Key points are not available for this paper at this time.
Mobile code technologies such as Java, JavaScript, and ActiveX generally limit all programs to a single security policy. However, software-based protection can allow for more flexible security models, with potentially significant performance improvements over traditional hardware-based solutions. We describe and analyze three implementation strategies for interposing flexible security policies in software-based security systems. Implementations exist for all three strategies: several vendors have adapted capabilities to Java, Netscape Communicator extended Javas stack introspection, and we built a typehiding system as an add-on to Microsoft Internet Explorer. 1 Introduction The growth of the World Wide Web has enabled the Internet to reach new levels of popularity and ease of use. We are now seeing the arrival of HTML-enabled mail and news-reading tools, heralding the complete acceptance of Web documents as a medium of exchange. As Web applications have blossomed, developers have bee...
Wallach et al. (Wed,) studied this question.