TM/ Software System

Abstract

Future developments in computing, and in consumer electronics, will involve a considerable degree of convergence: applications will work together to locate and provide services. If this convergence is to be implemented successfully, then a shared model for reliable service provision is required. The recently released Jini/sup TM/ Software System (1.0) is an attempt to meet this requirement through object orientation. Based entirely upon existing Java/sup TM/ 2 technology, Jini is a set of protocols and programming models for peer-to-peer service provision using downloaded code and remote method invocation. The paper examines the way in which the Jini Software System will be used. It shows that the existing mechanisms for access control and secure operation provided by Java may prove inadequate in a Jini environment: a Jini enabled device will be vulnerable to attack from its peers. Similar problems may be encountered in other related technologies, such as Enterprise Java Beans. An account of the Jini technology is followed by an exploration of the inadequacies and vulnerabilities; concrete examples are provided to illustrate the possible attacks. The paper ends by showing how the existing specification may be enhanced to produce a secure system without significantly reducing either functionality or flexibility.