Using the Java Sandbox for Resource Control

Java’s security architecture is well known for not taking the security aspect of availability into account. This has been recognised and addressed by a number of researchers and communities. However, in their suggested resourceaware Java environments, policies for resource control have so far been stated in proprietary, sometimes hard-coded, or undocumented ways. We set out to investigate if standard Java permission syntax can be used to formulate policies for resource management of high-level resources and if the enforcement of resource policies can successfully be done by the standard Java access controller. Such a solution would neatly fit in the existing Java security architecture. We have implemented resource control for the serial port and for the file system by using the Java permission syntax for stating policies and the standard Java access controller as the enforcement mechanism. The implementation was straightforward and resulted in an API useful also for control of other high-level resources than the serial port and file system. A performance test showed that such resource management easily leads to excessive invocations of the access controller and that optimisation steps are necessary to prevent performance penalties.