Inferring java security policies through dynamic sandboxing

Hajime Inoue, Stephanie Forrest

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

Complex enterprise and server-level applications are often written in Java because of its reputation for security. The Java policy language allows users to specify very fine-grained and complex security policies. However, this expressiveness makes it difficult to determine the correct policy with respect to the principle of least privilege. We describe a method for automatically learning the minimum security policy called dynamic sandboxing. A minimal sandbox (security policy) is inferred by observing program execution and expressed in the standard Java policy language. The minimum policy stops Java exploits and learning the policy does not cripple performance, allowing applications to run normally during training.

Original languageEnglish (US)
Title of host publicationProceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05
Pages151-157
Number of pages7
StatePublished - Dec 1 2005
Event2005 International Conference on Programming Languages and Compilers, PLC'05 - Las Vegas, NV, United States
Duration: Jun 27 2005Jun 30 2005

Publication series

NameProceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05

Other

Other2005 International Conference on Programming Languages and Compilers, PLC'05
CountryUnited States
CityLas Vegas, NV
Period6/27/056/30/05

    Fingerprint

Keywords

  • Computer security
  • Java
  • Policy inference
  • Policy language
  • Principle of least privilege
  • Security policy

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Cite this

Inoue, H., & Forrest, S. (2005). Inferring java security policies through dynamic sandboxing. In Proceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05 (pp. 151-157). (Proceedings of the 2005 International Conference on Programming Languages and Compilers, PLC'05).