Home // International Journal On Advances in Security, volume 12, numbers 1 and 2, 2019 // View article

Secure Cooperation of Untrusted Components Using a Strongly Typed Virtual Machine

Authors:
Roland Wismüller
Damian Ludwig

Keywords: Security; software component; type system; object- capability model; membrane; virtual machine.

Abstract:
A growing number of computing systems, e.g., smart phones or web applications, allow to compose their software of components from untrusted sources. For security reasons, such a system should grant a component just the permissions it really requires, which implies that permissions must be suffi- ciently fine-grained. This leads to two questions: How to know and to specify the required permissions, and how to enforce access control in a flexible and efficient way? We present the design and implementation of a novel approach based on the object-capability paradigm with access control at the level of individual methods, which exploits two fundamental ideas: we simply use a component’s published interface as a specification of its required permissions, and extend interfaces with optional methods, allowing to specify permissions that are not strictly necessary, but desired for a better service level. These ideas have been realized within a static type system, where interfaces specify both the availability of methods, as well as the permission to use them. In addition, we support deep attenuation of rights with automatic creation of membranes, where necessary. Thus, our access control mechanisms are easy to use and also efficient, since in most cases permissions can be checked when the component is deployed, rather than at run-time. Based on our type system, we have defined a secure intermediate representation, specified its semantics and sketched a correctness proof. The presented concepts have been implemented in a virtual machine called COSMA. When a component is loaded, COSMA type checks its intermediate representation and then compiles it into native machine code, thus enabling its execution with minimal run-time overhead. Thus, COSMA enables the secure, efficient, and flexible cooperation of untrusted software components.

Pages: 53 to 68

Copyright: Copyright (c) to authors, 2019. Used with permission.

Publication date: June 30, 2019

Published in: journal

ISSN: 1942-2636