Open AccessBook Chapter10.1007/3-540-45337-7_14

Reflections on MOPs, Components, and Java Security

- 18 Jun 2001

- pp 256-274

TL;DR: In this paper, the authors investigate the security issues raised by the use of meta-programming systems with Java and show that the choice of a particular MOP architecture has a strong impact on security issues.

Abstract: This article investigates the security issues raised by the use of meta-programming systems with Java. For each possible type of MOP (compile-time, load-time, etc.), we study the permissions required for both the base and the meta-level protection domains, taking into account the flowof control between the different parts of the application.We showtha t the choice of a particular MOP architecture has a strong impact on security issues. Assuming a component-based architecture with code from various origins having different levels of trust, we establish a set of rules for combining the permissions associated with each protection domain (integration, base-level, meta-level, etc.).

AI Agents for this Paper

Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps

Most frequently asked questions

1. What have the authors contributed in "Reflections on mops, components, and java security" ?

This article investigates the security issues raised by the use of meta-programming systems with Java.. For each possible type of MOP ( compile-time, load-time, etc. ), the authors study the permissions required for both the base and the meta-level protection domains, taking into account the flow of control between the different parts of the application.. The authors show that the choice of a particular MOP architecture has a strong impact on security issues.

Fig. 1. Calls and callbacks between components

Fig. 7. Summary of the constraints on the permission sets

Fig. 4. Load-time MOP for implementing a run-time MOP

Citations

Motivation and Requirements for a Versatile AOP Kernel

Éric Tanter

- 01 Jan 2004

TL;DR: This paper suggests to include common functionality into a versatile kernel for AOP, which alleviates the task of implementing an aspect-oriented approach by taking care of basic program alterations and lets several approaches coexist without breaking each other.

...read moreread less

Journal Article•10.1093/COMJNL/46.5.578

Re-engineering Security as a Crosscutting Concern

Ian Welch, +1 more

- 01 Jan 2003

- The Computer Journal

TL;DR: A third-party application is re-engineered using a reflective security architecture that allows security to be treated as a crosscutting concern, which has resulted in a considerable reduction in tangling between application code and security code.

...read moreread less

•Dissertation

On the security of Java Card platforms against hardware attacks

Guillaume Barbu

- 03 Sep 2012

TL;DR: This thesis proves that the type-safety property, the control-flow integrity and the application isolation can be tampered with by the combination of adequate fault injections and malicious applications and presents different approaches allowing to improve the resistance of Java Cards and Java Card applications against combined attacks.

...read moreread less

•Book Chapter•10.1007/3-540-45429-2_9

A Simple Security-Aware MOP for Java

Denis Caromel, +2 more

- 25 Sep 2001

- Lecture Notes in Computer Science

TL;DR: It is proved that, but giving all permissions only to the kernel of the MOP and by using Java's built-in mechanism for propagating security contexts, the permissions required by base-level and meta-level code do not interfere.

...read moreread less

Journal Article•10.1002/SPE.528

A security framework for reflective Java applications

Denis Caromel, +1 more

- 25 Jul 2003

- Software - Practice and Experience

TL;DR: This paper presents a security framework for enforcing access control between metalevel components and the baselevel components they reflect on, and extends the standard security architecture of Java to provide security for a fully‐functional proxy‐based MOP for Java.

...read moreread less

...

Expand

References

•Book

Design Patterns: Elements of Reusable Object-Oriented Software

Erich Gamma, +3 more

- 01 Jan 1994

TL;DR: The book is an introduction to the idea of design patterns in software engineering, and a catalog of twenty-three common patterns, which most experienced OOP designers will find out they've known about patterns all along.

...read moreread less

24.8K

Journal Article•10.1109/2.485845

Role-based access control models

Ravi Sandhu, +3 more

- 01 Feb 1996

- IEEE Computer

TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.

...read moreread less

6.1K

•Book

The Java Language Specification

James Gosling, +2 more

- 12 Sep 1996

TL;DR: The Java Language Specification, Second Edition is the definitive technical reference for the Java programming language and provides complete, accurate, and detailed coverage of the syntax and semantics of the Java language.

...read moreread less

4.8K

•Book

The Java Virtual Machine Specification

Tim Lindholm, +1 more

- 19 Sep 1996

TL;DR: In this article, the authors present a detailed overview of the Java Virtual Machine, including the internal structure of the class file format, the internal form of Fully Qualified Class and Interface names, and the implementation of new class instances.

...read moreread less

3.1K

Journal Article•10.1109/PROC.1975.9939

The protection of information in computer systems

Jerome H. Saltzer, +1 more

- 01 Sep 1975

TL;DR: In this article, the authors explore the mechanics of protecting computer-stored information from unauthorized use or modification, focusing on those architectural structures-whether hardware or software-that are necessary to support information protection.

...read moreread less

2.3K

...

Expand

Reflections on MOPs, Components, and Java Security

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What have the authors contributed in "Reflections on mops, components, and java security" ?

Figures

Citations

Motivation and Requirements for a Versatile AOP Kernel

Re-engineering Security as a Crosscutting Concern

On the security of Java Card platforms against hardware attacks

A Simple Security-Aware MOP for Java

A security framework for reflective Java applications

References

Design Patterns: Elements of Reusable Object-Oriented Software

Role-based access control models

The Java Language Specification

The Java Virtual Machine Specification

The protection of information in computer systems

Related Papers (5)

Design Patterns: Elements of Reusable Object-Oriented Software

From Dalang to Kava - The Evolution of a Reflective Java Extension

The protection of information in computer systems

Verifying the Consistency of Security Policies by Abstracting into Security Types

A framework for translating a high level security policy into low level security mechanisms