COSMA
A Virtual Machine Supporting the Secure Cooperation of Untrusted
Components
Overview
Today, many computer systems like smart phones, web applications or forthcoming automotive systems allow to compose their software of components from various sources. Since these sources may not always be trusted, such systems should grant a component just the permissions it really requires. This implies that permissions must be sufficiently more fine-grained than in today's established access-control solutions.
Designing a fine-grained access control system leads to two major questions:
- How to know and to specify the required permissions?
- How to enforce access control in a flexible and efficient way?
In the COSMA project, we develop a novel approach based on the
object-capability paradigm with access control at the level of
individual methods, which exploits two fundamental ideas: we
simply use a components published interface as a specification
of its required permissions, and extend interfaces with optional
methods, allowing to specify permissions that are not strictly
necessary, but desired for a better service level.
These ideas are realized within a static type system, where interfaces specify
both the availability of methods, as well as the permission to use
them. In addition, we support deep attenuation of rights with
automatic creation of membranes, where necessary. Thus, the
access control mechanisms are both easy to use and efficient, since
in most cases permissions can be checked when the component
is deployed, rather than at run-time.
Based on this type system,
we have implemented a virtual machine called
COSMA. When a component is loaded, COSMA type checks
its intermediate representation and then compiles it into native
machine code, thus enabling its execution with minimal run-time
overhead.
Publications
- R. Wismüller, D. Ludwig, and F. Breitweiser. Extending the Object-Capability Model with Fine-Grained Type-Based Capabilities. Journal of Object Technology, 23(1):1-36, 2024.
- R. Wismüller and D. Ludwig. Secure Cooperation of Untrusted Components Using a Strongly Typed Virtual Machine. International Journal on Advances in Security, 12(1&2):53-68, June 2019.
- R. Wismüller and D. Ludwig. Secure Cooperation of Untrusted Components. In G. Yee, S. Rass, S. Schauer, and M. Latzenhofer, editors, 12th Intl. Conf. on Emerging Security Information, Systems and Technologies (SECURWARE 2018), pages 103-107, Venice, Italy, September 2018. IARIA.