An approach to safe object sharing

1 October 2000

proceedings article
Published by Association for Computing Machinery (ACM)

Vol. 35 (10) , 367-381
https://doi.org/10.1145/353171.353196

Abstract

It is essential for security to be able to isolate mistrusting programs from one another, and to protect the host platform from programs. Isolation is difficult in object-oriented systems because objects can easily become aliased. Aliases that cross program boundaries can allow programs to exchange information without using a system provided interface that could control information exchange. In Java, mistrusting programs are placed in distinct loader spaces but uncontrolled sharing of system classes can still lead to aliases between programs. This paper presents the object spaces protection model for an object-oriented system. The model decomposes an application into a set of spaces, and each object is assigned to one space. All method calls between objects in different spaces are mediated by a security policy. An implementation of the model in Java is presented.

Keywords

This publication has 13 references indexed in Scilit:

Application isolation in the Java Virtual Machine
Published by Association for Computing Machinery (ACM) ,2000
Confined types
Published by Association for Computing Machinery (ACM) ,1999
JFlow
Published by Association for Computing Machinery (ACM) ,1999
Dynamic class loading in the Java virtual machine
ACM SIGPLAN Notices, 1998
Security properties of typed applets
Published by Association for Computing Machinery (ACM) ,1998
The use of name spaces in Plan 9
ACM SIGOPS Operating Systems Review, 1993
The Geneva convention on the treatment of object aliasing
ACM SIGPLAN OOPS Messenger, 1992
Islands
Published by Association for Computing Machinery (ACM) ,1991
Protection in the Hydra Operating System
Published by Association for Computing Machinery (ACM) ,1975
A note on the confinement problem
Communications of the ACM, 1973