Tuesday
26 Distributed Object Security Adam's Mark Hotel
Governor's Square 10
 
The purpose of this workshop is to provide a forum for discussion of security problems relating to distributed object-oriented programming environments. As object-oriented technology is becoming more widely deployed, security has become a pressing issue. Object-Oriented programming languages and object-based systems generally offer a convenient set of abstractions for security, such as strong typing, well-defined interfaces and encapsulation of data. However, they also introduce a number of new problems, such as deciding on the granularity of protection in fine-grained object systems and the possible ambiguities arising from polymorphism and dynamic binding, e.g., can a compromised class be substituted for a valid one.

Distribution of objects on a network accentuates the existing problems and introduces a whole range of new security issues that have to be resolved, notably problems arising from mobility of instances or classes. Resolution of these problems is especially important if the objects are to be made accessible on the Internet or through the World Wide Web.

Reusability is one of the traditional virtues of object-oriented systems. However, security problems may arise when objects are reused in an execution context that is different from the context of the original implementation, e.g., the authentication and authorization required by an object modeling a bank account is very different, depending on whether its methods are being invoked from within the banks database or by a home-banking client on the Internet.

Component-based programming and Java Beans allow large parts of applications to be assembled out of an existing collection of components or beans. However, components and beans have the same potential security problems as reusing ordinary objects. The problems arise because components and beans cannot deal with the non-functional requirements, such as security, of the application.

New programming paradigms (such as reflection and aspect-oriented programming) are being introduced to deal with non-functional requirements in object-oriented systems. These paradigms look promising, but also introduce new questions such as: How can we use these paradigms to program secure applications? and how can we build secure systems that support these paradigms?

Topics of interest include but are not restricted to:

  • Application requirements for security
  • Security in the CORBA or COM frameworks
  • Security of object-oriented languages
  • Security models for object-oriented programming environments
  • Security of mobile object systems (mobile agents/active networks)
  • Security policy models and implementation, particularly for object-level policy
  • Security of reflective and aspect--oriented programming languages/runtime systems
  • Formal methods and verification of security in object-oriented programming environments
  • Granularity of protection in OO systems
  • Protection and object reuse
  • Practical experiences with security in OO systems (CORBA, COM, Java, etc.)

Organizers:

Christian Jensen, Trinity College, Dublin
Email: Christian.Jensen@cs.tcd.ie

Li Gong, Sun Microsystems, Inc.

Daniel Hagimont, INRIA

Trent Jaeger, IBM T.J. Watson Research Center

Jan Vitek, Purdue University

Workshops
Submission Information
Workshops At
A Glance
Full Description
of All Workshops
Back To
Final Program

 OOPSLA'98 Home