liu.seSök publikationer i DiVA
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
A usability study of security policy management
Linköpings universitet, Tekniska högskolan. Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik.
Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan.
2006 (Engelska)Ingår i: Security and Privacy in Dynamic Environments. Proceedings of the 21st International Information Security Conference (IFIP TC-11) (SEC’06), 2006, s. 296-306Konferensbidrag, Publicerat paper (Övrigt vetenskapligt)
Abstract [en]

The Java Security Manager is one major security feature of the Java programming language. However, in many Java applications the Security Manager is not enabled because it slows execution time. This paper explores the performance of the Java Security Manager in depth, identifies the permissions with the worst performance and gives advice on how to use the Security Manager in a more efficient way.

Our performance test shows that the CPU execution time penalty varies between 5% and 100% per resource access statement. This extreme range is due to the fact that some resource accesses are costly (such as file and socket access) and therefore hide the performance penalty for the access control check almost completely. The time penalty is much more noticeable with access to main memory resources (such as Java objects).

In order to achieve reasonable response times, it is of utmost importance to tune garbage collection because the Java Security Manager creates short-lived objects during its permission check. Also, the order of permissions in the policy file can be important.

Ort, förlag, år, upplaga, sidor
2006. s. 296-306
Nyckelord [en]
Java; Performance; Security; Security Manager; Access controller; Permission; Policy; CPU execution time
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
URN: urn:nbn:se:liu:diva-14432DOI: 10.1007/0-387-33406-8_25OAI: oai:DiVA.org:liu-14432DiVA, id: diva2:23497
Konferens
21st International Information Security Conference (IFIP TC-11) (SEC’06)
Tillgänglig från: 2007-04-27 Skapad: 2007-04-27 Senast uppdaterad: 2014-06-24
Ingår i avhandling
1. Usable Security Policies for Runtime Environments
Öppna denna publikation i ny flik eller fönster >>Usable Security Policies for Runtime Environments
2007 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

The runtime environments provided by application-level virtual machines such as the Java Virtual Machine or the .NET Common Language Runtime are attractive for Internet application providers because the applications can be deployed on any platform that supports the target virtual machine. With Internet applications, organisations as well as end users face the risk of viruses, trojans, and denial of service attacks. Virtual machine providers are aware of these Internet security risks and provide, for example, runtime monitoring of untrusted code and access control to sensitive resources.

Our work addresses two important security issues in runtime environments. The first issue concerns resource or release control. While many virtual machines provide runtime access control to resources, they do not provide any means of limiting the use of a resource once access is granted; they do not provide so-called resource control. We have addressed the issue of resource control in the example of the Java Virtual Machine. In contrast to others’ work, our solution builds on an enhancement to the existing security architecture. We demonstrate that resource control permissions for Java-mediated resources can be integrated into the regular Java security architecture, thus leading to a clean design and a single external security policy.

The second issue that we address is the usabilityhttps://www.diva-portal.org/liu/webform/form.jsp

DiVA Web Form and security of the setup of security policies for runtime environments. Access control decisions are based on external configuration files, the security policy, which must be set up by the end user. This set-up is security-critical but also complicated and errorprone for a lay end user and supportive, usable tools are so far missing. After one of our usability studies signalled that offline editing of the configuration file is inefficient and difficult for end users, we conducted a usability study of personal firewalls to identify usable ways of setting up a security policy at runtime. An analysis of general user help techniques together with the results from the two previous studies resulted in a proposal of design guidelines for applications that need to set up a security policy. Our guidelines have been used for the design and implementation of the tool JPerM that sets the Java security policy at runtime. JPerM evaluated positively in a usability study and supports the validity of our design guidelines.

Ort, förlag, år, upplaga, sidor
Institutionen för datavetenskap, 2007
Serie
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 1075
Nyckelord
Information security, Usability, Java, Resource control, Virtual machine
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:liu:diva-8809 (URN)978-91-85715-65-7 (ISBN)
Disputation
2007-05-29, Visionen, Hus B, Campus Valla, Linköpings universitet, Linköping, 10:15 (Engelska)
Opponent
Handledare
Tillgänglig från: 2007-04-27 Skapad: 2007-04-27 Senast uppdaterad: 2018-01-13

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextLink to Ph.D. thesis

Personposter BETA

Herzog, AlmutShahmehri, Nahid

Sök vidare i DiVA

Av författaren/redaktören
Herzog, AlmutShahmehri, Nahid
Av organisationen
Tekniska högskolanDatabas och informationsteknik
Teknik och teknologier

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 159 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf