Report ID
1998-09
Report Authors
Guy Edjlali, Anurag Acharya, and Vipin Chaudhary
Report Date
Abstract
In this paper, we present a history-based access-control mechanism that issuitable for mediating accesses from mobile code. The key idea behindhistory-based access-control is to maintain a selective history of the accessrequests made by individual programs and to use this history to improve thedifferentiation between safe and potentially dangerous requests. What aprogram is allowed to do depends on its own behavior andidentity and not the location it was loaded from or the identity of itsauthor/provider. History-based access-control has the potential tosignificantly expand the set of programs that can be executed withoutcompromising security or ease of use. We describe the design andimplementation of Deeds, a history-based access-control mechanism forJava. Access-control policies for Deeds are written in Java, and canbe updated while the programs whose accesses are being mediated are stillexecuting.
Document
1998-09.ps108.45 KB