Controlled Access Protection in the Telescript (trademark) Programming Language.

Abstract

Research on the ability of the Telescript language and execution mechanism to enforce controlled access protection on mobile agents moving in and across distributed computer networks has not been published. Nor has General Magic, the creator of the language, conducted security testing on their product. This thesis investigates whether the mobile agents and execution mechanism proposed by General Magic in its Telescript(TM) language meet the Class C2 Controlled Access Protection criteria as promulgated in the Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). This was done by conducting an analysis of the documentation provided by General Magic in their Telescript Development Kit (TDK) and Active Web Tools (AWT). The results of this thesis show that the mobile agents and execution mechanism of the Telescript(TM) language do not meet the criteria for TCSEC Class C2 Controlled Access Protection. In particular, the criteria for object reuse, system architecture, system integrity, security testing and security documentation are not met. However, discretionary access control (DAC) can be enforced using a user-defined security policy and the requirements for identification and authentication (I&A) and audit are satisfied.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 1996
Accession Number
ADA321413

Entities

People

  • Robert L. Marlett

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Authentication
  • Computer Access Control
  • Computer Networks
  • Computer Programming
  • Computers
  • Department Of Defense
  • Identification
  • Language
  • Networks
  • Programming Languages
  • Security
  • Test And Evaluation
  • Trademarks

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Software Engineering