John ILIADIS, profile picture
Uploaded byJohn ILIADIS
436 views

Addressing security issues in programming languages for mobile code - Conference Presentation

The document discusses security concerns related to mobile code across various programming languages, specifically focusing on Java, Safe-Tcl, and ActiveX. It highlights specific security features and vulnerabilities associated with each language, such as sandboxing in Java and the dual-interpreter approach in Safe-Tcl. The need for robust security policies, authentication methods, and protection against attacks like denial-of-service is emphasized throughout.

Embed presentation

Download to read offline
Addressing Security Issues in Programming Languages for Mobile Code S. Gritzalis, J. Iliadis • Department of Information and Communication Systems, University of the Aegean DEXA’98 • Department of Informatics, Technological Educational Institute of Athens
Introduction • Mobile Code – travels on heterogeneous networks – crosses security domains – is executed upon arrival to the destination – security concerns
Mobile Code Languages • Java general-purpose, object oriented language. Portable in compiled binary code • Safe-Tcl high-level interpreted scripting language • ActiveX visual control framework, using COM as the underlying infrastructure. O/S dependent
Security Issues Hostile Applets – attack the Integrity of a system – violate the user’s Privacy – limit the Availability of a system – achieve user’s Annoyance
Java Security • Sandbox • Classloader • Bytecode Verifier • Security Manager • JDK 1.2 new security modus operandi • security policy • access control • protection domains
Java Security - Extensions • Digital Signatures • Policy Enforcement – capabilities – extended stack introspection – namespace management • Policy Definition • Secure Code Distribution • Corporate-wide policy • Confining the use of Java in a network domain
Safe-Tcl Security • Padded cell approach / Dual-Interpreter – Trusted Interpreter -> Full Tcl – Untrusted/Restricted Interpreter -> Safe-Tcl • Command Aliases • Security Policy
Safe-Tcl Security Extensions • Authentication of Tclets • Authentication of Safe-Tcl security policies • Confronting with denial-of-service attacks
ActiveX Security • Applet authentication • code safe for initialising • code safe for scripting • lack of configurable security policy • ActiveX, Digital Signatures and Firewalls
ActiveX Security - Extensions • Execution safety • Software memory protection – attach proofs of memory protection to code
Conclusions • Security Scheme • Detailed Security Policy • Security Integration

More Related Content

PPTX
Network security
byRaaz Karkee
 
PPTX
Network Security Goals
byKabul Education University
 
PPTX
Network Security Issues
byAfreenYousaf
 
PPT
Introduction to computer security syllabus
byAyebazibwe Kenneth
 
PPTX
Digital physical security[present]
byZawawi Mohamad
 
PDF
CipherLoc_OverviewBrochure (1)
byMichael DeLaGarza
 
PPTX
Modern Network Security Issue and Challenge
byIkhtiar Khan Sohan
 
PPTX
Physical Security and Digital Security
byPLN9 Security Services Pvt. Ltd.
 
Network security
byRaaz Karkee
 
Network Security Goals
byKabul Education University
 
Network Security Issues
byAfreenYousaf
 
Introduction to computer security syllabus
byAyebazibwe Kenneth
 
Digital physical security[present]
byZawawi Mohamad
 
CipherLoc_OverviewBrochure (1)
byMichael DeLaGarza
 
Modern Network Security Issue and Challenge
byIkhtiar Khan Sohan
 
Physical Security and Digital Security
byPLN9 Security Services Pvt. Ltd.
 

