A Flexible Access Control Service for Java Mobile Code

Mobile Code (MC) technologies provide appealing solutions for the development of Internet applications. For instance, Java technology facilitates dynamic loading of application code Pom remote servers into heterogeneous clients distributed all over the Internet. However, executing foreign code that has been 1oadedfi.om the network raises signixcant security concerns which limit the diffusion of these technologies. Substantial work has already been done to provide security solutions for protecting both hosting nodes and mobile code. For example, the Java security architecture evolvedfiom a rigid sandbox model to a more flexible solution where downloaded code can perform any kind of operations, depending on its source location and signature. However, the most widespread security solutions for MCplatforms today do not support the sophisticated security policies required in modern inter-organisational environments. This requires expressive languages to specifi the policy and flexible mechanisms for policy implementation which cater for code mobility. This paper shows how access control policies for MC based applications can be specified in a concise and declarative language called Ponder and how these policies can be implemented within the Java security architecture.