Accession Number : ADA321413

Title :   Controlled Access Protection in the Telescript (trademark) Programming Language.

Descriptive Note : Master's thesis,

Corporate Author : NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Personal Author(s) : Marlett, Robert L.

PDF Url : ADA321413

Report Date : SEP 1996

Pagination or Media Count : 75

Abstract : Research on the ability of the Telescript language and execution mechanism to enforce controlled access protection on mobile agents moving in and across distributed computer networks has not been published. Nor has General Magic, the creator of the language, conducted security testing on their product. This thesis investigates whether the mobile agents and execution mechanism proposed by General Magic in its Telescript(TM) language meet the Class C2 Controlled Access Protection criteria as promulgated in the Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). This was done by conducting an analysis of the documentation provided by General Magic in their Telescript Development Kit (TDK) and Active Web Tools (AWT). The results of this thesis show that the mobile agents and execution mechanism of the Telescript(TM) language do not meet the criteria for TCSEC Class C2 Controlled Access Protection. In particular, the criteria for object reuse, system architecture, system integrity, security testing and security documentation are not met. However, discretionary access control (DAC) can be enforced using a user-defined security policy and the requirements for identification and authentication (I&A) and audit are satisfied.

Descriptors :   *PROGRAMMING LANGUAGES, *PROTECTION, *ACCESS, TEST AND EVALUATION, DEPARTMENT OF DEFENSE, DATA PROCESSING SECURITY, DISTRIBUTION, TOOLS, COMPUTER ARCHITECTURE, THESES, MOBILE, SYSTEMS ANALYSIS, COMPUTER NETWORKS, KITS.

Subject Categories : Computer Programming and Software

Distribution Statement : APPROVED FOR PUBLIC RELEASE