A security framework for reflective Java applications

Caromel, Denis; Vayssière, Julien

doi:10.1002/spe.528

Cited by 2 publications

(2 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First, it will put an unendurable impact on the performance of business transactions because Java security manager checks any access appearing in Java Virtual Machine, which decreases the performance of the whole Java program by 13%∼14% [15] . Second, the specification of security policies is much more complex than that specified in the J2EE deployment descriptor.…”

Section: Handling Invocations To Meta Entitiesmentioning

confidence: 99%

“…The composer is the unique point via which the meta entities can access the base entities. Caromel et al defined a set of Java permissions specific to the base entities and use Java security manager to control the access between the meta entities and the base entities [15] , which suffers the 13%∼14% performance overhead. As mentioned in the section about the access control mechanism between the meta entities, the standard JMX access control suffers the same performance overhead as that of Caromel et al and cannot be seamlessly integrated with the standard J2EE access control.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Access Control Framework for Reflective Middleware

Huang

Sun

2008

J. Comput. Sci. Technol.

View full text Add to dashboard Cite

Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems. Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middleware -PKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.

show abstract

Section: Handling Invocations To Meta Entitiesmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%