Sharing and transfer of object references is difficult to control in object-=oriented languages.unconstrained sharing poses serious problems for writing secure components in object-oriented languages.In this paper,we present a set of inexpensive syntactic constraints that strengthen encapsulation in object-oriented programs and facilitate the implementation fo secure systems.We introduce two mehcanisms: confined types to impose static scoping on dynamci object references and,for technical rasons,anonymous mehtods which are methods that do not reveal the identity of hte current instance (this).Confined types protect objects from use by untrusted code,while anonymous mehtods allow standard classes to be reused from confined classes.We have implemented a verifier which performs a modular anlaysis of Java programs and provides a static guarantee that confinement is respected.We present security related programming expamples.
展开▼
