JPolicy: a Java extension for dynamic access control
Abstract
The development of remote execution platforms, where service hosts accept code from third party clients and run it on their behalf, provides a powerful alternative to the RPC model of clients invoking remote services over a network. A major concern for service hosts is to control access and usage of their own services and resources, whether the client code is being executed by the service host itself or operating remotely and using RPC. We introduce a set of extensions to Java that enables service hosts to control how their services may be used by client Java programs, according to a specified policy. We separate the policies from the services being controlled, rather than fixing the policy at compile-time or load-time. A novel aspect of this work is that the policies allow dynamic access control to services: the availability of service functionality can vary during execution. Furthermore, we support the changing of policies at run-time without modification to service code or clients. We describe our implementation of these language extensions and show how the system enables service providers to enforce policies that protect their resources and services from undesirable client code behaviour.
@TechReport\{owen.rathke.wakeman:jpolicy-Java-extension,
author = \{T. Owen and J. Rathke and I. Wakeman},
title = \{JPolicy: a Java extension for dynamic access control},
institution = \{University of Sussex},
year = \{2004},
type = \{Informatics Computer Science R},
number = \{2004:01},
url = \{http://mikado.di.fc.ul.pt/repository/owen.rathke.wakeman_jpolicy-Java-extension.ps}
}
About this site. Last modified: Wed Apr 24 15:44:20 CEST 2024