A flexible access control service for Java mobile code

Mobile code (MC) technologies provide appealing solutions for the development of Internet applications. For instance, Java technology facilitates dynamic loading of application code from remote servers on to heterogeneous clients distributed all over the Internet. However, executing foreign code that has been loaded from the network raises significant security concerns which limit the diffusion of these technologies. Substantial work has already been done to provide security solutions for protecting both hosting nodes and MC. For example, the Java security architecture evolved from a rigid sandbox model to a more flexible solution where downloaded code can perform any kind of operation, depending on its source location and signature. However, the most widespread security solutions for MC platforms today do not support the sophisticated security policies required in modern inter-organisational environments. This requires expressive languages to specify the policy and flexible mechanisms for policy implementation which cater for code mobility. This paper shows how access control policies for MC-based applications can be specified in a concise and declarative language called Ponder, and how these policies can be implemented within the Java security architecture