The Java execution environment includes several security mechanisms. They are found in the language itself, in the class loader, in the class verifier and in the sandbox in which bytecode is executed. The sandbox isolates the executed bytecode from the host on which the Java Virtual Machine (JVM) is executed. The security policy enforced by the sandbox can be configured depending on who runs a program and the origin of the program and offers fine-grained mechanisms to control resource access. However the security policy language offers no higher-level paradigms, such as the abstraction of users into roles, to enable the management of Java security policies into large infrastructures. Moreover those policies are static and cannot change depending on the state of the environment into which they are deployed. We propose in this article an approach to use the OrBAC model to configure the sandbox security policy, allowing the use of an implementation-independent policy language which offers facilities to manage large sets of JVMs, enables the expression of dynamic security policies and offers an advanced administration model.
Weitere Kapitel dieses Buchs durch Wischen aufrufen
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
- Enabling Dynamic Security Policy in the Java Security Manager
- Springer Berlin Heidelberg
Neuer Inhalt/© ITandMEDIA