SlideShare a Scribd company logo
1 of 11
Download to read offline
Addressing Security Issues in
Programming Languages for
Mobile Code
S. Gritzalis, J. Iliadis
• Department of Information and Communication Systems,
University of the Aegean

DEXA’98

• Department of Informatics,
Technological Educational Institute of Athens
Introduction
• Mobile Code
– travels on heterogeneous networks
– crosses security domains
– is executed upon arrival to the destination

– security concerns
Mobile Code Languages
• Java
general-purpose, object oriented language. Portable in compiled
binary code

• Safe-Tcl
high-level interpreted scripting language

• ActiveX
visual control framework, using COM as the underlying
infrastructure. O/S dependent
Security Issues
Hostile Applets
– attack the Integrity of a system
– violate the user’s Privacy
– limit the Availability of a system
– achieve user’s Annoyance
Java Security
• Sandbox
• Classloader
• Bytecode Verifier
• Security Manager

• JDK 1.2 new security modus operandi
• security policy
• access control
• protection domains
Java Security - Extensions
• Digital Signatures
• Policy Enforcement
– capabilities
– extended stack
introspection
– namespace
management

• Policy Definition

• Secure Code
Distribution
• Corporate-wide
policy
• Confining the use of
Java in a network
domain
Safe-Tcl Security
• Padded cell approach / Dual-Interpreter
– Trusted Interpreter -> Full Tcl
– Untrusted/Restricted Interpreter -> Safe-Tcl

• Command Aliases
• Security Policy
Safe-Tcl Security Extensions
• Authentication of Tclets
• Authentication of Safe-Tcl security
policies
• Confronting with denial-of-service attacks
ActiveX Security
• Applet authentication
• code safe for initialising
• code safe for scripting
• lack of configurable security policy
• ActiveX, Digital Signatures and Firewalls
ActiveX Security - Extensions
• Execution safety
• Software memory protection
– attach proofs of memory protection to code
Conclusions
• Security Scheme
• Detailed Security Policy
• Security Integration

More Related Content

What's hot

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityComputing Cage
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Securitydrkelleher
 
keamanan komputer / computer security
keamanan komputer / computer securitykeamanan komputer / computer security
keamanan komputer / computer securityHendra Fillan
 
Sabate chap2 lab1
Sabate chap2 lab1Sabate chap2 lab1
Sabate chap2 lab1}{it -Boy
 

What's hot (7)

Network Security Terminologies
Network Security TerminologiesNetwork Security Terminologies
Network Security Terminologies
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
 
Network security
Network securityNetwork security
Network security
 
keamanan komputer / computer security
keamanan komputer / computer securitykeamanan komputer / computer security
keamanan komputer / computer security
 
Sabate chap2 lab1
Sabate chap2 lab1Sabate chap2 lab1
Sabate chap2 lab1
 

Similar to Addressing security issues in programming languages for mobile code - Conference Presentation

java-card20232024999999999999999999999999999999999999999999999999999999999999...
java-card20232024999999999999999999999999999999999999999999999999999999999999...java-card20232024999999999999999999999999999999999999999999999999999999999999...
java-card20232024999999999999999999999999999999999999999999999999999999999999...ouahibakellou
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upDileep Kalidindi
 
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...Marcel Winandy
 
Mobile Device Security Training
Mobile Device Security TrainingMobile Device Security Training
Mobile Device Security TrainingBryan Len
 
Cisco integrated security
Cisco integrated securityCisco integrated security
Cisco integrated securityjobyj
 
Security and Privacy in Mobile Cloud Computing
Security and Privacy in Mobile Cloud ComputingSecurity and Privacy in Mobile Cloud Computing
Security and Privacy in Mobile Cloud ComputingRam Kumar K R
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc -  New Encryption Technology Preatorian Secure partners with Cipher loc -  New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Austin Ross
 
Multilayer security mechanism in computer networks (2)
Multilayer security mechanism in computer networks (2)Multilayer security mechanism in computer networks (2)
Multilayer security mechanism in computer networks (2)Alexander Decker
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore developmentgmaran23
 
Multilayer security mechanism in computer networks
Multilayer security mechanism in computer networksMultilayer security mechanism in computer networks
Multilayer security mechanism in computer networksAlexander Decker
 
11.multilayer security mechanism in computer networks
11.multilayer security mechanism in computer networks11.multilayer security mechanism in computer networks
11.multilayer security mechanism in computer networksAlexander Decker
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updatedSantos Kumaar.S
 
DSS Symantec PGP Encryption Fortress 2014 - ArrowECS - RoadShow Baltics
DSS Symantec PGP Encryption Fortress 2014 - ArrowECS - RoadShow BalticsDSS Symantec PGP Encryption Fortress 2014 - ArrowECS - RoadShow Baltics
DSS Symantec PGP Encryption Fortress 2014 - ArrowECS - RoadShow BalticsAndris Soroka
 

Similar to Addressing security issues in programming languages for mobile code - Conference Presentation (20)

java-card20232024999999999999999999999999999999999999999999999999999999999999...
java-card20232024999999999999999999999999999999999999999999999999999999999999...java-card20232024999999999999999999999999999999999999999999999999999999999999...
java-card20232024999999999999999999999999999999999999999999999999999999999999...
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-up
 
20120709 cyber patterns2012
20120709 cyber patterns201220120709 cyber patterns2012
20120709 cyber patterns2012
 
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data ...
 
