You are here

Inlined Reference Monitors for Java Bytecode

Award Information
Agency: Department of Commerce
Branch: N/A
Contract: NIST 2001-1
Agency Tracking Number: 7.05.05
Amount: $299,995.00
Phase: Phase II
Program: SBIR
Solicitation Topic Code: N/A
Solicitation Number: N/A
Solicitation Year: N/A
Award Year: 2002
Award Start Date (Proposal Award Date): N/A
Award End Date (Contract End Date): N/A
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Paul Anderson
 Senior Software Engineer
 (607) 273-7340
Business Contact
 Ray (Tim) Teitelbaum
Title: Chairman
Phone: () -
Research Institution
Current state-of-the-art technology for specifying and enforcing security policies for software is generally too inflexible, coarse-grained, and difficult to use. In systems that make use of mobile code, such as Java applets, the situation is yet more difficult. A more flexible and powerful approach is needed that will allow a wider range of security policies to be set by various policy-setting authorities for different applications. At the same time, there must be check-box simplicity. We propose to commercialize mechanisms for specifying and enforcing security policies for mobile code that work by inserting fragments of code into programs in order to monitor their state and prevent them from violating security policies. The proposed system will allow arbitrary policies to be specified independently by different policy-setting authorities. We will apply this approach, named Inlined Reference Monitors (IRMs), to Java bytecode using a technique called aspect-oriented programming. We will leverage existing static-analysis technologies in the implementation of a security policy toolkit.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government