Inferring java security policies through dynamic sandboxing

Hajime Inoue, Stephanie Forrest

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

Complex enterprise and server-level applications are often written in Java because of its reputation for security. The Java policy language allows users to specify very fine-grained and complex security policies. However, this expressiveness makes it difficult to determine the correct policy with respect to the principle of least privilege. We describe a method for automatically learning the minimum security policy called dynamic sandboxing. A minimal sandbox (security policy) is inferred by observing program execution and expressed in the standard Java policy language. The minimum policy stops Java exploits and learning the policy does not cripple performance, allowing applications to run normally during training.

Original languageEnglish (US)
Title of host publicationProceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05
Pages151-157
Number of pages7
StatePublished - Dec 1 2005
Externally publishedYes
Event2005 International Conference on Programming Languages and Compilers, PLC'05 - Las Vegas, NV, United States
Duration: Jun 27 2005Jun 30 2005

Other

Other2005 International Conference on Programming Languages and Compilers, PLC'05
CountryUnited States
CityLas Vegas, NV
Period6/27/056/30/05

Fingerprint

Servers
Industry

Keywords

  • Computer security
  • Java
  • Policy inference
  • Policy language
  • Principle of least privilege
  • Security policy

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Cite this

Inoue, H., & Forrest, S. (2005). Inferring java security policies through dynamic sandboxing. In Proceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05 (pp. 151-157)

Inferring java security policies through dynamic sandboxing. / Inoue, Hajime; Forrest, Stephanie.

Proceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05. 2005. p. 151-157.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Inoue, H & Forrest, S 2005, Inferring java security policies through dynamic sandboxing. in Proceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05. pp. 151-157, 2005 International Conference on Programming Languages and Compilers, PLC'05, Las Vegas, NV, United States, 6/27/05.
Inoue H, Forrest S. Inferring java security policies through dynamic sandboxing. In Proceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05. 2005. p. 151-157
Inoue, Hajime ; Forrest, Stephanie. / Inferring java security policies through dynamic sandboxing. Proceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05. 2005. pp. 151-157
@inproceedings{81598cc5d84746e9827c51a3e660e987,
title = "Inferring java security policies through dynamic sandboxing",
abstract = "Complex enterprise and server-level applications are often written in Java because of its reputation for security. The Java policy language allows users to specify very fine-grained and complex security policies. However, this expressiveness makes it difficult to determine the correct policy with respect to the principle of least privilege. We describe a method for automatically learning the minimum security policy called dynamic sandboxing. A minimal sandbox (security policy) is inferred by observing program execution and expressed in the standard Java policy language. The minimum policy stops Java exploits and learning the policy does not cripple performance, allowing applications to run normally during training.",
keywords = "Computer security, Java, Policy inference, Policy language, Principle of least privilege, Security policy",
author = "Hajime Inoue and Stephanie Forrest",
year = "2005",
month = "12",
day = "1",
language = "English (US)",
isbn = "9781932415759",
pages = "151--157",
booktitle = "Proceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05",

}

TY - GEN

T1 - Inferring java security policies through dynamic sandboxing

AU - Inoue, Hajime

AU - Forrest, Stephanie

PY - 2005/12/1

Y1 - 2005/12/1

N2 - Complex enterprise and server-level applications are often written in Java because of its reputation for security. The Java policy language allows users to specify very fine-grained and complex security policies. However, this expressiveness makes it difficult to determine the correct policy with respect to the principle of least privilege. We describe a method for automatically learning the minimum security policy called dynamic sandboxing. A minimal sandbox (security policy) is inferred by observing program execution and expressed in the standard Java policy language. The minimum policy stops Java exploits and learning the policy does not cripple performance, allowing applications to run normally during training.

AB - Complex enterprise and server-level applications are often written in Java because of its reputation for security. The Java policy language allows users to specify very fine-grained and complex security policies. However, this expressiveness makes it difficult to determine the correct policy with respect to the principle of least privilege. We describe a method for automatically learning the minimum security policy called dynamic sandboxing. A minimal sandbox (security policy) is inferred by observing program execution and expressed in the standard Java policy language. The minimum policy stops Java exploits and learning the policy does not cripple performance, allowing applications to run normally during training.

KW - Computer security

KW - Java

KW - Policy inference

KW - Policy language

KW - Principle of least privilege

KW - Security policy

UR - http://www.scopus.com/inward/record.url?scp=60749135034&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=60749135034&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:60749135034

SN - 9781932415759

SP - 151

EP - 157

BT - Proceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05

ER -