Browse by author
Lookup NU author(s): Ian Welch, Dr Robert Stroud
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Securing application resources or defining finer-grained access control for system resources using the Java security architecture requires manual changes to source code. This is error-prone and cannot be done if only compiled code is present. We show how behavioural reflection can be used to enforce security policies on compiled code. Other authors have implemented code rewriting toolkits that achieve the same effect but they either require policies to be expressed in terms of low level abstractions or require the use of new high level policy languages. Our approach allows reuseable policies to be implemented as metaobjects in a high level object oriented language (Java), and then bound to application objects at loadtime. The binding between metaobjects and objects is implemented through bytecode rewriting under the control of a declarative binding specification. We have implemented this approach using Kava which is a portable reflective Java implementation. Kava allows customisation of a rich range of runtime behaviour, and provides a non-bypassable meta level suitable for implementing security enforcement. We discuss how we have used Kava to show how to secure a third-party application, how we prevent Kava being bypassed, and compare its performance with non-reflective security enforcement.
Author(s): Welch I, Stroud RJ
Publication type: Article
Publication status: Published
Journal: Journal of Computer Security
Year: 2002
Volume: 10
Issue: 4
Pages: 399-432
Print publication date: 01/01/2002
ISSN (print): 0926-227X
ISSN (electronic): 1875-8924
Publisher: IOS Press
