Protecting network users in mobile code systems

Conventional access control mechanisms are rather insensitive to occurrences of context-dependent illegal accesses. Insensitivity to context-dependent accesses may lead to failure to protect network users and resources. Context-dependent illegal accesses resulting from data and privilege flows in open networks cannot be prevented by either authentication or access control mechanisms since unauthorized access need not be attempted. In this paper we present a protection model which tracks data and privilege flows in mobile code systems. It can uniformly define various types of illegal access patterns and has the advantage of preventing contextdependent illegal accesses such as those caused by inadvertent execution of remote mobile code containing viruses or Trojan Horses. The proposed flow control model is expected to complement the conventional model for access control. r 2003 Elsevier Inc. All rights reserved.