Abstract
We present an approach to protect mobile code and agents at runtime using Trusted Computing (TC) technologies. For this purpose, a “mobile policy” is defined by the mobile code originator, and is enforced by the runtime environment in a remote host to control which users can run the mobile code and what kind of results a user can observe, depending on the security properties of the user. The separation of policy specification and implementation mechanism in existing mobile computing platform such as Java Runtime Environment (JRE) enables the implementation of our approach by leveraging current security technologies. The main difference between our approach and existing runtime security models is that the policies enforced in our model are intended to protect the resources of the mobile applications instead of the local system resources. This requires the remote runtime environment to be trusted by the application originator to authenticate the remote user and enforce the policy. Emerging TC technologies such as specified by the Trusted Computing Group (TCG) provide assurance of the runtime environment of a remote host.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
AMD platform for trustworthy computing. Microsoft WinHEC (2003), http://www.microsoft.com/whdc/winhec/pres03.mspx
LaGrande Technology Preliminary Architecture Specification, http://www.intel.com/technology/security/downloads/PRELIM-LT-SPEC_D52212.htm
OASIS XACML TC. Core Specification: eXtensible Access Control Markup Language (XACML) (2005)
Sun’s XACML implementation, http://sunxacml.sourceforge.net/
TCG Specification Architecture Overview, https://www.trustedcomputinggroup.org
Algesheimer, J., Cashin, C., Camenisch, J., Karjoth, G.: Cryptographic Security for Mobile Code. In: IEEE Symposium On Research in Security and Privacy (2001)
Balfanz, D., Gong, L.: Experience with Secure Multi-Processing in Java. In: International Conference on Distributed Computing Systems (1998)
Cubaleska, B., Scheider, M.: Applying Trust Policies for Protecting Mobile Agents Aganist DoS. In: 3rd Workship on Policies for Distributed Systems and Networks (2002)
Gong, L., Gary, E., Mary, D.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, Reading (2003)
Gong, L., Mueller, M., Prafullchandra, H., Schemers, R.: Going Beyond the Sandbox: An Overview of the New Security Arthitecture in the Java Development Kit 1.2. In: USENIX Symposium on Internet Technologies and Systems (1997)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation - a virtual machine directed approach to trusted computing. In: Proc. of the Third virtual Machine Research and Technology Symposium. USENIX (2004)
Hauswirth, M., Kerer, C., Kurmanowytsch, R.: A Secure Execution Framework for Java. In: Proc. of ACM Computer and Communication Security (2000)
Hohl, F.: Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, p. 92. Springer, Heidelberg (1998)
Jajodia, S., Samarati, P., Subrahmanian, V., Bertino, E.: A Unified Framework for Enforcing Multiple Access Control Policies. In: ACM SIGMOD (1997)
Lai, C., Gong, L., Koved, L., Nadalin, A., Schemers, R.: User Authentication and Authorization in the Java Platform. In: Annual Computer Security Applications Conference (1999)
LaMacchia, B., Lange, S., Lyons, M., Martin, R., Price, K.: Net Framework Security. Addison-Wesley, Reading (2002)
Lee, P., Necula, G.: Research on Proof-carry Code for Mobile Code Security. In: DARPA workshop on Foundation for Secure Mobile Code (1997)
Liang, Z., Venkatakrishan, V.N., Sekar, R.: Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs. In: Annual Computer Security Applications Conference (2003)
McGraw, G., Felten, E.: Securing Java: Getting Down to Business with Mobile Code. Wiley, Chichester (1999), http://www.securingjava.com
McGraw, G., Morrisett, G.: Attacking Malicious Code: A Report to the Infosec Research Council. IEEE Software 17(5) (September/October 2000)
Oaks, S.: Java Security. O’Reilly, Sebastopol (2001)
Sander, T., Tschudin, C.F.: Protecting Mobile Agent against Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, p. 44. Springer, Heidelberg (1998)
TCPA Design Philosphies and Concepts, http://www.trustedcomputing.org/home
Trusted Computing Group Home, https://www.trustedcomputinggroup.org/home
Venkatakrishnan, V., Peri, R., Sekar, R.: Empowering Mobile Code Using Expressive Security Policies. In: New Security Paradigms Workshop (2002)
Vigna, G.: Protecting Mobile Agents Through Tracing. In: Proc. of the Workshop on Mobile Object systems (1997)
Wallach, D.S., Felten, E.: Understand Java Stack Inspection. In: IEEE Symposium On Research in Security and Privacy (1998)
Yee, B.: A Sanctuary for Mobile Agents. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603. Springer, Heidelberg (1999)
Zachry, J.: Protecting Mobile Code in the Wild. IEEE Internet Computing (March/April 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, X., Parisi-Presicce, F., Sandhu, R. (2006). Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds) Advances in Information and Computer Security. IWSEC 2006. Lecture Notes in Computer Science, vol 4266. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908739_13
Download citation
DOI: https://doi.org/10.1007/11908739_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-47699-3
Online ISBN: 978-3-540-47700-6
eBook Packages: Computer ScienceComputer Science (R0)