skip to main content
10.1145/1083200.1083210acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicseConference Proceedingsconference-collections
Article

Enabling control over adaptive program transformation for dynamically evolving mobile software validation

Published: 15 May 2005 Publication History

Abstract

Many researchers are investigating the use of adaptive program transformation as a way to efficiently improve program performance. Performance improving transformations are performed at runtime to adapt to the possibly changing runtime characteristics of the program. Leveraging this kind of program transformation on multiple hosts can achieve these same performance gains while reducing the overhead to apply the transformations on the local machine running the program. The reduction in overhead is obtained by distributing the responsibilities for the transformation process to multiple hosts throughout the network. The use of this technology could greatly benefit applications running on networked computation nodes; however, one must first establish confidence in the secure generation and distribution of the transformed versions of the original program before acceptance and execution can occur for many network environments.Since programs are being transformed dynamically, traditional program validation methods such as checksums and digital signatures will be unable to efficiently meet the security needs of this possibly itinerant, transforming software. New validation methods must be developed in order to allow future software to avail itself of the advantages that dynamic program modification may provide while mitigating potential security risks. In this paper, we present our framework to validate dynamically-transforming software in a manner that enables the system to restrict how the software can transform as it executes on a network of hosts. Our prototype system utilizes specification languages to communicate program transformations and controls for those transformations on hosts in the system. This first step towards validating evolving mobile code before transformation occurs, will make dynamically-transforming software a safe and viable future technology.

