Abstract
Mobile code systems are technologies that allow applications to move their code, and possibly the corresponding state, among the nodes of a wide-area network. Code mobility is a flexible and powerful mechanism that can be exploited to build distributed applications in an Internet scale. At the same time, the ability to move code to and from remote hosts introduces serious security issues. These issues include authentication of the parties involved and protection of the hosts from malicious code. However, the most difficult task is to protect mobile code against attacks coming from hosts. This paper presents a mechanism based on execution tracing and cryptography that allows one to detect attacks against code, state, and execution flow of mobile software components.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
J.K. Boggs. IBM Remote Job Entry Facility: Generalize Subsystem Remote Job Entry Facility. IBM Technical Disclosure Bulletin 752, IBM, August 1973.
N. Borenstein. EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail. Technical report, First Virtual Holdings, Inc, 1994.
L. Cardelli. A language with distributed scope. Computing Systems, 8(1):27–59, 1995.
A. Carzaniga, G.P. Picco, and G. Vigna. Designing Distributed Applications with Mobile Code Paradigms. In R. Taylor, editor, Proc. of the 19 thInt. Conf. on Software Engineering (ICSE’97), pages 22–32. ACM Press, 1997.
D.M. Chess, B. Grosof, C.G. Harrison, D. Levine, C. Paris, and G. Tsudik. Itinerant Agents for Mobile Computing. IEEE Personal Communication, October 1995. Also available as IBM Technical Report.
G. Cugola, C. Ghezzi, G.P. Picco, and G. Vigna. Analyzing Mobile Code Languages. In J. Vitek and C. Tschudin, editors, Mobile Object Systems: Towards the Programmable Internet, volume 1222 of LNCS, pages 93–111. Springer, April 1997.
W.M. Farmer, J.D. Guttman, and V. Swarup. Security for Mobile Agents: Authentication and State Appraisal. In Springer, editor, Proc. of the 4 thEuropean Symp. on Research in Computer Security, volume 1146 of LNCS, pages 118–130, Rome, Italy, September 1996.
W.M. Farmer, J.D. Guttman, and V. Swarup. Security for Mobile Agents: Issues and Requirements. In Proc. of the 19 thNational Information Systems Security Conf., pages 591–597, Baltimore, MD, USA, October 1996.
A. Freier, P. Karlton, and P. Kocher. The SSL Protocol — Version 3.0. Internet Draft, March 1996.
A. Fuggetta, G.P. Picco, and G. Vigna. Understanding Code Mobility. IEEE Transactions on Software Engineering, 1998. to appear.
S. Garfinkel and G. Spafford. Practical UNIX and Internet Security, chapter Tips on Writing SUID/SGID Programs, pages 716–718. O’Reilly, 1996.
R.S. Gray. Agent Tcl: A transportable agent system. In Proc. of the CIKM Workshop on Intelligent Information Agents, Baltimore, Md., December 1995.
R.S. Gray. Agent Tcl: A flexible and secure mobile agent system. In Proc. of the 4 thAnnual Tcl/Tk Workshop, pages 9–23, Monterey, Cal., July 1996.
F. Hohl. An approach to Solve the Problem of Malicious Hosts in Mobile Agent Systems, 1997.
ITU-T. Information Technology-Open Systems Interconnection-The Directory: Authentication Framework. ITU-T Recommendation X.509, November 1993.
D.B. Lange and D.T. Chang. IBM Aglets Workbench—Programming Mobile Agents in Java. IBM Corp. White Paper, September 1996.
S. Lucco, O. Sharp, and R. Wahbe. Omniware: A Universal Substrate for Web Programming. In Proc. of the 4 thInt. World Wide Web Conf., Boston, Massachusetts, USA, December 1995.
L. Wall, T. Christiansen, and R. Schwartz. Programming Perl. O’Reilly, 2nd edition, 1996.
Sun Microsystems. The Java Language: An Overview. Technical report, Sun Microsystems, 1994.
J. Ordille. When agents roam, who can you trust? In Proc. of the First Conf. on Emerging Technologies and Applications in Communications, May 1996.
J. Ousterhout, J. Levy, and B. Welch. The Safe-Tcl Security Model. Technical report, Sun Microsystems, November 1996. Printed in this volume.
R.L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Comm. of the ACM, 21(2):120–126, February 1978.
T. Sander and C. Tschudin. Towards Mobile Cryptography. In Proceedings of the 1998 IEEE Symposium on Security and Privacy, Oakland, CA, May 1998.
B. Schneier. Applied Cryptography — Protocols, Algorithms, and Source Code in C. John Wiley & Sons, Inc., 2nd edition, 1996.
K.B. Sriram. Hashjava — A Java Applet Obfuscator. http://www.sbketch.org/hash-java.html, July 1997.
J.W. Stamos and D.K. Gifford. Implementing Remote Evaluation. IEEE Trans. on Software Engineering, 16(7):710–722, July 1990.
L.D. Stein. The World Wide Web Security FAQ. http://www.w3.org/Security/-Faq/, January 1998.
J. Tardo and L. Valente. Mobile agent security and Telescript. In Proc. of IEEE COMPCON’96, February 1996.
C. Tschudin. An Introduction to the M0 Messenger Language. Univ. of Geneva, Switzerland, 1994.
J.E. White. Telescript Technology: Mobile Agents. In J. Bradshaw, editor, Software Agents. AAAI Press/MIT Press, 1996.
U.G. Wilhelm. Cryptographically Protected Objects. Technical report, Ecole Polytechnique Fédérale de Lausanne, Switzerland, 1997.
F. Yellin. Low Level Security in Java. Technical report, Sun Microsystems, 1995.
P. Zimmerman. PGP User’s Guide, March 1993.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Vigna, G. (1998). Cryptographic Traces for Mobile Agents. In: Vigna, G. (eds) Mobile Agents and Security. Lecture Notes in Computer Science, vol 1419. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68671-1_8
Download citation
DOI: https://doi.org/10.1007/3-540-68671-1_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64792-8
Online ISBN: 978-3-540-68671-2
eBook Packages: Springer Book Archive