Flexible Control of Downloaded Executable Content

Download or read book Flexible Control of Downloaded Executable Content written by Trent Jaeger and published by . This book was released on 1997 with total page 354 pages. Available in PDF, EPUB and Kindle. Book excerpt: Abstract: "We present a system for managing the execution of downloaded executable content according to flexibly-defined security policies. Downloaded executable content are messages downloaded from remote hosts that contain executables that are run on the downloading principal's machine upon receipt. Since executables run by downloading principals have their full protection domain by default, executable content must be controlled to prevent unauthorized access to the downloading principals' resources. Current systems attempt to control content using a fixed security policy designed for standalone content, but these policies are inappropriate for several applications. For example, current content loading policies do not account for the fact that content from multiple hosts may be combined into one application. In this paper, we describe a downloaded content execution system that can enforce a variety of security policies covering content download, content protection domain derivation, and content authorization. This system enables privileged principals to define the decisions that less privileged principals are allowed to make. For example, system administrators can define legitimate authentication policies for applications, and application developers can define when the downloading principal's rights can be delegated to other application participants (within limits set by system administrators). We show how policies for collaborative applications can be defined and enforced. Also, we describe and compare three implementations of the system."