TY - GEN
T1 - Policy-Enforced Linking of Untrusted Components (Extended Abstract)
AU - Lee, Eunyoung
AU - Appel, Andrew Wilson
PY - 2003/12/1
Y1 - 2003/12/1
N2 - A method of secure linking (SL), a flexible way of allowing software component users to specify their security policy at link time, is discussed. The system gives the users more control than type-checking or traditional digital signing. The SL mechanism does not prevent bugs, but it gives the software provider and the software consumer finer-grain control of the meaning of certificates they use. With the SL framework, a code consumer can establish a linking policy to protect itself from malicious code from outside. The policy can include certain properties such as software component names, and application-specific correctness properties which are useful for system safety.
AB - A method of secure linking (SL), a flexible way of allowing software component users to specify their security policy at link time, is discussed. The system gives the users more control than type-checking or traditional digital signing. The SL mechanism does not prevent bugs, but it gives the software provider and the software consumer finer-grain control of the meaning of certificates they use. With the SL framework, a code consumer can establish a linking policy to protect itself from malicious code from outside. The policy can include certain properties such as software component names, and application-specific correctness properties which are useful for system safety.
UR - http://www.scopus.com/inward/record.url?scp=1542286871&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=1542286871&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:1542286871
SN - 1581137435
SN - 9781581137439
T3 - Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)
SP - 371
EP - 374
BT - Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)
A2 - Inverardi, P.
T2 - Proceedings of the Joint 9th European Software Engineering Conference (ESEC) and 11th SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)
Y2 - 1 September 2003 through 5 September 2003
ER -