Result: Enabling Dynamic Security Policy in the Java Security Manager

Title:
Enabling Dynamic Security Policy in the Java Security Manager
Authors:
Autrel, Fabien, Cuppens-Bouhlahia, Nora, Cuppens, Frédéric
Contributors:
Lab-STICC_TB_CID_SFIIS, Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (Lab-STICC), Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS)-Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS), Département Logique des Usages, Sciences sociales et Sciences de l'Information (LUSSI), Université européenne de Bretagne - European University of Brittany (UEB)-Télécom Bretagne-Institut Mines-Télécom [Paris] (IMT)
Source:
FPS 2012 : 5th International Symposium on Foundations and Practice of Security. :180-193
Publisher Information:
CCSD; Springer, 2012.
Publication Year:
2012
Collection:
collection:UNIV-BREST
collection:CNRS
collection:UNIV-UBS
collection:TELECOM-BRETAGNE
collection:ENIB
collection:LAB-STICC_ENIB
collection:LAB-STICC
collection:TDS-MACS
collection:LAB-STICC_TB
collection:IMTA_LUSSI
collection:LAB-STICC_IMTA
collection:IMT-ATLANTIQUE
collection:INSTITUTS-TELECOM
collection:IMTA_DSD
collection:INSTITUT-MINES-TELECOM
Subject Terms:
[INFO.INFO-CY]Computer Science [cs], Computers and Society [cs.CY]
Subject Geographic:
Montreal, Canada
Original Identifier:
HAL: hal-01162113
Document Type:
Conference conferenceObject<br />Conference papers
Language:
English
ISBN:
978-3-642-37118-9
Relation:
info:eu-repo/semantics/altIdentifier/doi/10.1007/978-3-642-35890-6_23
DOI:
10.1007/978-3-642-35890-6_23
Availability:
https://hal.science/hal-01162113
Accession Number:
edshal.hal.01162113v1
Database:
HAL

Further Information

The Java execution environment includes several security mechanisms. They are found in the language itself, in the class loader, in the class verifier and in the sandbox in which bytecode is executed. The sandbox isolates the executed bytecode from the host on which the Java Virtual Machine (JVM) is executed. The security policy enforced by the sandbox can be configured depending on who runs a program and the origin of the program and offers fine-grained mechanisms to control resource access. However the security policy language offers no higher-level paradigms, such as the abstraction of users into roles, to enable the management of Java security policies into large infrastructures. Moreover those policies are static and cannot change depending on the state of the environment into which they are deployed. We propose in this article an approach to use the OrBAC model to configure the sandbox security policy, allowing the use of an implementation-independent policy language which offers facilities to manage large sets of JVMs, enables the expression of dynamic security policies and offers an advanced administration model.