Abstract
In mobile code systems, programs or processes travel from host to host in order to accomplish their goals. Such systems violate some of the assumptions that underlie most existing computer security implementations. In order to make these new systems secure, we will have to deal with a number of issues that previous systems have been able to ignore or sidestep. This paper surveys the assumptions that mobile code systems violate (including the identification of programs with persons, and other assumptions that follow from that), the new security issues that arise, and some of the ways that these issues will be addressed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
V. McLellan, “Computer Systems Under Siege”, The New York Times, January 17, 1988.
Internal IBM documents.
E.H. Spafford, “The Internet Worm: An Analysis,” Purdue University Technical Report CSD-TR-823, November 28, 1988.
J.E. White, “Telescript technology: the foundation for the electronic market-place,” General Magic Inc., Mountainview, California, 1994.
Y. Goldberg et al., “Active Mail: A Framework for Implementing Groupware”, in Proceedings of CSCW’ 92, Toronto 1992.
N. Borenstein, “Email with a mind of its own: the Safe-TCL language for enabled mail,” in ULPAA’94, Boston 1994.
E. Jul et al., “Fine-grained mobility in the Emerald system,” ACM Transactions on Computer Systems, 6(1), February 1988.
G. Ames et al., “The Eden system: A technical review,” IEEE Transactions on Software Engineering, 11(1), January 1985.
F. Douglis, “Process migration in the Sprite operating system,” Technical Report UCB/CSD 87/343, University of California at Berkeley, February 1987.
K. Arnold and J. Gosling, The Java Programming Language, Addison-Wesley, 1996.
D.B. Lange and M. Oshima, “Programming Mobile Agents in Java with the Java Aglet API,” IBM Research, 1997, http://www.trl.ibm.co.jp/aglets/aglet-book/ .
General Magic’s Odyssey system, at http://www.genmagic.com/agents/ .
ObjectScape’s Voyager system, at http://www.objectspace.com/Voyager/ .
R. Gray, “Agent Tcl: A flexible and secure mobile agent system”. in Proceedings of the Fourth Annual Tcl/Tk Workshop, Monterey, 1996.
S. Dorward et al., “Inferno,” in IEEE Compcon’ 97 Proceedings, 1997.
L. Cardelli, “Obliq: A language with distributed scope,” Report 122, Digital Equipment Corporation Systems Research Center, 1994.
H. Peine, “Ara-Agents for Remote Action” in W. R. Cockayne and M. Zyda, Mobile Agents: Explanations and Examples, Manning/Prentice Hall, 1997.
D. Chess, C. Harrison, and A. Kershenbaum, “Mobile Agents: Are They a Good Idea?” in J. Vitek and C. Tschudin (eds) Mobile Object Systems, Springer, 1996.
D.M. Ritchie and K. Thompson, “The UNIX Time-Sharing System”, Communications of the ACM, 17(7), July 1974.
S. Garfinkel and G. Spafford, Practical Unix and Internet Security, O’Reilly & Associates, 1996.
B. Lampson, “Protection,” in Proceedings of the Fifth Princeton Symposium on Information Sciences and Systems, pp. 437–443, Princeton University, March 1971. Reprinted in Operating Systems Review, 8(1), pp. 18–24, January 1974.
C. Stoll, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. New York: Pocket Books, 1989.
S. Dreyfus, Underground, Mandarin, Australia, 1997.
C.E. Landwehr, “Formal models for computer security,” ACM Computing Surveys, 13(3), pp. 247–278, September 1981.
B. Lampson et al., “Authentication in Distributed Systems: Theory and Practice,” ACM Transactions on Computing Systems, 10(4), pp. 265–310, November 1992.
C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, Prentice-Hall, 1995.
C. Lai, G. Medvinsky, and B.C. Neuman, “Endorsements, Licensing, and Insurance for Distributed System Services”, in Proceedings of the 2ndACM Conference on Computer and Communications Security, 1994.
D. Wallach et al. “Extensible Security Architectures for Java”, Technical Report 546-97, Department of Computer Science, Princeton University, 1997.
U. Manber, “Chain Reactions in Networks”, IEEE Computer, October 1990.
J. Ordille, “When agents roam, who can you trust?”, First IEEE Conference on Emerging Technologies and Applications in Communications, May 1996.
E. Palmer, “An Introduction to Citadel — a secure crypto coprocessor for workstations ”, in IFIP SEC’94 Conference, Curacao, May 1994.
F. Hohl, “An Approach to Solve the Problem of Malicious Hosts in Mobile Agent Systems”, draft, University of Stuttgart, 1997.
T. Sander and C. F. Tschudin, “Towards Mobile Cryptography” TR-97-049, International Computer Science Institute, Berkeley, November 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Chess, D.M. (1998). Security Issues in Mobile Code Systems. In: Vigna, G. (eds) Mobile Agents and Security. Lecture Notes in Computer Science, vol 1419. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68671-1_1
Download citation
DOI: https://doi.org/10.1007/3-540-68671-1_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64792-8
Online ISBN: 978-3-540-68671-2
eBook Packages: Springer Book Archive