Security Risks in Java-based Mobile Code Systems
نویسندگان
چکیده
Java is the predominant language for mobile agent systems, both for implementing mobile agent execution environments and for writing mobile agent applications. This is due to inherent support for code mobility by means of dynamic class loading and separable class name spaces, as well as a number of security properties, such as language safety and access control by means of stack introspection. However, serious questions must be raised whether Java is actually up to the task of providing a secure execution environment for mobile agents. At the time of writing, it has neither resource control nor proper application separation. In this article we take an in-depth look at Java as a foundation for secure mobile agent systems.
منابع مشابه
A Supporting Tool to Identify both Satisfied Requirements and Tolerant Threats for a Java Mobile Code Application
A mobile code application can be easily integrated by using existing software components, thus it is one of the promising ways to develop software efficiently. However, using a mobile code application sometimes follows harmful effects on valuable resources of users because malicious codes in such an application can be activated. Therefore, users of mobile code applications have to identify both...
متن کاملSecure Mediation with Mobile Code
A mediator helps a client of a distributed information system to acquire data without contacting each datasource. We show how mobile code can be used to ensure confidentiality of data in a secure mediation system. We analyze what advantages mobile code has over mobile data for secure mediation. We present a Java implementation of a system that mediates SQL queries. Security risks for the client...
متن کاملProof Linking: An Architecture for Modular Veri cation of Dynamically-Linked Mobile Code
Security aws are routinely discovered in commercial implementations of mobile code systems such as the Java Virtual Machine (JVM). Typical architectures for such systems exhibit complex interdependencies between the loader, the ver-iier, and the linker, making them diicult to craft, validate, and maintain. This reveals a software engineering challenge that is common to all mobile code systems i...
متن کاملA flexible and extensible security framework for Java code
Any piece of code which is run on a computer system can potentially threaten the security, privacy, and integrity of the system and its users. This truism has gained new importance with the introduction of mobile code systems such as Java applets and mobile agent platforms, in which code may be loaded from outside sources on-the-fly and executed in the user's environment. Thus mobile code syste...
متن کاملSecurity in Untrusted Code Environments: Missing Pieces of the Puzzle
Security enforcement mechanisms for controlling the execution of untrusted component code have evolved away from the strict sandbox confinement toward more flexible code access security. Although the added flexibility has enabled richer functionality and support for more fine-grained policies, component-based security architectures such as Java and .NET still fail to provide several essential f...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Scalable Computing: Practice and Experience
دوره 7 شماره
صفحات -
تاریخ انتشار 2006