[e-lang] New paper: Fine-Grained Privilege Separation for Web Applications
Toby Murray
toby.murray at comlab.ox.ac.uk
Tue Feb 16 13:58:21 PST 2010
On 15 February 2010 20:27, David Wagner <daw at cs.berkeley.edu> wrote:
> I thought I'd let you all know about a new paper from Akshay
> Krishnamurthy, Adrian Mettler, and I:
>
> Akshay Krishnamurthy, Adrian Mettler, and David Wagner.
> "Fine-Grained Privilege Separation for Web Applications".
> To appear at WWW 2010, April 26-30, 2010.
> http://www.cs.berkeley.edu/~daw/papers/capsules-www10.pdf
Very cool.
One question struck me while reading the following (from the "Session
Initialisation" part of the Section 5.1.1) that the paper doesn't
appear to address.
"We reviewed the application's session initialisation code and
confirmed that it doesn't use unsafe Java features to violate the
isolation properties that Joe-E guarantees ..."
How much more difficult would this step be for user's unfamiliar with
the design of Joe-E ?
Is there a set of simple rules that users can follow when writing Java
code that sits alongside a Joe-E application to ensure that the Joe-E
semantics are maintained for the Joe-E part of that application? This
seems like something that would be required in order to make this step
of the security review easy for end users.
Of course, such a guide is likely to be useful for all Joe-E
applications, so maybe it already exists? Apologies if it's just my
ignorance.
Cheers
Toby
More information about the e-lang
mailing list