Security in Meta Object Protocols and Reflection
(together with the Service de cryptographie et sécurité informatique)
Keywords:
Security, meta object protocols, reflection
Description:
This diploma thesis subject deals with meta programming, and in particular in solving security problems inherent in current meta programming. We are interested particularly in solving secutiry issues with Meta Object Protocols (MOPs) and reflection:
- Some languages have an interface (MOP) that allows the programmer to customize certain aspects of the language to suit particular problems. For example, if the MOP supports customization of the object layout, one can implement a sparse matrix with a space-optimized object.
- Some languages are reflective, which means that they can reason about themselves. Two forms of reflection can be distinguished: introspection and intercession. Introspection allows a program to interrogate itself. In an introspective program one can for example ask at runtime which methods are understood by a certain class, or what the implementation of a certain method is. Intercession goes one step further by not only allowing to read information about a program, but also change it. So one can change the implementation of a method while the program is running.
MOPs and reflective facilities open up existing programs from the outside. Without security, once could for example use reflection to change an existing program. The goal of this diploma thesis is to study meta programming and reflection, identify security risks, look at existing techniques that try to solve these risks, propose a safer alternative and implement a prototype.
What you will Learn:
- MOPs and reflection
- Security mechanisms