Mobile Device Security Training
Mobile Device Security TrainingMobile Device Security Training
Mobile Device Security Training
 
Cisco integrated security
Cisco integrated securityCisco integrated security
Cisco integrated security
 
Security and Privacy in Mobile Cloud Computing
Security and Privacy in Mobile Cloud ComputingSecurity and Privacy in Mobile Cloud Computing
Security and Privacy in Mobile Cloud Computing
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc -  New Encryption Technology Preatorian Secure partners with Cipher loc -  New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 
Praetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_OverviewPraetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_Overview
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 
Multilayer security mechanism in computer networks (2)
Multilayer security mechanism in computer networks (2)Multilayer security mechanism in computer networks (2)
Multilayer security mechanism in computer networks (2)
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
Multilayer security mechanism in computer networks
Multilayer security mechanism in computer networksMultilayer security mechanism in computer networks
Multilayer security mechanism in computer networks
 
11.multilayer security mechanism in computer networks
11.multilayer security mechanism in computer networks11.multilayer security mechanism in computer networks
11.multilayer security mechanism in computer networks
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 
DSS Symantec PGP Encryption Fortress 2014 - ArrowECS - RoadShow Baltics
DSS Symantec PGP Encryption Fortress 2014 - ArrowECS - RoadShow BalticsDSS Symantec PGP Encryption Fortress 2014 - ArrowECS - RoadShow Baltics
DSS Symantec PGP Encryption Fortress 2014 - ArrowECS - RoadShow Baltics
 

More from John ILIADIS

Information security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trendsInformation security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trendsJohn ILIADIS
 
Security in RegTech's Playground
Security in RegTech's PlaygroundSecurity in RegTech's Playground
Security in RegTech's PlaygroundJohn ILIADIS
 
Malicious Software. In Greek.
Malicious Software. In Greek.Malicious Software. In Greek.
Malicious Software. In Greek.John ILIADIS
 
PKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsPKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsJohn ILIADIS
 
Reshaping Key Management: A Tale of Two Decades
Reshaping Key Management: A Tale of Two DecadesReshaping Key Management: A Tale of Two Decades
Reshaping Key Management: A Tale of Two DecadesJohn ILIADIS
 
PKI: Is it worth something, or what?
PKI: Is it worth something, or what?PKI: Is it worth something, or what?
PKI: Is it worth something, or what?John ILIADIS
 
Certificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It BeCertificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It BeJohn ILIADIS
 
Evaluating Open Source Security Software
Evaluating Open Source Security SoftwareEvaluating Open Source Security Software
Evaluating Open Source Security SoftwareJohn ILIADIS
 
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...John ILIADIS
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A PrimerJohn ILIADIS
 
PKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringPKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringJohn ILIADIS
 
What is (not) Network Security
What is (not) Network SecurityWhat is (not) Network Security
What is (not) Network SecurityJohn ILIADIS
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayJohn ILIADIS
 

More from John ILIADIS (13)

Information security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trendsInformation security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trends
 
Security in RegTech's Playground
Security in RegTech's PlaygroundSecurity in RegTech's Playground
Security in RegTech's Playground
 
Malicious Software. In Greek.
Malicious Software. In Greek.Malicious Software. In Greek.
Malicious Software. In Greek.
 
PKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsPKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction Systems
 
Reshaping Key Management: A Tale of Two Decades
Reshaping Key Management: A Tale of Two DecadesReshaping Key Management: A Tale of Two Decades
Reshaping Key Management: A Tale of Two Decades
 
PKI: Is it worth something, or what?
PKI: Is it worth something, or what?PKI: Is it worth something, or what?
PKI: Is it worth something, or what?
 
Certificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It BeCertificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It Be
 
Evaluating Open Source Security Software
Evaluating Open Source Security SoftwareEvaluating Open Source Security Software
Evaluating Open Source Security Software
 
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
 
PKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringPKI: Overpromising and Underdelivering
PKI: Overpromising and Underdelivering
 
What is (not) Network Security
What is (not) Network SecurityWhat is (not) Network Security
What is (not) Network Security
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
 

Recently uploaded

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 

Recently uploaded (20)

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 

Addressing security issues in programming languages for mobile code - Conference Presentation

  • 1. Addressing Security Issues in Programming Languages for Mobile Code S. Gritzalis, J. Iliadis • Department of Information and Communication Systems, University of the Aegean DEXA’98 • Department of Informatics, Technological Educational Institute of Athens
  • 2. Introduction • Mobile Code – travels on heterogeneous networks – crosses security domains – is executed upon arrival to the destination – security concerns
  • 3. Mobile Code Languages • Java general-purpose, object oriented language. Portable in compiled binary code • Safe-Tcl high-level interpreted scripting language • ActiveX visual control framework, using COM as the underlying infrastructure. O/S dependent
  • 4. Security Issues Hostile Applets – attack the Integrity of a system – violate the user’s Privacy – limit the Availability of a system – achieve user’s Annoyance
  • 5. Java Security • Sandbox • Classloader • Bytecode Verifier • Security Manager • JDK 1.2 new security modus operandi • security policy • access control • protection domains
  • 6. Java Security - Extensions • Digital Signatures • Policy Enforcement – capabilities – extended stack introspection – namespace management • Policy Definition • Secure Code Distribution • Corporate-wide policy • Confining the use of Java in a network domain
  • 7. Safe-Tcl Security • Padded cell approach / Dual-Interpreter – Trusted Interpreter -> Full Tcl – Untrusted/Restricted Interpreter -> Safe-Tcl • Command Aliases • Security Policy
  • 8. Safe-Tcl Security Extensions • Authentication of Tclets • Authentication of Safe-Tcl security policies • Confronting with denial-of-service attacks
  • 9. ActiveX Security • Applet authentication • code safe for initialising • code safe for scripting • lack of configurable security policy • ActiveX, Digital Signatures and Firewalls
  • 10. ActiveX Security - Extensions • Execution safety • Software memory protection – attach proofs of memory protection to code
  • 11. Conclusions • Security Scheme • Detailed Security Policy • Security Integration