Für eine korrekte Darstellung dieser Seite benötigen Sie einen XHTML-standardkonformen Browser, der die Darstellung von CSS-Dateien zulässt.

Hinweise zum Einsatz der Google Suche

A Virtual Machine Supporting the Secure Cooperation of Untrusted Components


Today, many computer systems like smart phones, web applications or forthcoming automotive systems allow to compose their software of components from various sources. Since these sources may not always be trusted, such systems should grant a component just the permissions it really requires. This implies that permissions must be sufficiently more fine-grained than in today's established access-control solutions.

Designing a fine-grained access control system leads to two major questions:

  1. How to know and to specify the required permissions?
  2. How to enforce access control in a flexible and efficient way?

In the COSMA project, we develop a novel approach based on the object-capability paradigm with access control at the level of individual methods, which exploits two fundamental ideas: we simply use a component’s published interface as a specification of its required permissions, and extend interfaces with optional methods, allowing to specify permissions that are not strictly necessary, but desired for a better service level.

These ideas are realized within a static type system, where interfaces specify both the availability of methods, as well as the permission to use them. In addition, we support deep attenuation of rights with automatic creation of membranes, where necessary. Thus, the access control mechanisms are both easy to use and efficient, since in most cases permissions can be checked when the component is deployed, rather than at run-time.

Based on this type system, we have implemented a virtual machine called COSMA. When a component is loaded, COSMA type checks its intermediate representation and then compiles it into native machine code, thus enabling its execution with minimal run-time overhead.


  • R. Wismüller and D. Ludwig. Secure Cooperation of Untrusted Components. In G. Yee, S. Rass, S. Schauer, and M. Latzenhofer, editors, 12th Intl. Conf. on Emerging Security Information, Systems and Technologies (SECURWARE 2018), pages 103-107, Venice, Italy, September 2018. IARIA.
  • R. Wismüller and D. Ludwig. Secure Cooperation of Untrusted Components Using a Strongly Typed Virtual Machine. International Journal on Advances in Security, 12(1&2), June 2019. Accepted for publication.


  • COSMA: The virtual machine (including a simple compiler for an even more simple high level language, just to create test cases)
  • COLA: A compiler for a full featured high level language compiling into the COSMA intermediate representation.