|
USENIX Annual Technical Conference (NO 98), 1998
Abstract
The Safe-Tcl Security Model
Jacob Y. Levy and Laurent Demailly
Sun Microsystems Laboratories
John K. Ousterhout and Brent B. Welch
Scriptics Inc.
Abstract
Safe-Tcl is a mechanism for controlling the execution
of programs written in the Tcl scripting language.
It allows untrusted scripts (applets) to be
executed while preventing damage to the environment
or leakage of private information. Safe-Tcl
uses a padded cell approach: each applet is isolated
in a safe interpreter where it cannot interact
directly with the rest of the application. The execution
environment of an applet is controlled by a
trusted script running in a master interpreter. Safe-Tcl
supports applets using multiple security policies
within an application. These policies determine
what an applet can do, based on the degree to which
the applet is trusted. Safe-Tcl separates security
management into well-defined phases that are
geared towards the party responsible for each
aspect of security.
- View the full text of this paper in
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
Technical Program