Controlled access protection in the Telescript programming language
Loading...
Authors
Marlett, Robert Lawrence
Subjects
Advisors
Irvine, Cynthia E.
Date of Issue
1996-09
Date
September 1996
Publisher
Monterey, California. Naval Postgraduate School
Language
en_US
Abstract
Research on the ability of the Telescript language and execution mechanism to enforce controlled access protection on mobile agents moving in and across distributed computer networks has not been published. Nor has General Magic, the creator of the language, conducted security testing on their product. This thesis investigates whether the mobile agents and execution mechanism proposed by General Magic in its Telescript(TM) language meet the Class C2 Controlled Access Protection criteria as promulgated in the Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). This was done by conducting an analysis of the documentation provided by General Magic in their Telescript Development Kit (TDK) and Active Web Tools (AWT). The results of this thesis show that the mobile agents and execution mechanism of the Telescript(TM) language do not meet the criteria for TCSEC Class C2 Controlled Access Protection. In particular, the criteria for object reuse, system architecture, system integrity, security testing and security documentation are not met. However, discretionary access control (DAC) can be enforced using a user-defined security policy and the requirements for identification and authentication (I&A) and audit are satisfied.
Type
Description
Computer Science
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
xii, 62 p.
Citation
Distribution Statement
Approved for public release; distribution is unlimited.