by Selim Aissi, Intel R&D, Intel Corp.
The tremendous new potential offered by distributed computing, inside and outside the home and business, also carries with it the necessity to exercise certain security safeguards. As distributed, mobile, and executable content moves among devices, the opportunity for security breaches increases dramatically. Also, as device-to-device e-Commerce services become more automated [11], new types of security threats are emerging. With these drastic changes in computing models comes a greater need for robust application security.
For example, "executable content" is the idea of sending code to a remote compute engine to be executed. In addition to flexibility and expressiveness, executable content brings new potential problems. A program received from a remote source must be regarded as non-trusted to some degree, and its access to certain resources must be restricted. However, this new execution model is not bound by the limitations of the operating system because the runtime environment enforces the security policies based on the code's origin. Both the Java* Runtime Environment (JRE) and .NET Framework Common Language Runtime (CLR) security models have the following common security features: language type-safety, bytecode verification, runtime type checking, name space separation via class loading, and fine-grained access control.
This paper compares the JRE and the CLR evolutionary security mechanisms. The paper also compares the two models to the Clark-Wilson security model, a formal, application-level model used to ensure the integrity of commercial data. The Clark-Wilson model is a formal presentation of the security policy enforced by a system, and it is useful for testing a policy for completeness and consistency. It also helps describe what specific mechanisms are necessary to implement a security policy.
Besides exploring the nature and scope of the sandbox-based JRE and CLR security models and comparing them to the Clark-Wilson integrity model, this paper also provides some insight into the future of runtime security.
Read the entire white paper: click link, below.
© 2004 Intel Corp.
>
 | Combining Linux Message Passing and Threading in High-Performance Computing by Andrew Binstock, principal analyst, Pacific Data Works LLC. Intel C... |
| ClickOnce - reduce the challenges of mobilized software deployment by 3 Leaf Solutions, Ltd. Intel Corp. This article introduces the n... |
| Mobilizing software: a new era of asynchronous productivity by Chris S. Thomas and Matt Gillespie. Intel Corp. Wireless compu... |
If you're interested in this topic, these articles may be helpful:
| Wireless application security: what's up with that? from Intel Corp. The world of mobile data presents many uniqu... |
| The pillars of application quality: security, functionality, and performance testing from SPI Dynamics Inc. As enterprises put more essential daily busi... |
| Getting practical about wireless security, part 1: building a wireless sniffer with Perl by Peter Seebach, freelance writer. First published by IBM at IBM dev... |
| Mask your Web server for enhanced security by Joe Lima, director of product development, Port80 Software Inc. ... |
| Specification and validation of enterprise access-control data for conformance to model and policy constraints by Ramaswamy Chandramouli, Computer Security Division, ITL, National... |
Related Jobs:
| Software Development Engineer #150436 - WA - Redmond - Microsoft Corporation Axapta has a domain specific programming language, X++, which is optim... |
| Software Development Engineer #138730 - WA - Redmond - Microsoft Corporation Small computing devices are changing the world as the computing horsep... |
| Program Manager #143755 - WA - Redmond - Microsoft Corporation Job Description: The primary function of this role is to be the testi... |
| Software Development Engineer #145205 - WA - Redmond - Microsoft Corporation Small computing devices are changing the world as the computing horsep... |
| Software Development Engineer #133202 - WA - Redmond - Microsoft Corporation Would you be interested in taking the Visual Studio IDE to the next ge... |
| Software Development Engineer in Test #135396 - WA - Redmond - Microsoft Corporation This is it! Want to contribute to new security technology that helps s... |
| Software Developer 3 #IRC280965 - CA - Redwood Shores - Oracle The Oracle JDBC product provides the industry fastest and most compreh... |
| Program Manager #134884 - WA - Redmond - Microsoft Corporation The BizTalk Server & Tools team is looking for an experienced Program ... |
| Database Administrator #2372031 - NY - Rochester - Ajilon Description : Our firm is currently looking for a Database Administr... |
| Software Development Engineer #138731 - WA - Redmond - Microsoft Corporation Small computing devices are changing the world as the computing horsep... |
