Manditory Access Control for Java

This paper presents manditory access control (MAC) in Java. Below is an excerpt:

… we have extended the JVM with functionality to do mandatory access control at the
granularity of objects. Our implementation strictly separates the enforcement mechanism from the
specification of polices. This allows flexible specification and enforcement of a wide range of
policies. Moreover, we show that these techniques are implementable in current JVMs with minimal
modifications to other JVM subsystems, while maintaining full backwards compatibility.

We have implemented this by adding an access control tag to each object, and modifying the virtual
machine to check that tag at every data access to an object. Policies will take the form of predicates
over these access control tags. Since mechanism and policy are strictly separated, various
policies can be plugged in to the VM.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s