Using Reflection as a Mechanism for Enforcing Security Policies in Mobile Code

摘要

Several authors have proposed using code modification as a technique forenforcing security policies such as resource limits, access controls, and network information flows. However, these approaches are typically ad hoc and are implemented without a high level abstract framework based on the semantics of the underlying programming language. We have developed a reflective version of Java called Kava that uses byte-code rewriting techniques to insert pre-defined books into Java class files at load time. This makes it possible to specify and implement security policies for mobile code in a more abstract and flexible way. Our mechanism could be used as a more principled way of enforcing some of the existing security policies described in the literature. The advantages of our approach over related work (SASI, J-Res, etc.) are that we can guarantee that our security mechanisms cannot be bypassed, a property we call strong, non-bypassability, and that our approach provides the high level abstractions needed to build useful security policies.