Policy-Enforced Linking of Untrusted Components (Extended Abstract)

Eunyoung Lee; Andrew Wilson Appel

Policy-Enforced Linking of Untrusted Components (Extended Abstract)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

A method of secure linking (SL), a flexible way of allowing software component users to specify their security policy at link time, is discussed. The system gives the users more control than type-checking or traditional digital signing. The SL mechanism does not prevent bugs, but it gives the software provider and the software consumer finer-grain control of the meaning of certificates they use. With the SL framework, a code consumer can establish a linking policy to protect itself from malicious code from outside. The policy can include certain properties such as software component names, and application-specific correctness properties which are useful for system safety.

Original language	English (US)
Title of host publication	Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)
Editors	P. Inverardi
Pages	371-374
Number of pages	4
State	Published - Dec 1 2003
Event	Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11) - Helsinki, Iceland Duration: Sep 1 2003 → Sep 5 2003

Publication series

Name	Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)

Other

Other	Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)
Country/Territory	Iceland
City	Helsinki
Period	9/1/03 → 9/5/03

All Science Journal Classification (ASJC) codes

Software

Cite this

Lee, E., & Appel, A. W. (2003). Policy-Enforced Linking of Untrusted Components (Extended Abstract). In P. Inverardi (Ed.), Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11) (pp. 371-374). (Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)).

Lee, Eunyoung ; Appel, Andrew Wilson. / Policy-Enforced Linking of Untrusted Components (Extended Abstract). Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11). editor / P. Inverardi. 2003. pp. 371-374 (Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)).

@inproceedings{c4150b1ec346406190f3a396f8ad823c,

title = "Policy-Enforced Linking of Untrusted Components (Extended Abstract)",

abstract = "A method of secure linking (SL), a flexible way of allowing software component users to specify their security policy at link time, is discussed. The system gives the users more control than type-checking or traditional digital signing. The SL mechanism does not prevent bugs, but it gives the software provider and the software consumer finer-grain control of the meaning of certificates they use. With the SL framework, a code consumer can establish a linking policy to protect itself from malicious code from outside. The policy can include certain properties such as software component names, and application-specific correctness properties which are useful for system safety.",

author = "Eunyoung Lee and Appel, {Andrew Wilson}",

year = "2003",

month = dec,

day = "1",

language = "English (US)",

isbn = "1581137435",

series = "Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)",

pages = "371--374",

editor = "P. Inverardi",

booktitle = "Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)",

note = "Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11) ; Conference date: 01-09-2003 Through 05-09-2003",

}

Lee, E & Appel, AW 2003, Policy-Enforced Linking of Untrusted Components (Extended Abstract). in P Inverardi (ed.), Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11). Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11), pp. 371-374, Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11), Helsinki, Iceland, 9/1/03.

Policy-Enforced Linking of Untrusted Components (Extended Abstract). / Lee, Eunyoung; Appel, Andrew Wilson.
Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11). ed. / P. Inverardi. 2003. p. 371-374 (Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Policy-Enforced Linking of Untrusted Components (Extended Abstract)

AU - Lee, Eunyoung

AU - Appel, Andrew Wilson

PY - 2003/12/1

Y1 - 2003/12/1

N2 - A method of secure linking (SL), a flexible way of allowing software component users to specify their security policy at link time, is discussed. The system gives the users more control than type-checking or traditional digital signing. The SL mechanism does not prevent bugs, but it gives the software provider and the software consumer finer-grain control of the meaning of certificates they use. With the SL framework, a code consumer can establish a linking policy to protect itself from malicious code from outside. The policy can include certain properties such as software component names, and application-specific correctness properties which are useful for system safety.

AB - A method of secure linking (SL), a flexible way of allowing software component users to specify their security policy at link time, is discussed. The system gives the users more control than type-checking or traditional digital signing. The SL mechanism does not prevent bugs, but it gives the software provider and the software consumer finer-grain control of the meaning of certificates they use. With the SL framework, a code consumer can establish a linking policy to protect itself from malicious code from outside. The policy can include certain properties such as software component names, and application-specific correctness properties which are useful for system safety.

UR - http://www.scopus.com/inward/record.url?scp=1542286871&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=1542286871&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:1542286871

SN - 1581137435

SN - 9781581137439

T3 - Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)

SP - 371

EP - 374

BT - Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)

A2 - Inverardi, P.

T2 - Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)

Y2 - 1 September 2003 through 5 September 2003

ER -

Lee E, Appel AW. Policy-Enforced Linking of Untrusted Components (Extended Abstract). In Inverardi P, editor, Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11). 2003. p. 371-374. (Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)).

Policy-Enforced Linking of Untrusted Components (Extended Abstract)

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Other files and links

Cite this