Segurança de Código Móvel no Ambiente µCODE
Abstract
Code mobility is an alternative approach to the implementation of distributed systems. It presents several advantages over conventional server/client architecture as greater flexibility and reduced bandwidth consumption. On the other hand, having a host executing an unknown piece of code, coming from a possible unknown place is a threat to the system security. In this paper we describe the implementation of security features using code signature and permissions on top of a pre-existing API that supports code mobility for Java programs. The new API, built on top of µCode is called safe-µCode.
Keywords:
Mobile Code, Security
References
CUGOLA, G., GHEZZI, C., PICCO, G. P., and VIGNA, G. (1997). Analyzing mobile code languages. In Mobile Object Systems: Towards the Programmable Internet, pages 93-110. Springer-Verlag: Heidelberg, Germany.
FUGGETTA, A., PICCO, G. P., and VIGNA, G. (1998). Understanding code mobility. IEEE Transactions on Software Engineering, 24(5).
GONG, L. (1999). Inside Java 2 Plataform Security Architecture, API Design and Implementation. Addison Wesley Longman Inc, Palo Alto CA USA.
McGRAW, G. and FELTEN, E. W. (1998). Mobile code and security. IEEE Internet Computing.
PICCO, G. P. (1998). µCODE: A lightweight and flexible mobile code toolkit. In Mobile Agents Proceedings of the 2nd International Workshop on Mobile Agents, volume 1477 of ISBN 3-540-64959-X, pages 160-171, Stuttgart (Germany). K. Rothermel and F. Holh.
SCHODER, D. and EYMANN, T. (2000). The real challenges of mobile agents. Communications of the ACM, 43(6).
TANENBAUM, A. S. and STEEN, M. v. (2002). Distributed Systems Principles and Paradigms. Prentice Hall, Upper Saddle River, New Jersey 07458.
WANGHAN, M. S. and FRAGA, J. d. S. (2001). (mini-curso) agentes móveis x segurança. Universidade Federal de Santa Catarina UFSC. Simpósio sobre Segurança em Informação SSI 2001.
FUGGETTA, A., PICCO, G. P., and VIGNA, G. (1998). Understanding code mobility. IEEE Transactions on Software Engineering, 24(5).
GONG, L. (1999). Inside Java 2 Plataform Security Architecture, API Design and Implementation. Addison Wesley Longman Inc, Palo Alto CA USA.
McGRAW, G. and FELTEN, E. W. (1998). Mobile code and security. IEEE Internet Computing.
PICCO, G. P. (1998). µCODE: A lightweight and flexible mobile code toolkit. In Mobile Agents Proceedings of the 2nd International Workshop on Mobile Agents, volume 1477 of ISBN 3-540-64959-X, pages 160-171, Stuttgart (Germany). K. Rothermel and F. Holh.
SCHODER, D. and EYMANN, T. (2000). The real challenges of mobile agents. Communications of the ACM, 43(6).
TANENBAUM, A. S. and STEEN, M. v. (2002). Distributed Systems Principles and Paradigms. Prentice Hall, Upper Saddle River, New Jersey 07458.
WANGHAN, M. S. and FRAGA, J. d. S. (2001). (mini-curso) agentes móveis x segurança. Universidade Federal de Santa Catarina UFSC. Simpósio sobre Segurança em Informação SSI 2001.
Published
2005-09-26
How to Cite
SILVA, Leonardo Souza; DELAMARO, Márcio Eduardo; ARAÚJO, Rodrigo Fraxino de.
Segurança de Código Móvel no Ambiente µCODE. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 5. , 2005, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2005
.
p. 279-282.
DOI: https://doi.org/10.5753/sbseg.2005.21552.
