A usability study of security policy management
2006 (English)In: Security and Privacy in Dynamic Environments. Proceedings of the 21st International Information Security Conference (IFIP TC-11) (SEC’06), 2006, 296-306 p.Conference paper (Other academic)
The Java Security Manager is one major security feature of the Java programming language. However, in many Java applications the Security Manager is not enabled because it slows execution time. This paper explores the performance of the Java Security Manager in depth, identifies the permissions with the worst performance and gives advice on how to use the Security Manager in a more efficient way.
Our performance test shows that the CPU execution time penalty varies between 5% and 100% per resource access statement. This extreme range is due to the fact that some resource accesses are costly (such as file and socket access) and therefore hide the performance penalty for the access control check almost completely. The time penalty is much more noticeable with access to main memory resources (such as Java objects).
In order to achieve reasonable response times, it is of utmost importance to tune garbage collection because the Java Security Manager creates short-lived objects during its permission check. Also, the order of permissions in the policy file can be important.
Place, publisher, year, edition, pages
2006. 296-306 p.
Java; Performance; Security; Security Manager; Access controller; Permission; Policy; CPU execution time
Engineering and Technology
IdentifiersURN: urn:nbn:se:liu:diva-14432DOI: 10.1007/0-387-33406-8_25OAI: oai:DiVA.org:liu-14432DiVA: diva2:23497
21st International Information Security Conference (IFIP TC-11) (SEC’06)