A distributed access control model for Java

Molva, Refik;Roudier, Yves
ESORICS 2000, European Symposium On Research In Computer Security, 4-6 Octobre 2000, Toulouse, France / Also published as LNCS, Volume 1895/2000

Despite its fully distributed and multi-party execution model, Java only supports centralized and single party access control. We suggest a new access control model for mobile code that copes with the shortcomings of the current access control model of Java. This new model is based on two key enhancements: the association of access control information with each mobile code segment in the form of attributes and the introduction of intermediate elements in the access control schema. The combination of the current ACL-based approach with the capability scheme achieved through mobile code attributes allows the new access control model to address dynamic multi-party scenarios while keeping the burden of security policy configuration at a minimum. We finally sketch the design of an access control system based on the proposed model using Simple Public Key Infrastructure (SPKI) certificates.


DOI
Type:
Conference
City:
Toulouse
Date:
2000-10-04
Department:
Digital Security
Eurecom Ref:
612
Copyright:
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in ESORICS 2000, European Symposium On Research In Computer Security, 4-6 Octobre 2000, Toulouse, France / Also published as LNCS, Volume 1895/2000 and is available at : http://dx.doi.org/10.1007/10722599

PERMALINK : https://www.eurecom.fr/publication/612