Flexible policy-directed code safety

@article{Evans1999FlexiblePC,
  title={Flexible policy-directed code safety},
  author={David E. Evans and Andrew Twyman},
  journal={Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)},
  year={1999},
  pages={32-45}
}
The article introduces a new approach to code safety. We present Naccio, a system architecture that allows a large class of safety policies to be expressed in a general and platform-independent way. Policies are defined in terms of abstract resource manipulations. We describe mechanisms that can be used to efficiently and conveniently enforce these safety policies by transforming programs. We are developing implementations of Naccio that enforce policies on JavaVM classes and Win32 executables… CONTINUE READING

Similar Papers

Figures, Tables, and Topics from this paper.

Citations

Publications citing this paper.
SHOWING 1-10 OF 170 CITATIONS

Composing expressive runtime security policies

  • ACM Trans. Softw. Eng. Methodol.
  • 2009
VIEW 7 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Analyzing security advice in functional aspect-oriented programming languages

VIEW 6 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Utilizing Binary Rewriting for Improving End-Host Security

  • IEEE Transactions on Parallel and Distributed Systems
  • 2007
VIEW 6 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Computability classes for enforcement mechanisms

  • ACM Trans. Program. Lang. Syst.
  • 2006
VIEW 8 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Policy-driven reflective enforcement of security policies

VIEW 5 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Current Approaches to Policy based Security

VIEW 6 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

FILTER CITATIONS BY YEAR

1997
2018

CITATION STATISTICS

  • 29 Highly Influenced Citations

References

Publications referenced by this paper.
SHOWING 1-10 OF 19 REFERENCES

A New Approach to Mobile Code Security

Dan S. Wallach
  • PhD Thesis,
  • 1999
VIEW 1 EXCERPT

Automatic Program Transformation with JOIE

  • USENIX Annual Technical Conference
  • 1998
VIEW 1 EXCERPT

Understanding Java stack inspection

  • Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186)
  • 1998
VIEW 1 EXCERPT

MiSFIT: A Tool for Construction Safe Extensible C++ Systems

Christopher Small, Margo Seltzer
  • Third Conference on Object-Oriented Technologies and Systems,
  • 1997
VIEW 1 EXCERPT