Journal Article10.1109/4236.735985
Securing systems against external programs
17
TL;DR: This work focuses solely on protecting a host from external programs, and addresses the problem of protecting the communication medium or protecting an external program from runtime systems by systematically outlining security issues and classifying current solutions.
read more
Abstract: Internet users routinely and often unknowingly download and run programs, such as Java applets; and some Web servers let users upload external programs and run them on the server. Although the practice of executing these external programs has the sanction of widespread use, its security implications haven't yet been systematically addressed. In the brief, dynamic history of the Internet, such a situation is not unusual. New communication mechanisms and computing paradigms are often implemented before the security issues they engender have been rigorously analyzed. Our goal is to address this problem in the subdomain of external programs by systematically outlining security issues and classifying current solutions. Our focus is solely on protecting a host from external programs. We do not address the problem of protecting the communication medium or protecting an external program from runtime systems. Furthermore, we do not address the problem of correctly identifying the source of an external program (authentication). We start our inquiry by reviewing the relevant models of computation, followed by an overview of the security problems associated with them. We then classify both the problems and the existing solutions using a resource-centric model that distinguishes problems associated with resource access from those associated with resource consumption. Finally, we classify solutions to each problem according to how and when they are applied.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
Malicious mobile code runtime monitoring system and methods
Yigal Edery,Nimrod Itzhak Vered,David R. Kroll,Shlomo Touboul +3 more
- 11 Feb 2015
TL;DR: In this paper, a mobile protection code (MPC) is used to prevent malicious downloadable operation attempts to be received by the MPC and causing corresponding corresponding corresponding operations to be executed in response to the attempts.
303
Applications of agent technology in communications: a review
TL;DR: This paper reviews the software agent technology applications in communications with more emphasis on mobile agents since it is an emerging agent technology.
133
Supporting reconfigurable security policies for mobile programs
B. Hashii,S. Malabarba,Raju Pandey,Matt Bishop +3 more
- 01 Jun 2000
TL;DR: This paper presents the design and implementation of a security infrastructure built around an event=response mechanism, in which a response is executed when a security-related event occurs, and supports a fine-grained, conditional access control language, and enforce policies by instrumenting the bytecode of protected classes.
Secure execution environment for Java electronic services
Almut Herzog
- 01 Jan 2002
TL;DR: Security for the private home as a prerequisite for end user acceptance is the motivation for this approach, and requirements that prevent e-services on the Java execution platform from harming other e- services on the same or other network nodes are established.
32
Usable Security Policies for Runtime Environments
Almut Herzog
- 01 Jan 2007
TL;DR: The runtime environments provided by application-level virtual machines such as the Java Virtual Machine or the .NET Common Language Runtime are attractive for Internet application providers because of their ease of integration and extensibility.
References
Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment
C. L. Liu,James W. Layland +1 more
TL;DR: The problem of multiprogram scheduling on a single processor is studied from the viewpoint of the characteristics peculiar to the program functions that need guaranteed service and it is shown that an optimum fixed priority scheduler possesses an upper bound to processor utilization.
Efficient software-based fault isolation
Robert Wahbe,Steven Lucco,Thomas Anderson,Susan L. Graham +3 more
- 01 Dec 1993
TL;DR: It is demonstrated that for frequently communicating modules, implementing fault isolation in software rather than hardware can substantially improve end-to-end application performance.
RBPDB: a database of RNA-binding specificities
TL;DR: The RNA-Binding Protein DataBase (RBPDB) is a collection of experimental observations of RNA-binding sites, both in vitro and in vivo, manually curated from primary literature, which contains binding data on 272 RBPs.
1.1K
Extensibility safety and performance in the SPIN operating system
Brian N. Bershad,Stefan Savage,Przemysław Pardyak,Emin Gün Sirer,Marc E. Fiuczynski,David Becker,Craig Chambers,Susan J. Eggers +7 more
- 03 Dec 1995
TL;DR: This paper describes the motivation, architecture and performance of SPIN, an extensible operating system that provides an extension infrastructure together with a core set of extensible services that allow applications to safely change the operating system's interface and implementation.
Safe kernel extensions without run-time checking
George C. Necula,Peter Lee +1 more
- 28 Oct 1996
TL;DR: PCC binaries can be executed with no run-time over-head, beyond a one-time cost of 1 to 3 milliseconds for validating the enclosed proofs, and are formally guaranteed to be safe and are faster than packet filters created using Berkeley Packet Filters, Software Fault Isolation, or safe languages such as Modula-3.