References

[1]
A. W. Appel. Foundational Proof-Carrying code. In Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science (LICS-01), pages 247--258, Los Alamitos, CA, June 16--19 2001. IEEE Computer Society.]]
[2]
M. Arnold, S. Fink, D. Grove, M. Hind, and P. F. Sweeney. Adaptive optimization in the Jalapeño JVM. In Proceedings of the 15th ACM SIGPLAN Conference on Object-oriented programming, systems, languages, and applications, pages 47--65. ACM Press, 2000.]]
[3]
M. Arnold, M. Hind, and B. G. Ryder. Online feedback-directed optimization of Java. In Proceedings of the 17th ACM SIGPLAN Conference on Object-oriented programming, systems, languages, and applications. ACM Press, 2002.]]
[4]
V. Bala, E. Duesterwald, and S. Banerjia. Dynamo: a transparent dynamic optimization system. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation, pages 1--12. ACM Press, 2000.]]
[5]
E. Bierman and E. Cloete. Classification of malicious host threats in mobile agent computing. In Proceedings of the Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology, 2002.]]
[6]
Bluetooth SIG. Specification of the Bluetooth System. http://www.bluetooth.org, 2003.]]
[7]
A. A. Cardenas, S. Radosavac, and J. S. Baras. Detection and prevention of mac layer misbehavior for ad hoc networks. Technical Report SEIL TR 2004-4, University of Maryland College Park, 2004.]]
[8]
D. M. Chess. Security issues in mobile code systems. In G. Vigna, editor, Mobile Agents and Security, volume 1419 of Lecture Notes in Computer Science. Springer-Verlag, 1998.]]
[9]
M. Christodorescu and S. Jha. Static analysis of executables to detect malicious patterns. In Proceedings of the 11th USENIX Security Symposium, pages 169--186, Aug. 2003.]]
[10]
M. Cierniak, G.-Y. Lueh, and J. M. Stichnoth. Practicing JUDO: Java under dynamic optimizations. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation (PLDI-00), volume 35.5 of ACM Sigplan Notices, pages 13--26, June 2000.]]
[11]
C. Colby, K. Crary, R. Harper, P. Lee, and F. Pfenning. Automated techniques for provable safe mobile code. Theoretical Computer Science, 290:1175--1199, 2003.]]
[12]
P. T. Devanbu and S. Stubblebine. Software engineering for security: A roadmap. In Proceedings of the Conference on The Future of Software Engineering. ACM Press, 2000.]]
[13]
K. Ebcioǧlu and E. R. Altman. DAISY: Dynamic compilation for 100% architectural compatibility. In Proceedings of the 24th Annual International Symposium on Computer Architecture, pages 26--37. ACM SIGARCH and IEEE Computer Society TCCA, June 2--4, 1997.]]
[14]
R. El-Khalil and A. D. Keromytis. Hydan: Hiding information in program binaries. In Proceedings of the 6th International Conference on Information and Communications Security. ICISA, Springer-Verlag, Oct. 2004.]]
[15]
M. A. Fecko, U. C. Kozat, S. Samtani, M. Ümit Uyar, and I. Höklek. Reliable and dynamic access to service in battlefield ad hoc networks. In Proceedings - IEEE Military Communications Conference MILCOM. IEEE, Nov. 2004.]]
[16]
S. Horwitz, T. Reps, and D. Binkley. Interprocedural slicing using dependence graphs. ACM Trans. Program. Lang. Syst., 12(1):26--60, 1990.]]
[17]
M. Jochen, L. Marvel, and L. L. Pollock. A framework for tamper detection marking of mobile applications. In Proceedings of the Fourteenth International Symposium on Software Reliability Engineering (ISSRE). IEEE, Nov. 2003.]]
[18]
M. Jochen, L. Marvel, and L. L. Pollock. Tamper detection marking for object files. In Proceedings - IEEE Military Communications Conference MILCOM. IEEE, Oct. 2003.]]
[19]
Y. Kanzaki, A. Monden, M. Nakamura, and K. Matsumoto. Exploiting self-modification mechanism for program protection. In Proceedings of the 27th Annual International Computer Software and Applications Conference. IEEE, 2003.]]
[20]
N. M. Karnik and A. R. Tripathi. Security in the Ajanta mobile agent system. Software-Practice and Experience, 31(4):301--329, Apr. 2001.]]
[21]
H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authentication. RFC 2104, 1997.]]
[22]
G. McGraw and G. Morrisett. Attacking malicious code: A report to the Infosec Research Council. IEEE Software, 17(5):33--41, Sept./Oct. 2000.]]
[23]
S. S. Muchnick. Advanced Compiler Design and Implementation. Morgan Kaufmann, 2000.]]
[24]
National Institute of Standards and Technology. Digital signature standard. NIST FIPS PUB 186, 1994.]]
[25]
G. C. Necula. Proof-carrying code. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages (POPL-97), Jan. 1997.]]
[26]
M. G. Pleszkoch and R. C. Linger. Improving network system security with function extraction technology for automated calculation of program behavior. In Proceedings of the 37th Annual Hawaii International Conference on System Sciences. IEEE, 2004.]]
[27]
R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, Feb. 1978.]]
[28]
M. M. Tikir and J. K. Hollingsworth. Efficient instrumentation for code coverage testing. In Proceedings of the International Symposium on Software Testing and Analysis, pages 86--96. ACM Press, 2002.]]
[29]
M. J. Voss and R. Eigemann. High-level adaptive program optimization with ADAPT. In Proceedings of the eighth ACM SIGPLAN symposium on Principles and practices of parallel programming, pages 93--102. ACM Press, 2001.]]
[30]
D. L. Whitfield and M. L. Soffa. An approach for exploring code improving transformations. ACM Transactions on Programming Languages and Systems, 19(6):1053--1084, Nov. 1997.]]

Cited By

View all
  • (2011)The Implementation of FPGA-based RSA Public-key Algorithm and its Application in Mobile-phone SMS Encryption SystemProceedings of the 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control10.1109/IMCCC.2011.178(700-703)Online publication date: 21-Oct-2011

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SESS '05: Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
May 2005
112 pages
ISBN:1595931147
DOI:10.1145/1083200
  • cover image ACM SIGSOFT Software Engineering Notes
    ACM SIGSOFT Software Engineering Notes  Volume 30, Issue 4
    July 2005
    1514 pages
    ISSN:0163-5948
    DOI:10.1145/1082983
    Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 May 2005

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. computer security
  2. dynamic and adaptive program transformation
  3. integrity
  4. mobile code
  5. program analysis

Qualifiers

  • Article

Acceptance Rates

Overall Acceptance Rate 8 of 11 submissions, 73%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1
  • Downloads (Last 6 weeks)0
Reflects downloads up to 18 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2011)The Implementation of FPGA-based RSA Public-key Algorithm and its Application in Mobile-phone SMS Encryption SystemProceedings of the 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control10.1109/IMCCC.2011.178(700-703)Online publication date: 21-Oct-2011

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media