The Safe-Tcl Security Model
Author
John K. Ousterhout, Jacob Y. Levy, Brent B. Welch
Abstract
Safe-Tcl is a mechanism for controlling the execution of programs written in the Tcl scripting language. It allows untrusted scripts (applets) to be executed while preventeing damage to the environment or leakage of private information. Safe-Tcl uses a padded cell approach: each applet is isolated in a safe interpreter where it cannot interact directly with the rest of the application. The execution environment of the safe interpreter is controlled by trusted scipts running in a master interpreter. Safe-Tcl provides an alias mechanism that allows applets to request services from the master interpreter in a controlled fashion. Safe-Tcl allows a variety of security policies to be implemented even within a single application, and it supports both policies that authenticate incoming scrips and those that do not.
Address
Mountain View, California, USA
Publisher
Sun Microsystems Laboratories
Affiliation
Sun Microsystem Laboratories
Publication Date
1997-00-00
Contents
1 Introduction
2 Overview of Tcl
3 Security Issues
4 Safe Interpreters, Aliases, and Hidden Commands
5 Security Policies
6 Using Authentication
7 Multiple Applets
8 Denial-of-Services Attacks
9 Status
10 Related Work
11 Conclusions
12 Acknowledgements
13 References
14 About the Authors
Location
A hard-copy of this is in the Papers Cabinet