Authorization layer API and low level access checks.
Daniel Latrémolière
daniel.latremoliere at gmail.com
Tue Jun 29 18:42:22 UTC 2021
Hello,
Just for my knowledge, and if I understand your need to enforce a
security policy on code potentially untrusted.
Isn't it possible to simply create a Java agent instrumenting bytecode
[1], which will replace [2] each Java method invocation, in untrusted
bytecode, which is returning a potentially sensitive object [3], by a
call to a generated adapter.
In the generated adapter, you can add all useful code to validate if
corresponding code is allowed to see this object, potentially sensitive.
A Java agent, would be compatible with all Java versions and I think it
would be possible to add exactly the permissions needed.
Thanks,
Daniel.
[1]:
https://docs.oracle.com/javase/8/docs/api/java/lang/instrument/ClassFileTransformer.html
[2]: Bytecode transformation, by example with ASM:
https://stackoverflow.com/a/35635682
[3]: By example, proxying each constructor or method returning an
instance of class like java.io.File and java.nio.file.Path (if you want
to do something like FilePermission).
Le 29/06/2021 à 00:44, Peter Firmstone a écrit :
> I'm currently playing around with a simpler security model, where one
> must escalate privileges with a privilegedCall, designed to be
> submitted to an Executor, which is task / thread confined.
>
More information about the discuss
mailing list