Secure execution of Java applets using a remote playground
- 27 November 2002
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- No. 10816011,p. 40-51
- https://doi.org/10.1109/secpri.1998.674822
Abstract
Mobile code presents a number of threats to machines that execute it. We introduce an approach for protecting machines and the resources they hold from mobile code, and describe a system based on our approach for protecting host machines from Java 1.1 applets. In our approach, each Java applet downloaded to the protected domain is rerouted to a dedicated machine (or set of machines), the playground, at which it is executed. Prior to execution, the applet is transformed to use the downloading user's Web browser as a graphics terminal for its input and output, and so the user has the illusion that the applet is running on her own machine. In reality, however, mobile code runs only in the sanitized environment of the playground, where user files cannot be mounted and from which only limited network connections are accepted by machines in the protected domain. Our playground thus provides a second level of defense against mobile code that circumvents language based defenses.Keywords
This publication has 6 references indexed in Scilit:
- Java security: from HotJava to Netscape and beyondPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Blocking Java applets at the firewallPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Extensible security architectures for JavaPublished by Association for Computing Machinery (ACM) ,1997
- Java security: present and near futureIEEE Micro, 1997
- Safe kernel extensions without run-time checkingPublished by Association for Computing Machinery (ACM) ,1996
- Scale and performance in a distributed file systemACM Transactions on Computer Systems, 1988