Inlined Reference Monitors for Java Bytecode

Award Information
Agency:
Department of Commerce
Amount:
$299,995.00
Program:
SBIR
Contract:
NIST 2001-1
Solitcitation Year:
N/A
Solicitation Number:
N/A
Branch:
N/A
Award Year:
2002
Phase:
Phase II
Agency Tracking Number:
7.05.05
Solicitation Topic Code:
N/A
Small Business Information
GrammaTech, Inc.
317 N. Aurora Street, Ithaca, NY, 14850
Hubzone Owned:
N
Woman Owned:
N
Socially and Economically Disadvantaged:
N
Duns:
N/A
Principal Investigator
 Paul Anderson
 Senior Software Engineer
 (607) 273-7340
 paul@grammatech.com
Business Contact
 Ray (Tim) Teitelbaum
Title: Chairman
Phone: () -
Email: tt@grammatech.com
Research Institution
N/A
Abstract
Current state-of-the-art technology for specifying and enforcing security policies for software is generally too inflexible, coarse-grained, and difficult to use. In systems that make use of mobile code, such as Java applets, the situation is yet more difficult. A more flexible and powerful approach is needed that will allow a wider range of security policies to be set by various policy-setting authorities for different applications. At the same time, there must be check-box simplicity. We propose to commercialize mechanisms for specifying and enforcing security policies for mobile code that work by inserting fragments of code into programs in order to monitor their state and prevent them from violating security policies. The proposed system will allow arbitrary policies to be specified independently by different policy-setting authorities. We will apply this approach, named Inlined Reference Monitors (IRMs), to Java bytecode using a technique called aspect-oriented programming. We will leverage existing static-analysis technologies in the implementation of a security policy toolkit.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government