R. Pandey, Brant Hashii
{"title":"通过二进制编辑为Java程序提供细粒度的访问控制","authors":"R. Pandey, Brant Hashii","doi":"10.1002/1096-9128(20001210)12:14%3C1405::AID-CPE515%3E3.0.CO;2-O","DOIUrl":null,"url":null,"abstract":"SUMMARY There is considerable interest in programs that can migrate from one host to another and execute. Mobile programs are appealing because they support efficient utilization of network resources and extensibility of information servers. However, since they cross administrative domains, they have the ability to access and possibly misuse a host’s protected resources. In this paper, we present a novel approach for controlling and protecting a site’s resources. In this approach, a site uses a declarative policy language to specify a set of constraints on accesses to resources. A set of code transformation tools enforces these constraints on mobile programs by integrating the access constraint checking code directly into the mobile program and resource definitions. Using this approach, a site does not need to explicitly include calls to reference monitors in order to protect resources. The performance analysis show that the approach performs better than reference monitor-based approaches in many cases. Copyright © 2000 John Wiley & Sons, Ltd.","PeriodicalId":199059,"journal":{"name":"Concurr. Pract. Exp.","volume":"40 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2000-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"59","resultStr":"{\"title\":\"Providing fine-grained access control for Java programs via binary editing\",\"authors\":\"R. Pandey, Brant Hashii\",\"doi\":\"10.1002/1096-9128(20001210)12:14%3C1405::AID-CPE515%3E3.0.CO;2-O\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SUMMARY There is considerable interest in programs that can migrate from one host to another and execute. Mobile programs are appealing because they support efficient utilization of network resources and extensibility of information servers. However, since they cross administrative domains, they have the ability to access and possibly misuse a host’s protected resources. In this paper, we present a novel approach for controlling and protecting a site’s resources. In this approach, a site uses a declarative policy language to specify a set of constraints on accesses to resources. A set of code transformation tools enforces these constraints on mobile programs by integrating the access constraint checking code directly into the mobile program and resource definitions. Using this approach, a site does not need to explicitly include calls to reference monitors in order to protect resources. The performance analysis show that the approach performs better than reference monitor-based approaches in many cases. Copyright © 2000 John Wiley & Sons, Ltd.\",\"PeriodicalId\":199059,\"journal\":{\"name\":\"Concurr. Pract. Exp.\",\"volume\":\"40 4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2000-12-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"59\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Concurr. Pract. Exp.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1002/1096-9128(20001210)12:14%3C1405::AID-CPE515%3E3.0.CO;2-O\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurr. Pract. Exp.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1002/1096-9128(20001210)12:14%3C1405::AID-CPE515%3E3.0.CO;2-O","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 59
Providing fine-grained access control for Java programs via binary editing
SUMMARY There is considerable interest in programs that can migrate from one host to another and execute. Mobile programs are appealing because they support efficient utilization of network resources and extensibility of information servers. However, since they cross administrative domains, they have the ability to access and possibly misuse a host’s protected resources. In this paper, we present a novel approach for controlling and protecting a site’s resources. In this approach, a site uses a declarative policy language to specify a set of constraints on accesses to resources. A set of code transformation tools enforces these constraints on mobile programs by integrating the access constraint checking code directly into the mobile program and resource definitions. Using this approach, a site does not need to explicitly include calls to reference monitors in order to protect resources. The performance analysis show that the approach performs better than reference monitor-based approaches in many cases. Copyright © 2000 John Wiley & Sons, Ltd.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
