Nested Java processes

Patrick Tullman, Jay Lepreau
1998 Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications - EW 8  
The majority of work on protection in single-language mobile code environments focuses on information security issues and depends on the language environment for solutions to the problems of resource management and process isolation. We believe that what is needed in these environments are not ad-hoc or incremental changes but a coherent approach to security, failure isolation, and resource management. Protection, separation, and control of the resources used by mutually untrusting components,
more » ... pplets, applications, or agents are exactly the same problems faced by multi-user operating systems. We believe that real solutions will come only if an OS model is uniformly applied to these environments. We present Alta, our prototype Java-based system patterned on Fluke, a highly structured, hardware-based OS, and report on its features appropriate to mobile code. Software-based Approaches Java started with the "sandbox," which was limited to providing all-or-nothing access control, depending on whether the source of the code was local or remote. Finding this policy far too limiting, JavaSoft relaxed the sandbox model in JDK 1.2 [13], which introduces access control lists (ACLs) and signed code. However, policies in the JDK are expressed via ACLs (making it error prone at large scale, just like ACLs in Unix) and there is no notion of user authentication-principals are tied to code signatures. Additionally, protection domains are only created implicitly, through code loading.
doi:10.1145/319195.319212 dblp:conf/sigopsE/TullmanL98 fatcat:hr34vh44qfhrxoziwgk3idr7ui