DocumentCode
1983456
Title
Spout: a transparent distributed execution engine for Java applets
Author
Chiueh, Tzi-cker ; Sankaran, Harish ; Neogi, Anindya
Author_Institution
Dept. of Comput. Sci., State Univ. of New York, Stony Brook, NY, USA
fYear
2000
fDate
2000
Firstpage
394
Lastpage
401
Abstract
The advent of executable contents such as Java applets exposes WWW users to a new class of attacks that were not possible before. Serious security breach incidents due to implementation bugs arose repeatedly in the past several years. Without a provably correct implementation of Java´s security architecture specification, it is difficult to make any conclusive statements about the security characteristic of current Java virtual machines. The Spout project takes an alternative approach to address Java´s security problems. Rather than attempt a provably secure implementation, we aim to confine the damages of malicious Java applets to selective machines, thus protecting resources behind an organization´s firewall from attacks by malicious or buggy applets. Spout is essentially a distributed Java execution engine that transparently decouples the processing of an incoming applet´s application logic from that of the graphical user interface (GUI), such that the only part of an applet that is actually running on the requesting user´s host is the harmless GUI code. A unique feature of the Spout architecture that does not exist in other similar systems, is that it is completely transparent to and does not require any modifications to WWW browsers or class libraries on the end hosts. This paper describes the design, implementation, and performance measurements of the first Spout prototype, which also incorporates run-time resource monitoring mechanisms to counter denial-of-service attacks
Keywords
Java; distributed object management; distributed programming; graphical user interfaces; information resources; object-oriented programming; security of data; software architecture; Java applets; Java virtual machines; Spout; Web browsers; World Wide Web; buggy applets; class libraries; denial-of-service attacks; firewall; graphical user interface; implementation bugs; malicious applets; mobile code; performance measurements; run-time resource monitoring; security architecture specification; security breach; transparent distributed execution engine; Computer bugs; Engines; Graphical user interfaces; Java; Libraries; Logic; Protection; Security; Virtual machining; World Wide Web;
fLanguage
English
Publisher
ieee
Conference_Titel
Distributed Computing Systems, 2000. Proceedings. 20th International Conference on
Conference_Location
Taipei
ISSN
1063-6927
Print_ISBN
0-7695-0601-1
Type
conf
DOI
10.1109/ICDCS.2000.840951
Filename
840951
Link To Document