Inferring Java Security Policies Through Dynamic Sandboxing

Complex enterprise and server-level applications are often written in Java because of its reputation for security. The Java policy language allows users to specify very fine-grained and complex security policies. However, this expressiveness makes it difficult to determine the correct policy with respect to the principle of least privilege. We describe a method for automatically learning the minimum security policy called dynamic sandboxing. A minimal sandbox (security policy) is inferred by observing program execution and expressed in the standard Java policy language. The minimum policy stops Java exploits and learning the policy does not cripple performance, allowing applications to run normally during training.