Isolating untrusted software extensions by custom scoping rules

Fong, Philip W. L.; Orr, Simon

doi:10.1016/j.cl.2009.12.002

Computer Languages, Systems & Structures

2010

DOI: 10.1016/j.cl.2009.12.002

|View full text |Cite

Isolating untrusted software extensions by custom scoping rules

Philip W. L. Fong

Simon Orr

Abstract: In a modern programming language, scoping rules determine the visibility of names in various regions of a program [15]. In this work, we examine the idea of allowing an application developer to customize the scoping rules of its underlying language. We demonstrate that such an ability can serve as the cornerstone of a security architecture for dynamically extensible systems. A run-time module system, ISOMOD, is proposed for the Java platform to facilitate software isolation. A core application may create names… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2012

Publication Types

Select...

Other1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Managing mutiple applications in a service platform

Estublier

Vega

2012

2012 4th International Workshop on Principles of Engineering Service-Oriented Systems (PESOS)

View full text Add to dashboard Cite

Information hiding and hierarchical decomposition are the corner stone of Software Engineering best practices. These principles have been applied in methods, architectures, programming languages, and run-time platforms. It is therefore a big surprise to notice that the recent dynamic service platforms, like OSGi, do not make use of these principles. In OSGi, all services are visible; a client asking for an interface will be wired to any service, randomly selected and implementing that interface,which makes almost impossible protection and encapsulation. Nevertheless, OSGi is very successful for its almost unique capability to support dynamicity; and because the current practice is to run a single application per platform. Unfortunately, the future of gateways, like OSGi, is to manage the "discovery", access and control of resources (logical as well as physical (sensors, devices)) shared by many applications. In the near future, OSGi will have to scale from a light weight mono-application gateway to a full-fledged dynamic platform. We have developed a layer on top of OSGi called APlication Abstract Machine (Apam) which provides OSGi dynamic capabilities, but also introduces a composite concept allowing multiple applications to cover the range isolation/collaboration from "black-box" (information hiding and hierarchical decomposition) to "scrambled eggs" as in service platforms, and through a variety of grey and white boxes with variable degrees of collaboration, sharing and control. The paper presents the state of practice, the challenges future dynamic platforms have to address, and how the Apam platform provides a solution to these issues. An assessment of the first Apam experimentations concludes the paper.

show abstract

Managing mutiple applications in a service platform

Estublier

Vega

2012

2012 4th International Workshop on Principles of Engineering Service-Oriented Systems (PESOS)

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Isolating untrusted software extensions by custom scoping rules

Cited by 1 publication

References 34 publications

Managing mutiple applications in a service platform

Managing mutiple applications in a service platform

Contact Info

Product

Resources

About