Containment and Integrity for Mobile Code

Containment and Integrity for Mobile Code

Principal Investigators:

Fred B. Schneider
Computer Science Department
Upson Hall
Cornell University
Ithaca, New York
Tel. (607) 255-9221
FAX (607) 255-4428
fbs@cs.cornell.edu
Andrew Myers
Computer Science Department
Upson Hall
Cornell University
Ithaca, New York
Tel. (607) 255-8597
FAX (607) 255-4428
andru@cs.cornell.edu

Project Overview:

Increasingly, networked information systems are built that use extensible components and span hosts having different levels of trust in each other. Enforcing security policies in this setting is crucial, as our nation's critical infrastructures come to depend on such systems. Key elements of any solution will include flexible support and efficient implementations of fine-grained access control, application-level security policies that take into account the source as well as the contents of information being used in authorization decisions, and combinations of fault-tolerance and security properties. Addressing these new needs is the objective of this research project.

Language Based Security. A new family of security policy-enforcement techniques is emerging. These new techniques are made possible by advances in the general area of programming languages:


Composing Fault-Tolerance and Security. Replication enhances fault-tolerance but, unless done carefully, can lead to systems with greater vulnerability to attack. In particular, once servers are replicated, it must not be possible for an attacker compromise the secrecy or integrity of the service.


Inlined Reference Monitors for Enforcing Security Policies:


Static Analysis for Controlling Information Flow:


Distributed Trust:


Fault-tolerant and Secure Mobile Code:


Other Publications: