Mobile Code and Security

Song Fu and Cheng-Zhong Xu, Wayne State University

Introduction

History of Code Mobility

Types of Mobile Code

Security Concerns

A Survey of Mobile Code Systems

A System Structure for Code Mobility

Taxonomy of Code Mobility Mechanisms

Survey of Representative Systems

Standardization Efforts

Design Issues in Mobile Code

Migration

Communication

Naming and Name Resolution

Security

Research Challenges of Mobile Agent Security

Protection of Agent Hosts

Protection of Mobile Agents

Secure Agent Communication and Navigation

Secure Control of Cloned Agents

Agent Host Protection

Security Requirements

Agent Authentication

Privilege Delegation and Agent Authorization

Agent-Oriented Access Control

Proof-Carrying Code

Mobile Agent Protection

Security Requirements

Integrity Detection

Cryptographic Protection of Mobile Agents

Conclusions

Glossary

Cross References

References

INTRODUCTION

Mobile code, as its name implies, refers to programs that function as they are transferred from one machine to the other. Code mobility opens up vast opportunities for the development of distributed applications and it has been widely exploited. For example, script programs in ActiveX or Javascript are mobile codes that are widely used to realize dynamic and interactive Web pages. One of the most practical uses of such mobile codes is validating online forms. That is, a Javascript code embedded in hypertext markup language (HTML) form pages can help check what a user enters into a form, ...