Providing Fine-Grained Access Control For Mobile Programs Through Binary Editing

With the advent of WWW, there is considerable interest in programs that can migrate from one host to another and execute. For instance, Java programs are increasingly being used to add dynamic content to a web page. When a user accesses the web page through a browser, the browser migrates the Java program and executes it at the user’s site. Mobile programs are appealing because they support efficient utilization of network resources and extensibility of information servers. However, since they cross administrative domains, they have the ability to access a host site’s protected resources. For instance, they can potentially read a user’s private files, access and modify personal information, and steal proprietary information. In this paper, we present a novel approach for allowing a site to protect and control the local resources that external Java programs can access. In this approach, a site uses a declarative policy language to specify a set of constraints on accesses to local resources and the conditions under which they apply. A set of code transformation tools enforce these constraints on a Java program by integrating the code for checking access constraints into the program and the site’s resource definitions. Executions of the resulting modified mobile program and resources satisfy all access constraints, thereby protecting the site’s resources. Because this approach does not require resources to make an explicit call to a reference monitor, as implemented in the Java runtime system, the approach does not depend upon a particular runtime system implementation. This work is supported by the Defense Advanced Research Project Agency (DARPA) and Rome Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-97-1-0221. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Defense Advanced Research Project Agency (DARPA), Rome Laboratory, or the U.S. Government.