LiU Electronic Press
Download:
File size:
327 kb
Format:
application/pdf
Author:
Herzog, Almut (Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems) (Linköping University, The Institute of Technology)
Title:
Usable Security Policies for Runtime Environments
Department:
Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems
Linköping University, The Institute of Technology
Responsible org.:
Linköping University, Department of Computer and Information Science
Publication type:
Doctoral thesis, comprehensive summary (Other academic)
Language:
English
Publisher: Institutionen för datavetenskap
Series:
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524; 1075
Year of publ.:
2007
URI:
urn:nbn:se:liu:diva-8809
Permanent link:
http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-8809
ISBN:
978-91-85715-65-7
Subject category:
Computer Science
SVEP category:
Computer science
Keywords(en) :
Information security, Usability, Java, Resource control, Virtual machine
Abstract(en) :

The runtime environments provided by application-level virtual machines such as the Java Virtual Machine or the .NET Common Language Runtime are attractive for Internet application providers because the applications can be deployed on any platform that supports the target virtual machine. With Internet applications, organisations as well as end users face the risk of viruses, trojans, and denial of service attacks. Virtual machine providers are aware of these Internet security risks and provide, for example, runtime monitoring of untrusted code and access control to sensitive resources.

Our work addresses two important security issues in runtime environments. The first issue concerns resource or release control. While many virtual machines provide runtime access control to resources, they do not provide any means of limiting the use of a resource once access is granted; they do not provide so-called resource control. We have addressed the issue of resource control in the example of the Java Virtual Machine. In contrast to others’ work, our solution builds on an enhancement to the existing security architecture. We demonstrate that resource control permissions for Java-mediated resources can be integrated into the regular Java security architecture, thus leading to a clean design and a single external security policy.

The second issue that we address is the usabilityhttps://www.diva-portal.org/liu/webform/form.jsp

DiVA Web Form and security of the setup of security policies for runtime environments. Access control decisions are based on external configuration files, the security policy, which must be set up by the end user. This set-up is security-critical but also complicated and errorprone for a lay end user and supportive, usable tools are so far missing. After one of our usability studies signalled that offline editing of the configuration file is inefficient and difficult for end users, we conducted a usability study of personal firewalls to identify usable ways of setting up a security policy at runtime. An analysis of general user help techniques together with the results from the two previous studies resulted in a proposal of design guidelines for applications that need to set up a security policy. Our guidelines have been used for the design and implementation of the tool JPerM that sets the Java security policy at runtime. JPerM evaluated positively in a usability study and supports the validity of our design guidelines.

Public defence:
2007-05-29, Visionen, Hus B, Campus Valla, Linköpings universitet, Linköping, 10:15 (English)
Degree:
Doctor of Philosophy (PhD)
Supervisor:
Shahmehri, Nahid (Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems) (Linköping University, The Institute of Technology)
Opponent:
Furnell, Steven, Professor (School of Computing, Communications & Electronics, University of Plymouth, UK)
Available from:
2007-04-27
Created:
2007-04-27
Last updated:
2009-04-29
Statistics:
2495 hits
FILE INFORMATION
File size:
327 kb
Mimetype:
application/pdf
Type:
fulltext
Statistics:
5279 hits