Flux Research Group / School of Computing

Bees: A Secure, Resource-Controlled, Java-Based Execution Environment

No PDF availalbe

Tim Stack, Eric Eide, and Jay Lepreau

Proceedings of the 2003 IEEE Conference on Open Architectures and Network Programming Proceedings (OPENARCH) 2003.

DOI: 10.1109/OPNARC.2003.1196377

Networking, Languages, Middleware


Mobile code makes it possible for users to define the processing and protocols used to communicate with a remote node, while still allowing the remote administrator to set the terms of interaction with that node. However, mobile code cannot do anything useful without a rich execution environment, and no administrator would install a rich environment that did not also provide strict controls over the resources consumed and accessed by the mobile code.

Based on our experience with ANTS, we have developed Bees, an execution environment that provides better security, fine-grained control over capsule propagation, simple composition of active protocols, and a more flexible mechanism for interacting with end-user programs. Bees' security comes from a flexible authentication and authorization mechanism, capability-based access to privileged resources, and integration with our custom virtual machine that provides isolation, termination, and resource control. The enhancements to the mobile code environment make it possible to compose a protocol with a number of “helper” protocols. In addition, mobile code can now interact naturally with end-user programs, making it possible to communicate with legacy applications. We believe that these features offer significant improvements over the ANTS execution environment and create a more viable platform for active applications.