The present invention relates to a method and system for reducing time and power requirements for executing computer-readable instruction, such as an application, in an execution environment having run-time security constraints. More particularly, the invention pertains to a method of re-certifying an application so that the security level can be dictated by the operator of a domain in which the target device operates.
The Java(trademark) programming and execution environment, created by Sun Microsystems, provides a popular way to write, distribute, and execute programs for many platforms. One of the attractive features in the Java(trademark) execution environment is the built-in security system that enforces a set of security constraints on every program executed while in the execution environment. Through this mechanism, an execution environment can safely execute Java(trademark) programs from unknown origins without risk of the program having adverse affects on the execution environment.
The enforcement of these security constraints places an added burden on the execution environment to execute the built-in security system because the set of security constraints is performed every time a class file is loaded into the execution environment, thus increasing time and power requirements. It is important to note that platforms with limited computing resources are especially sensitive to this added burden. For example, these security constraints are particularly troublesome in environments, such as web browsers, where computer-readable instruction streams are downloaded to the execution environment, but not permanently stored in the execution environment. Since the computer-readable instruction streams are not permanently stored in the execution environment, they have to be downloaded each time they are accessed, which adds the requirement for the verification process to be performed each time the computer-readable instruction streams are downloaded in the execution environment.
Furthermore, in the present art when a client device downloads an application or code segment, the application or code segment is authenticated only by the client device. Thus, the developer of the code dictates the security level of the application, which resources it can access, and so on. This is undesirable in some situation such as where a private fleet of mobile communication devices contain proprietary information, and the operator of the domain in which the mobile communication devices operate may which to restrain the security setting to prevent access to certain sensitive data objects normally existing on the mobile communication devices.
Thus, there exists a need for a method and apparatus that reduces the time and power requirements for executing computer-readable instruction streams in the execution environment having run-time security constraints while maintaining the safety of the execution environment executing computer-readable instruction streams from unknown origins without risk of the computer-readable instruction streams having adverse affects on the execution environment. Furthermore there exists a need to allow the operator of a domain in which the target devices operate to control the security settings of all applications entering that domain.