We propose an extension to the security model of Java, that allows for specifying, analysing and enforcing history-based usage policies. Policies are defined by usage automata, that recognize the forbidden execution histories. Programmers can sandbox an untrusted piece of code with a policy, which is enforced at run-time through its local scope. A static analysis allows for optimizing the execution monitor: only the policies not guaranteed to be always obeyed will be enforced at run-time.
|Titolo:||Securing Java with local policies|
BARTOLETTI, MASSIMO (Corresponding)
|Data di pubblicazione:||2009|
|Tipologia:||1.1 Articolo in rivista|