by Selim Aissi, Intel R&D, Intel Corp.
The tremendous new potential offered by distributed computing, inside and outside the home and business, also carries with it the necessity to exercise certain security safeguards. As distributed, mobile, and executable content moves among devices, the opportunity for security breaches increases dramatically. Also, as device-to-device e-Commerce services become more automated [11], new types of security threats are emerging. With these drastic changes in computing models comes a greater need for robust application security.
For example, "executable content" is the idea of sending code to a remote compute engine to be executed. In addition to flexibility and expressiveness, executable content brings new potential problems. A program received from a remote source must be regarded as non-trusted to some degree, and its access to certain resources must be restricted. However, this new execution model is not bound by the limitations of the operating system because the runtime environment enforces the security policies based on the code's origin. Both the Java* Runtime Environment (JRE) and .NET Framework Common Language Runtime (CLR) security models have the following common security features: language type-safety, bytecode verification, runtime type checking, name space separation via class loading, and fine-grained access control.
This paper compares the JRE and the CLR evolutionary security mechanisms. The paper also compares the two models to the Clark-Wilson security model, a formal, application-level model used to ensure the integrity of commercial data. The Clark-Wilson model is a formal presentation of the security policy enforced by a system, and it is useful for testing a policy for completeness and consistency. It also helps describe what specific mechanisms are necessary to implement a security policy.
Besides exploring the nature and scope of the sandbox-based JRE and CLR security models and comparing them to the Clark-Wilson integrity model, this paper also provides some insight into the future of runtime security.
Read the entire white paper: click link, below.
© 2004 Intel Corp.
>
 | ClickOnce - reduce the challenges of mobilized software deployment by 3 Leaf Solutions, Ltd. Intel Corp. This article introduces the n... |
| Combining Linux Message Passing and Threading in High-Performance Computing by Andrew Binstock, principal analyst, Pacific Data Works LLC. Intel C... |
| Mobilizing software: a new era of asynchronous productivity by Chris S. Thomas and Matt Gillespie. Intel Corp. Wireless compu... |
If you're interested in this topic, these articles may be helpful:
| Mask your Web server for enhanced security by Joe Lima, director of product development, Port80 Software Inc. ... |
| Getting practical about wireless security, part 1: building a wireless sniffer with Perl by Peter Seebach, freelance writer. First published by IBM at IBM dev... |
| The pillars of application quality: security, functionality, and performance testing from SPI Dynamics Inc. As enterprises put more essential daily busi... |
| Specification and validation of enterprise access-control data for conformance to model and policy constraints by Ramaswamy Chandramouli, Computer Security Division, ITL, National... |
| Wireless application security: what's up with that? from Intel Corp. The world of mobile data presents many uniqu... |
Related Jobs:
| Program Manager #134884 - WA - Redmond - Microsoft Corporation The BizTalk Server & Tools team is looking for an experienced Program ... |
| Program Manager #147530 - WA - Redmond - Microsoft Corporation Are you looking for the opportunity to be a Release Program Manager fo... |
| Program Manager #138373 - WA - Redmond - Microsoft Corporation How do Windows Forms and Avalon work together? Come to the .NET client... |
| Software Development Engineer #146912 - WA - Redmond - Microsoft Corporation Are you passionate about core database engine technologies? Do you wan... |
| Software Development Engineer in Test #132992 - WA - Redmond - Microsoft Corporation This is it! Want to contribute to new security technology that helps s... |
| Application Admin #265 - MN - Eden Prairie - ShopNBC Job Title: Application Admin Description: Job Title: Application A... |
| Software Development Engineer #150436 - WA - Redmond - Microsoft Corporation Axapta has a domain specific programming language, X++, which is optim... |
| Software Development Engineer #139347 - WA - Redmond - Microsoft Corporation This is an opportunity to help define and shape the direction of Acces... |
| Principal Engineer - Java and OO Technology #3183 - CA - Pasadena - EarthLink, Inc. Principal Engineer - Java and OO Technology posted 11/04/05 ... |
| Software Development Engineer #145205 - WA - Redmond - Microsoft Corporation Small computing devices are changing the world as the computing horsep... |
