Java run-time security policies

Spring 2009

Student
Anthony Felice
Advisor
Lujo Bauer
Project description

The aim of this project is to further the development of the Polymer security system for Java 2 Mobile Edition (J2ME). Polymer is a specification language and enforcement system that enforces pre-specified security policies on untrusted Java applications by rewriting the applications prior to run time. When an application attempts to execute a security sensitive action, Polymer is consulted to approve the action; outcomes range from proceeding normally to halting the program.

Polymer was originally developed in J2SE and is in the process of being ported to J2ME. Due to differences between the two environments, the strategy for rewriting a target application will be significantly different in J2ME. Particular challenges include implementing support for Insertion Suggestions and Complete Mediation. A policy can react to an Action object (a description of a behavior attempted by the target program) by issuing a Suggestion. Insertion Suggestions express a policy's intention to react to an attempted behavior by first executing (inserting) some remedial actions. This functionality is currently not present in Polymer J2ME; in Polymer J2SE the Reflection API was used, which is not available in J2ME. Polymer's Policy Compiler needs to be modified to support Insertion Suggestions for Polymer J2ME. Additionally, Polymer currently only monitors method calls in the user code. With support for Complete Mediation, all method calls invoked during a particular run of the program, including methods called by other methods, will be captured by Polymer.

Return to project list