Download Printable PDF

Inlined Reference Monitors for Java Bytecode

The problem of information security has become critical because of the growing dependence of the economy on complex networked information systems. Specification and enforcement of security policies is difficult even when policy-setting authorities have complete control over and knowledge of the target software. In an environment where mobile code is being used, security policy enforcement is even more difficult because little is known about the code being executed.

Under an NIST SBIR grant, GrammaTech will develop mechanisms for specifying and enforcing security policies for mobile code that work by inserting fragments of code into programs in order to monitor their state and prevent them from violating security policies. The proposed system will allow arbitrary policies to be specified independently by different policy-setting authorities. We will apply this approach, named Inlined Reference Monitors (IRMs), to Java bytecodes. We believe that advanced static-analysis techniques, in particular those embodied in our own dependence-graph technology, are crucial to allow this to be done efficiently and fully automatically.

The IRM approach is important because administrators and users can transparently tailor policies on a per-application basis, without requiring access to source code or operating system internals. We believe that this approach holds great promise for enforcing security policies, and propose to transition these techniques from academia and commercialize them for widespread use.


Free Trial | Products | Customers | Support | News | Jobs | About Us         © 2007-2008, GrammaTech, Inc. All rights reserved.