The Java language and system have attracted increased interest in the idea of downloading executable content (mobile code) over a network, but have also raised concerns regarding the security of mobile code. So far, raditional security models for access control known from operating systems have been applied. This paper discusses existing security models and evaluates them in terms of the need-to-know principle. The result of the evaluation of the security models has motivated us to define a new model, the application profile model. Implementation strategies to select the appropriate application profile are discussed.
By: Peter Trommler
Published in: Global IT Security, ed. by G. Papp and R. Posch. , Vienna, OCG, p.261-70 in 1998
Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.
Questions about this service can be mailed to reports@us.ibm.com .