Mobile Code and Security Issues

Abstract

Over the years, computer systems have evolved from centralized monolithic computing devices supporting static applications, into client-server environments that allow complex forms of distributed computing. Throughout this evolution, limited forms of code mobility have existed. The explosion in the use of the World Wide Web, coupled with the rapid evolution of the platform-independent programming languages, has promoted the use of mobile code and, at the same time, raised some important security issues. This chapter introduces mobile code technology and discusses the related security issues. The first part of the chapter deals with the need for mobile codes and the various methods of categorising them. One method of categorising the mobile code is based on code mobility. Different forms of code mobility, like code on demand, remote evaluation, and mobile agents, are explained in detail. The other method is based on the type of code distributed. Various types of codes, like source code, intermediate code, platform-dependent binary code, and just-in-time compilation, are explained. Mobile agents, as autonomously migrating software entities, present great challenges to the design and implementation of security mechanisms. The second part of this chapter deals with the security issues. These issues are broadly divided into code-related issues and host-related issues. Techniques, like sandboxing, code signing, and proof-carrying code, are widely applied to protect the hosts. Execution tracing, mobile cryptography, obfuscated code, and cooperating agents are used to protect the code from harmful agents. The security mechanisms, like language support for safety, OS level security, and safety policies, are discussed in the last section. In order to make the mobile code approach practical, it is essential to understand mobile code technology. Advanced and innovative solutions are to be developed to restrict the operations that mobile code can perform, but without unduly restricting its functionality. It is also necessary to develop formal, extremely easy-to-use safety measures.Request access from your librarian to read this chapter's full text.