Secure execution of Java applets using a remote playground

Author

Malkhi, Dahlia ; Reiter, Michael K. ; Rubin, Aviel D.

Author_Institution

AT&T Labs. Res., Florham Park, NJ, USA

fYear

1998

fDate

3-6 May 1998

Firstpage

40

Lastpage

51

Abstract

Mobile code presents a number of threats to machines that execute it. We introduce an approach for protecting machines and the resources they hold from mobile code, and describe a system based on our approach for protecting host machines from Java 1.1 applets. In our approach, each Java applet downloaded to the protected domain is rerouted to a dedicated machine (or set of machines), the playground, at which it is executed. Prior to execution, the applet is transformed to use the downloading user´s Web browser as a graphics terminal for its input and output, and so the user has the illusion that the applet is running on her own machine. In reality, however, mobile code runs only in the sanitized environment of the playground, where user files cannot be mounted and from which only limited network connections are accepted by machines in the protected domain. Our playground thus provides a second level of defense against mobile code that circumvents language based defenses

Keywords

object-oriented languages; object-oriented programming; parallel programming; security of data; Java applets; Web browser; dedicated machine; downloading user; graphics terminal; host machines; language based defenses; mobile code; network connections; protected domain; remote playground; sanitized environment; secure execution; user files; Computer displays; Computer errors; Computer networks; Computer security; Data security; Graphics; Java; Mobile computing; Physics computing; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on

Conference_Location

Oakland, CA

ISSN

1081-6011

Print_ISBN

0-8186-8386-4

Type

conf

DOI

10.1109/SECPRI.1998.674822

Filename

674822