Jalapa

Securing Java with Local Policies

What is Jalapa?

Jalapa is an extension to the security model of Java, that allows for specifying, analysing and enforcing history-based usage policies. Programmers can sandbox an untrusted piece of code with a policy, enforced at run-time through its local scope.

Documentation

The following documentation is available about Jalapa:

• a tutorial on the installation and use of Jalapa.
• a specification of the syntax and semantics of usage policies.
• the manual page of the Jisel bytecode rewriter, that defines its command-line syntax

The following publications describe the underlying theory of Jalapa:

• Securing Java with Local Policies - in Formal techniques for Java-like programs, 2008
• Model checking usage policies - in Trustworthy Global Computing, 2008

Code modifications

Code modifications must be done through the Subversion repository. You can check out the repository through svn as follows:

svn co https://jalapa.svn.sourceforge.net/svnroot/jalapa jalapa

Jalapa can be run by any Java Runtime Environment, starting from version 1.5. To download the latest JRE, check out java.sun.com.

Disclaimer

Copyright (C) 2008.

For comments and suggestions: piersushi at users.sourceforge.net

Jalapa comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the GNU General Public License for details.