Policy-Enforced Linking of Untrusted Components (Extended Abstract)

Eunyoung Lee, Andrew Wilson Appel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A method of secure linking (SL), a flexible way of allowing software component users to specify their security policy at link time, is discussed. The system gives the users more control than type-checking or traditional digital signing. The SL mechanism does not prevent bugs, but it gives the software provider and the software consumer finer-grain control of the meaning of certificates they use. With the SL framework, a code consumer can establish a linking policy to protect itself from malicious code from outside. The policy can include certain properties such as software component names, and application-specific correctness properties which are useful for system safety.

Original languageEnglish (US)
Title of host publicationProceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)
EditorsP. Inverardi
Pages371-374
Number of pages4
StatePublished - Dec 1 2003
EventProceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11) - Helsinki, Iceland
Duration: Sep 1 2003Sep 5 2003

Publication series

NameProceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)

Other

OtherProceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)
CountryIceland
CityHelsinki
Period9/1/039/5/03

All Science Journal Classification (ASJC) codes

  • Software

Cite this