Engineering secure software in Java with Confined Types
Jan Vitek - Purdue, CERIAS
Sep 24, 1999
AbstractProgramming languages such as Java allow code fragments downloaded from untrusted hosts to be linked into a running Java Virtual Machine and to interact with installed procedures in subtle ways. While this approach gives great flexibility to the language, it is also inherently risky as the downloaded code may be malicious and designed to ignore local security policies. A security software architecture must therefore protect the system against misbehaved extensions.
This talk addresses the issue of how to engineer secure systems in Java. We show that the security mechanisms provided by the language are inadequate --- they were originally software engineering mechanisms --- and that the security of the system can be breached by innocuous programming mistakes. We give an example in which the Java access control mechanisms fail and opening a the VM to serious attacks. We propose the notion of confined types to strengthen Java's built-in access control mechanisms. Confined types are a backward compatible extension to Java. The goal of confined types is to prevent objects of any of these types from being accessed from the outside of their confining package. We present a simple set of rules that enforce confinement and discuss how to implement these rules in a virtual machine.
This presentation is based on joint work with Boris Bokowski and will be presented at the Object-Oriented Programming, Systems, Languages and Applications Conference in Denver.
About the SpeakerJan Vitek is an Assistant Professor at the department of Computer Sciences of Purdue University. His most recent work investigates aspects of Security for Mobile Code systems. He is interested in techniques for engineering secure software systems. He has a PhD from the University of Geneva, Switzerland, and a Master's in Computer Science from the University of Victoria, Canada.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.