Secure Internet Programming - menu
Secure Internet Programming
Princeton University
Department of Computer Science

A New Approach to Mobile Code Security

Dan Seth Wallach

This dissertation presents a novel security architecture called security-passing style and motivates its application to security issues that arise in mobile code systems such as Java. Security-passing style, and its predecessor, stack inspection, allow the system to capture the complex security relationships that occur when trusted and untrusted code are run together and interact closely.

Where traditional security architectures can answer general questions of the form ``can subject X use object Y,'' they fail when considering problems where one subject may be acting on behalf of another, or may be acting on its own behalf. These systems generally have neither the mechanisms to capture the full security context of a request nor the policies expressive enough to be able to resolve whether these requests should be allowed or denied. Issues such as these arise in mobile code systems, requiring new security mechanisms to address their security.

While a number of traditional security architectures, including capability systems and process-structured systems, can be adapted to the secure execution of mobile code, this dissertation describes an architecture that addresses these issues and does it using an efficient implementation that requires no special hardware or language runtime support. Security-passing style has a well defined semantics describing how it works and allowing for proofs of its soundness. These semantics also allow us to produce an implementation that has extremely low overhead (in principal, just over one instruction per method invocation) based on static analysis of the program to be run and dynamic caching to make common-cases execute faster.

PhD Dissertation, Princeton University, January 1999.

GZip'ed Postscript (244k)
PDF (Adobe Acrobat) (432k)