Enumeration Based Security Behavior Model Checking Algorithm

Model Carrying Code(MCC) provides a way to safe execution of untrusted code by taking both mobile code producer and consumers into consideration, where it checks mobile code security by comparing security related program behavior model with security policies. In this paper an enumeration based algorithm to checking security related behavior with respect to security policy has been given, where security behavior has been modeled as extended context free grammar and the security policy has been specified as extended FSA. Solutions to dealing with loops and recursions have been introduced. A program has been developed for implementing the algorithm, and several experiments have been done. It has been indicated that our algorithm can effectively check small scale security behavior models on the basis of simple security policies.

Modeling Fault Tolerant and Secure Mobile Agent Execution in Distributed Systems

A mobile agent is a software program which migrates from a site to another site to perform tasks assigned by a user. For the mobile agent system to support agents in various application areas, the issues regarding reliable agent execution, as well as compatibility between two different agent systems or secure agent migration, have been considered. Some of the proposed schemes are either replicating the agents (Hamidi & Mohammadi, 2005) or check-pointing the agents (Park, Byun, Kim, & Yeom, 2002; Pleisch & Schiper, 2001;) For a single agent environment without considering inter-agent communication, the performance of the replication scheme and the check-pointing scheme is compared in Park et al. (2002) and Silva, Batista, and Silva (2000). In the area of mobile agents, only few works can be found relating to fault tolerance. Most of them refer to special agent systems or cover only some special aspects relating to mobile agents, such as the communication subsystem. Nevertheless, most people working with mobile agents consider fault tolerance to be an important issue (Izatt, Chan, & Brecht, 1999; Shiraishi, Enokido, & Takzawa, 2003). Mobile agents are becoming a major trend for designing distributed systems and applications in the last few years and foreseeable future. It can bring benefits such as reduced network load and overcoming of network latency (Chan, Won, & Lyu, 1993). Nevertheless, security is one of the limiting factors of the development of these systems. The main unsolved security problem lies in the possible existence of malicious hosts that can manipulate the execution and data of agents (Defago, Schiper, & Sergent, 1998). Most distributed applications we see today are deploying the client/server paradigm. There are certain problems with the client/server paradigm, such as the requirement of a high network bandwidth, and continuous user-computer interactivity. In view of the deficiencies of the client/server paradigm, the mobile code paradigm has been developed as an alternative approach for distributed application design. In the client/server paradigm, programs cannot move across different machines and must run on the machines they reside on. The mobile code paradigm, on the other hand, allows programs to be transferred among and executed on different computers. By allowing code to move between hosts, programs can interact on the same computer instead of over the network. Therefore, communication cost can be reduced. Besides, mobile agent (Fischer, Lynch, & Paterson, 1983) programs can be designed to work on behalf of users autonomously. This autonomy allows users to delegate their tasks to the mobile agents, and not to stay continuously in front of the computer terminal. The promises of the mobile code paradigm bring about active research in its realization. Most researchers, however, agree that security concerns are a hurdle (Greenberg, Byington, & Harper, 1998). In this article, we investigate these concerns. First, we review some of the foundation materials of the mobile code paradigm. We elaborate Ghezzi and Vigna’s classification of mobile code paradigms (Ghezzi & Vigna, 1997), which is a collection of the remote evaluation, code on demand, and mobile agent approaches. In the next section, we address the current status of mobile code security. The following section presents the model for fault-tolerant mobile agent. In the next section, security issues of the mobile agent are discussed, and we discuss security modeling and evaluation for the mobile agent in the section after. In the following section, simulation results and influence of the size of agent are discussed. We then conclude the article.

Scavenger - Mobile Remote Execution

<p>This report describes the design and implementation of a mobile, peerto- peer, remote execution system called Scavenger. A peer running Scavenger is capable of automatically discovering available, unused computing resources in its vicinity, and, by means of mobile code, utilising these resources to its own good.<br />Designing a system such as Scavenger a number of challenges are raised. In this report only the two main challenges are presented: service discovery and mobile code security.<br />Service discovery in a fixed network is a well-documented process, but mobile service discovery is less so. Scavenger assumes nothing about its operating environment—it may be executing services on stationary as well as mobile peers—and it therefore needs a highly flexible service discovery protocol.</p><p>When working with mobile code, security becomes paramount since peers are executing unknown (and thus untrusted) code. Scavenger uses the Python programming language for its mobile code, and Python does not, like for example Java, have any built-in security models that enable the user to sandbox a Python process. When using such an ”insecure” programming language in a mobile code setting, other means of securing the code must be employed. This report describes the development of such a safe execution environment where mobile Python may be executed in a secure manner.</p>

Trust Management on the World Wide Web (originally published in June 1998)

This paper is included in the First Monday Special Issue: Commercial Applications of the Internet, published in July 2006. For author reflections on this paper, visit the Special Issue. As once-proprietary mission-specific information systems migrate onto the Web, traditional security analysis cannot sufficiently protect each subsystem atomically. The Web encourages open, decentralized systems that span multiple administrative domains. Trust Management (TM) is an emerging framework for decentralizing security decisions that helps developers and others in asking "why" trust is granted rather than immediately focusing on "how" cryptography can enforce it. In this paper, we recap the basic elements of Trust Management: principles, principals, and policies. We present pragmatic details of Web-based TM technology for identifying principals, labeling resources, and enforcing policies. We sketch how TM might be integrated into Web applications for document authoring and distribution, content filtering, and mobile code security. Finally, we measure today's Web protocols, servers, and clients against this model, culminating in a call for stakeholders' support in bringing automatable TM to the Web.