Technical Report MSC-2007-22

In this thesis we study the problem of adapting security policies to distributed environments such as grids and mobile code systems. We define what a global security policy is, and indicate some of the difficulties in translating local policies to the entire distributed environment. Then, we propose efficient and scalable security mechanisms for the enforcement of global security policies in distributed computational systems. These mechanisms are based on multiple instances of execution monitors (smart sandboxes) running on the distributed entities and on efficient security information sharing among them. We show that the subclasses of EM policies enforceable by these mechanisms, contain useful and real live security policies such as global information flow policies.

We provide prototype implementation of the security mechanism capable of defining and enforcing global security policies. This mechanism uses AspectJ to intercept security relevant events before they occur and terminates the execution if a target application is about to violate security policy.