Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Future developments in computing, and in consumer electronics, will involve a considerable degree of convergence: applications will work together to locate and provide services. If this convergence is to be implemented successfully, then a shared model for reliable service provision is required. The recently-released JiniTM Software System (1.0) is an attempt to meet this requirement through object-orientation. Based entirely upon existing JavaTM 2 technology, Jini is a set of protocols and programming models for peer-to-peer service provision using downloaded code and remote method invocation. This paper examines the way in which the Jini Software System will be used. It shows that the existing mechanisms for access control and secure operation provided by Java may prove inadequate in a Jini environment: a Jini-enabled device will be vulnerable to attack from its peers. Similar problems may be encountered in other, related technologies, such as Enterprise Java Beans. An account of the Jini technology is followed by an exploration of the inadequacies and vulnerabilities; concrete examples are provided to illustrate the possible attacks. The paper ends by showing how the existing specification may be enhanced to produce a secure system without significantly reducing either functionality or flexibility.

Type

Conference paper

Publication Date

01/01/1999

Pages

116 - 125