Abstract
Code mobility can be defined as the capability to dynamically change the bindings between code fragments and the location in which they are executed. The concept of code mobility is not new, but in recent years has become a hot topic. Web browsers are able to download programs attached to web pages that are executed locally. On the other hand, mobile agent technology allows for agents to autonomously migrate to new hosts. A major concern involved in the use of these technologies is security: the integrity of the receiving host must not be compromised by the execution of mobile code. The local host needs to define a security policy that specifies which resources are made available to mobile code, potentially untrusted. On the other hand, the runtime system must, somehow, enforce such policy. In this paper, we present a survey of different techniques aimed at resolving the problem of secure resource management, and argue within which context they are appropriate.
Résumé
La mobilité du code peut être définie comme la capacité de changer dynamiquement les liens entre les morceaux de code et l’endroit où ils sont exécutés. Le concept de mobilité du code n ’est pas neuf, mais a gagné récemment un intérêt croissant. Les butineurs web sont capables de télécharger des programmes intégrés aux pages web, ces programmes étant exécutés localement. Par ailleurs, la technologie des agents mobiles est prévue pour autoriser les agents à migrer de manière autonome vers des nouvelles machines. Un problème majeur rencontré dans ces technologies est la sécurité : l’intégrité de la machine recevant le code ne peut pas être compromise par l’exécution de celuici. La machine doit définir une politique de sécurité qui spécifie quelles ressources sont disponibles pour le code mobile qui doit être considéré comme potentiellement malveillant. D’autre part, le système exécuteur doit mettre en vigueur une telle politique. Cet article présente une synthèse sur les différentes techniques capable de résoudre ce problème de gestion sécurisée des ressources et discute des contextes dans lesquels elles sont appropriées.
Similar content being viewed by others
References
Acharya (A.), Saltz (J.), Dynamic linking for mobile programs.Mobile Object Systems, Springer-Verlag Lecture Notes in Computer Science, 1999.
Balfanz (D.), Gong (L.), “Experience with secure multi-processing in Java”,Technical Report, Princeton University, September 1997.
Back (G.), Hsieh (W.), “Drawing the red line in Java”,in Proceedings of the 7 th Workshop on Hot Topics in Operating Systems, March 1999, IEEE Computer Society.
Back (G.), Trullmann (P.), Stoller (L.), Hsieh (W.C.), Lepreau (J.), “Java operating systems: design and implementation”,Technical Report UUCS-98-015, University of Utah, August 1999.
Campbell (R.), Sturman (D.), Tock (T.), “Mobile computing, security and delegation”,in Proceeding of the International Workshop on Multi-Dimensional Mobile Communications, November 1994, Japan.
Czajkowski (G.), Mayr (T.), “Resource control for database extensions”,Technical Report 98-1718. Cornell University, November 1998.
Czajkowski (G.), Eicken (T. von), “JRes: A resource accounting interface for Java”,in Proceedings of the 1998 ACL OOPSLA Conference, Vancouver, BC, October 1998.
Farmer (W.M.), Guttman (J.D.), Swarup (V.), “Security for mobile agents: issues and requirements”,in Proceedings of the 19th national Information Systems Security Conference, Baltimore, MD, October 1996.
Ford (B.), Hibler (M.), Lepreau (J.), Tullmann (P.), Back (G.), Clawson (S.), “Microkernels meet recursive virtual machines”,Technical Report UUCS-96-004, University of Utah, May 1996.
Ford (B.), Susarla (S.), “cpu inheritance Scheduling”,in Proc. of the Second Symposium on Operating Systems Design and Implementation, October 1996.
Fuggetta (A.), Picco (P.), Vigna (G.), Understanding code mobility,IEEE Transactions on Software Engineering,24, n° 5, May 1998.
Gong (L.), Mueller (M.), Prafullchandra (H.), Schemers (R.), “Going beyond the sandbox: an overview of the new security architecture in the Java development kit 1.2”,in Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, CA, December 1997.
Gosling (J.), Joy (B.), Steele (G.), The Java language specification,Addison-Wesley, Menlo Park, CA, 1996.
Gunter (CA.), Homeier (P.), Nettles (S.), “Infrastructure for Proof-Referencing Code”,in Proceedings of the 1997 International Conference on Theorem Proving in Higher Order Logics, Murray Hill, NJ, 1997.
Moore (J.T.), “Mobile code security techniques”,Technical Report MS-CIS-98-28, University of Pennsylvania, May 1998.
Necula (G.C.), Lee (P.), Safe, untrusted agents using proof-carrying code,in Lecture Notes in Computer Science 1419: Special Issue on Mobile Agent Security, Springer Verlag, 1998.
Tock (T.), Sturman (D.), Campbell (R.), “Security, delegation, and extensibility”,Technical Report, University of Illinois, November 1994.
Tullmann (P.), Lepreau (J.), “Nested Java processes: os structure for mobile code”, InProceedings of the 8 th ACM SIGOPS European Workshop, September 1998.
Eiken (T. von), Chang (C), Czajkowski (G.), Hawblitzel (C), Hu (D.), Spoonhower (D.), “J-Kernel: a capability-based operating system for Java”,in Secure Internet Programming: Security Issues for Distributed and Mobile Objects, Springer-Verlag Lecture Notes in Computer Science, 1999.
Wallach (D.S.), Balfanz (D.), Dean (D.), Felten (E.W.), “Extensible security architectures for Java”,in Proceedings of the 16 th Symposium on Operating Systems Principles, October 1997, Saint-Malo, France.
Wallach (D.S.), Felten (E.W.), “Understanding Java stack ins-trospection”,in Proceedings of the 1998 IEEE Symposium on Security and Privacy, Oakland, CA.
Author information
Authors and Affiliations
Corresponding authors
Rights and permissions
About this article
Cite this article
Mas-RibÉS, J.M., Macq, B. Techniques for secure execution of mobile code: a review. Ann. Télécommun. 55, 379–387 (2000). https://doi.org/10.1007/BF02994845
Received:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/BF02994845