What's hot

PDF
Computer Security Lecture 1: Overview
byMohamed Loey
 
PPTX
Network security
byquest university nawabshah
 
PPTX
Network Security Terminologies
byuniversity of education,Lahore
 
PPTX
Introduction to Network Security
byComputing Cage
 
PPT
Computer Systems Security
bydrkelleher
 
ODP
keamanan komputer / computer security
byHendra Fillan
 
DOCX
Sabate chap2 lab1
by}{it -Boy
 
Computer Security Lecture 1: Overview
byMohamed Loey
 
Network security
byquest university nawabshah
 
Network Security Terminologies
byuniversity of education,Lahore
 
Introduction to Network Security
byComputing Cage
 
Computer Systems Security
bydrkelleher
 
keamanan komputer / computer security
byHendra Fillan
 
Sabate chap2 lab1
by}{it -Boy
 

Similar to Addressing security issues in programming languages for mobile code - Conference Presentation

PDF
Java Platform Security Architecture
byRamesh Nagappan
 
PPTX
Secure programming language basis
byAnkita Bhalla
 
PPT
SoftwareSecurity.ppt
byssuserfb92ae
 
PDF
Java: A Secure Programming Language for Today's Market
byUncodemy
 
PPTX
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
byMartin Toshev
 
PPT
Java Security
byelliando dias
 
PPT
Software Security topic in Information security .ppt
byismaeelsahib032
 
PPT
Secure programming - Computer and Network Security
byssuser30902e
 
PPT
java-card20232024999999999999999999999999999999999999999999999999999999999999...
byouahibakellou
 
PPTX
From java to android a security analysis
byPragati Rai
 
ODP
Tollas Ferenc - Java security
byveszpremimeetup
 
DOC
Project
bysaprasamir
 
PPTX
Martin Toshev - Java Security Architecture - Codemotion Rome 2019
byCodemotion
 
PPTX
Security Аrchitecture of Тhe Java Platform
byMartin Toshev
 
PDF
Javantura v4 - Security architecture of the Java platform - Martin Toshev
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Security in Java
bySiddharth Coontoor
 
PPT
JavaSecure
bySangbeomKim
 
PDF
Secure JEE Architecture and Programming 101
byMario-Leander Reimer
 
PDF
WhiteList Checker: An Eclipse Plugin to Improve Application Security
byguest56b7565
 
PPTX
JavaOne 2016 - JVM assisted sensitive data
byCharlie Gracie
 
Java Platform Security Architecture
byRamesh Nagappan
 
Secure programming language basis
byAnkita Bhalla
 
SoftwareSecurity.ppt
byssuserfb92ae
 
Java: A Secure Programming Language for Today's Market
byUncodemy
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
byMartin Toshev
 
Java Security
byelliando dias
 
Software Security topic in Information security .ppt
byismaeelsahib032
 
Secure programming - Computer and Network Security
byssuser30902e
 
java-card20232024999999999999999999999999999999999999999999999999999999999999...
byouahibakellou
 
From java to android a security analysis
byPragati Rai
 
Tollas Ferenc - Java security
byveszpremimeetup
 
Project
bysaprasamir
 
Martin Toshev - Java Security Architecture - Codemotion Rome 2019
byCodemotion
 
Security Аrchitecture of Тhe Java Platform
byMartin Toshev
 
Javantura v4 - Security architecture of the Java platform - Martin Toshev
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Security in Java
bySiddharth Coontoor
 
JavaSecure
bySangbeomKim
 
Secure JEE Architecture and Programming 101
byMario-Leander Reimer
 
WhiteList Checker: An Eclipse Plugin to Improve Application Security
byguest56b7565
 
JavaOne 2016 - JVM assisted sensitive data
byCharlie Gracie
 

More from John ILIADIS

PDF
Malicious Software. In Greek.
byJohn ILIADIS
 
PDF
Certificate Revocation: What Is It And What Should It Be
byJohn ILIADIS
 
PDF
Information security and digital payments; thoughts about current trends
byJohn ILIADIS
 
PDF
PKI: Is it worth something, or what?
byJohn ILIADIS
 
PDF
Evaluating Open Source Security Software
byJohn ILIADIS
 
PDF
PKI : The role of TTPs for the Development of secure Transaction Systems
byJohn ILIADIS
 
