Security Enhanced Java: Mandatory Access Control for the Java Virtual Machine

Abstract : Since 70's, and despite its operational complex- ity, Mandatory Access Control (MAC) has demon- strated its reliability to enforce integrity and confi- dentiality. Surprisingly, the Java technology, despite its popularity, has not yet adopted this protection principle. Current security features within the JVM (JAAS and bytecode verifier) can be bypassed, as demonstrated by summer 2012 attacks. Thus, a MAC model for Java and a cross platform reference monitor are required for the Java Virtual Machine. Security Enhanced Java (SEJava) enables to control dynamical ly the information flows between al l the Java objects requiring neither bytecode nor source code instrumentations. The main idea is to consider Java types as security contexts, and method calls / field accesses as permissions. SEJava allows fine- grain MAC rules between the Java objects. Thus, SEJava controls all the information flows within the JVM. Our implementation is faster than concur- rent approaches while allowing both finer and more advanced controls. A use case shows the efficiency to protect against Common Vulnerability and Expo- sures in an efficient manner.
Type de document :
Communication dans un congrès
ISORC - 6h IEEE International Symposium on Object, Component, and Service-Oriented Real-Time Distributed Computing - 2013, Jun 2013, Paderborn, Germany. 2013
Liste complète des métadonnées

https://hal.inria.fr/hal-00840729
Contributeur : Jérémy Briffaut <>
Soumis le : mardi 2 juillet 2013 - 22:47:15
Dernière modification le : mercredi 29 novembre 2017 - 10:19:57

Identifiants

  • HAL Id : hal-00840729, version 1

Collections

Citation

Benjamin Venelle, Jérémy Briffaut, Laurent Clévy, C. Toinard. Security Enhanced Java: Mandatory Access Control for the Java Virtual Machine. ISORC - 6h IEEE International Symposium on Object, Component, and Service-Oriented Real-Time Distributed Computing - 2013, Jun 2013, Paderborn, Germany. 2013. 〈hal-00840729〉

Partager

Métriques

Consultations de la notice

145