DIMACS TR: 97-64
The Design and Implementation of a Java Playground
Authors: Dahlia Malkhi, Michael Reiter and Avi Rubin
ABSTRACT
Mobile code presents a number of threats to the machines that execute
it. In this paper we introduce an approach for protecting machines
and the resources they hold from mobile code, and describe a system
based on our approach for protecting host machines from Java applets.
In our approach, each Java applet downloaded to the protected domain
is rerouted to a dedicated machine (or set of machines), the
playground, at which it is executed. Prior to execution the applet is
transformed to use the downloading user's web browser as a graphics
terminal for its input and output, and so the user has the illusion
that the applet is running on her own machine. In reality, however,
mobile code runs only in the sanitized environment of the playground,
where user files cannot be mounted and from which only limited network
connections are accepted by machines in the protected domain. We
describe the design, implementation, performance and limitations of
our system, and directions for future work.
Paper Available at:
ftp://dimacs.rutgers.edu/pub/dimacs/TechnicalReports/TechReports/1997/97-64.ps.gz
DIMACS Home Page