Saving the world from bad beans
- 26 October 2003
- proceedings article
- Published by Association for Computing Machinery (ACM)
- Vol. 38 (11) , 374-387
- https://doi.org/10.1145/949305.949339
Abstract
The Enterprise JavaBeans (EJB) framework requires developers to preserve architectural integrity constraints when writing EJB components. Breaking these constraints allows components to violate the transaction protocol, bypass security mechanisms, disable object persistence, and be susceptible to malicious attacks from other EJBs. We present an object confinement discipline that allows static verification of components' integrity as they are deployed into an EJB server. The confinement rules are simple for developers to understand, require no annotation to the code of EJB components, and can be efficiently enforced in existing EJB servers.Keywords
This publication has 18 references indexed in Scilit:
- Mechanisms for secure modular programming in JavaSoftware: Practice and Experience, 2003
- External Uniqueness Is Unique EnoughPublished by Springer Nature ,2003
- Representation independence, confinement and access control [extended abstract]Published by Association for Computing Machinery (ACM) ,2002
- Alias annotations for program understandingPublished by Association for Computing Machinery (ACM) ,2002
- Ownership types for safe programmingPublished by Association for Computing Machinery (ACM) ,2002
- A certifying compiler for JavaACM SIGPLAN Notices, 2000
- Escape analysis for object-oriented languagesPublished by Association for Computing Machinery (ACM) ,1999
- Ownership types for flexible alias protectionPublished by Association for Computing Machinery (ACM) ,1998
- The Geneva convention on the treatment of object aliasingACM SIGPLAN OOPS Messenger, 1992
- A note on the confinement problemCommunications of the ACM, 1973