PDF
Reshaping Key Management: A Tale of Two Decades
byJohn ILIADIS
 
PDF
What is (not) Network Security
byJohn ILIADIS
 
PDF
PKI: Overpromising and Underdelivering
byJohn ILIADIS
 
PDF
E-Commerce Security: A Primer
byJohn ILIADIS
 
PDF
Network Security: Putting Theory into Practice, the Wrong Way
byJohn ILIADIS
 
PDF
Security in RegTech's Playground
byJohn ILIADIS
 
PDF
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
byJohn ILIADIS
 
Malicious Software. In Greek.
byJohn ILIADIS
 
Certificate Revocation: What Is It And What Should It Be
byJohn ILIADIS
 
Information security and digital payments; thoughts about current trends
byJohn ILIADIS
 
PKI: Is it worth something, or what?
byJohn ILIADIS
 
Evaluating Open Source Security Software
byJohn ILIADIS
 
PKI : The role of TTPs for the Development of secure Transaction Systems
byJohn ILIADIS
 
Reshaping Key Management: A Tale of Two Decades
byJohn ILIADIS
 
What is (not) Network Security
byJohn ILIADIS
 
PKI: Overpromising and Underdelivering
byJohn ILIADIS
 
E-Commerce Security: A Primer
byJohn ILIADIS
 
Network Security: Putting Theory into Practice, the Wrong Way
byJohn ILIADIS
 
Security in RegTech's Playground
byJohn ILIADIS
 
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
byJohn ILIADIS
 

Recently uploaded

PPTX
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
PPTX
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
PPTX
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PDF
MAD (1).pdf Mobile application develipment
byprathiT1
 
PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PPTX
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
PDF
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
PDF
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
PDF
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
PDF
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
PDF
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PDF
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
PDF
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
PPTX
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
MAD (1).pdf Mobile application develipment
byprathiT1
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 

Addressing security issues in programming languages for mobile code - Conference Presentation

  • 1.
    Addressing Security Issuesin Programming Languages for Mobile Code S. Gritzalis, J. Iliadis • Department of Information and Communication Systems, University of the Aegean DEXA’98 • Department of Informatics, Technological Educational Institute of Athens
  • 2.
    Introduction • Mobile Code –travels on heterogeneous networks – crosses security domains – is executed upon arrival to the destination – security concerns
  • 3.
    Mobile Code Languages •Java general-purpose, object oriented language. Portable in compiled binary code • Safe-Tcl high-level interpreted scripting language • ActiveX visual control framework, using COM as the underlying infrastructure. O/S dependent
  • 4.
    Security Issues Hostile Applets –attack the Integrity of a system – violate the user’s Privacy – limit the Availability of a system – achieve user’s Annoyance
  • 5.
    Java Security • Sandbox •Classloader • Bytecode Verifier • Security Manager • JDK 1.2 new security modus operandi • security policy • access control • protection domains
  • 6.
    Java Security -Extensions • Digital Signatures • Policy Enforcement – capabilities – extended stack introspection – namespace management • Policy Definition • Secure Code Distribution • Corporate-wide policy • Confining the use of Java in a network domain
  • 7.
    Safe-Tcl Security • Paddedcell approach / Dual-Interpreter – Trusted Interpreter -> Full Tcl – Untrusted/Restricted Interpreter -> Safe-Tcl • Command Aliases • Security Policy
  • 8.
    Safe-Tcl Security Extensions •Authentication of Tclets • Authentication of Safe-Tcl security policies • Confronting with denial-of-service attacks
  • 9.
    ActiveX Security • Appletauthentication • code safe for initialising • code safe for scripting • lack of configurable security policy • ActiveX, Digital Signatures and Firewalls
  • 10.
    ActiveX Security -Extensions • Execution safety • Software memory protection – attach proofs of memory protection to code
  • 11.
    Conclusions • Security Scheme •Detailed Security Policy • Security Integration