Providing Fine-Grained Access Control for Mobile Programs Through Binary Editing

Abstract

With the advent of WWW, there is considerable interest in programs that can migrate from one host to another and execute. For instance, Java programs are increasingly being used to add dynamic content to a web page. When a user accesses the web page through a browser, the browser migrates the Java program and executes it at the user's site. Mobile programs are appealing because they support efficient utilization of network resources and extensibility of information servers. However, since they cross administrative domains, they have the ability to access a host site's protected resources. For instance, they can potentially read a user's private files, access and modify personal information, and steal proprietary information. In this paper, we present a novel approach for allowing a site to protect and control the local resources that external Java programs can access. In this approach, a site uses a declarative policy language to specify a set of constraints on accesses to local resources and the conditions under which they apply. A set of code transformation tools enforce these constraints on a Java program by integrating the code for checking access constraints into the program and the site's resource definitions. Executions of the resulting modified mobile program and resources satisfy all access constraints, thereby protecting the site's resources. Because this approach does not require resources to make an explicit call to a reference monitor, as implemented in the Java runtime system, the approach does not depend upon a particular runtime system implementation.