16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana

Extending Java for Package Based Access Control

Mauricio Papa, Oliver Bremer, Rodrigo Chandia, John Hale & Sujeet Shenoi
University of Tulsa

This paper describes an extension of the Java language that provides ``programmable security.'' The approach augments the Java syntax with constructs for specifying various access control policies for Java packages, including DAC, MAC, RBAC and TBAC. A primitive ticket based mechanism serves as the foundation for programmable security. The implementation incorporates a preprocessor for language translation and a security service library that implements the ticket management infrastructure. The preprocessor translates the extended Java source code to native Java for eventual bytecode interpretation, simultaneously binding security services to the native code. The design is simple and flexible, and provides developers with an effective tool for "programming" security within Java packages.

Read Paper Read Paper (in PDF)