Your SlideShare is downloading. ×
0
Addressing Security Issues in
Programming Languages for
Mobile Code
S. Gritzalis, J. Iliadis
• Department of Information a...
Introduction
• Mobile Code
– travels on heterogeneous networks
– crosses security domains
– is executed upon arrival to th...
Mobile Code Languages
• Java
general-purpose, object oriented language. Portable in compiled
binary code

• Safe-Tcl
high-...
Security Issues
Hostile Applets
– attack the Integrity of a system
– violate the user’s Privacy
– limit the Availability o...
Java Security
• Sandbox
• Classloader
• Bytecode Verifier
• Security Manager

• JDK 1.2 new security modus operandi
• secu...
Java Security - Extensions
• Digital Signatures
• Policy Enforcement
– capabilities
– extended stack
introspection
– names...
Safe-Tcl Security
• Padded cell approach / Dual-Interpreter
– Trusted Interpreter -> Full Tcl
– Untrusted/Restricted Inter...
Safe-Tcl Security Extensions
• Authentication of Tclets
• Authentication of Safe-Tcl security
policies
• Confronting with ...
ActiveX Security
• Applet authentication
• code safe for initialising
• code safe for scripting
• lack of configurable sec...
ActiveX Security - Extensions
• Execution safety
• Software memory protection
– attach proofs of memory protection to code
Conclusions
• Security Scheme
• Detailed Security Policy
• Security Integration
Upcoming SlideShare
Loading in...5
×

Addressing security issues in programming languages for mobile code - Conference Presentation

64

Published on

The services offered to the Internet community have been constantly increasing the last few years. This is mainly due to the fact that mobile code has matured enough in order to provide the Internet users with high quality applications that can be executed remotely. When a user downloads and executes code from various Internet sources, security issues arise. In this paper, we are addressing the latter and we present a comparative evaluation of the methods used by Java, Safe-Tcl and ActiveX in order to confront with these issues, based on current security functions and implementations as well as on future adjustments and extensions.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
64
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Addressing security issues in programming languages for mobile code - Conference Presentation"

  1. 1. Addressing Security Issues in Programming Languages for Mobile Code S. Gritzalis, J. Iliadis • Department of Information and Communication Systems, University of the Aegean DEXA’98 • Department of Informatics, Technological Educational Institute of Athens
  2. 2. Introduction • Mobile Code – travels on heterogeneous networks – crosses security domains – is executed upon arrival to the destination – security concerns
  3. 3. Mobile Code Languages • Java general-purpose, object oriented language. Portable in compiled binary code • Safe-Tcl high-level interpreted scripting language • ActiveX visual control framework, using COM as the underlying infrastructure. O/S dependent
  4. 4. Security Issues Hostile Applets – attack the Integrity of a system – violate the user’s Privacy – limit the Availability of a system – achieve user’s Annoyance
  5. 5. Java Security • Sandbox • Classloader • Bytecode Verifier • Security Manager • JDK 1.2 new security modus operandi • security policy • access control • protection domains
  6. 6. Java Security - Extensions • Digital Signatures • Policy Enforcement – capabilities – extended stack introspection – namespace management • Policy Definition • Secure Code Distribution • Corporate-wide policy • Confining the use of Java in a network domain
  7. 7. Safe-Tcl Security • Padded cell approach / Dual-Interpreter – Trusted Interpreter -> Full Tcl – Untrusted/Restricted Interpreter -> Safe-Tcl • Command Aliases • Security Policy
  8. 8. Safe-Tcl Security Extensions • Authentication of Tclets • Authentication of Safe-Tcl security policies • Confronting with denial-of-service attacks
  9. 9. ActiveX Security • Applet authentication • code safe for initialising • code safe for scripting • lack of configurable security policy • ActiveX, Digital Signatures and Firewalls
  10. 10. ActiveX Security - Extensions • Execution safety • Software memory protection – attach proofs of memory protection to code
  11. 11. Conclusions • Security Scheme • Detailed Security Policy • Security Integration
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×