Viewer's Discretion: Host Security in Mobile Code Systems

Mobile code computation is a new paradigm for structuring distributed systems. Mobile programs migrate from remote sites to a host, and interact with the resources and facilities local to that host. This new mode of distributed computation promises great opportunities for electronic commerce, mobile computing, and information harvesting. There has been a general consensus that security is the key to the success of mobile code computation. In this paper, we survey the issues surrounding the protection of a host from potentially hostile mobile programs. Decades of research in operating systems has provided signiicant experience and insight into the nature of system security. Before we propose any new security model for mobile code systems, it is wise to question why the existing protection mechanisms found in distributed operating systems do not fully address the security needs of mobile code systems. We propose three security challenges that are distinctive of the mobile code phenomenon, namely, the establishment of anonymous trust (establishing trust with programs from unfamiliar origin), layered protection (establishing ne-grained protection boundaries among mutually-distrusting parts of the same process), and implicit acquisition (coping with the implicit nature of mobile program acquisition). We also survey various approaches to protection in existing mobile code systems. We classify protection approaches into four categories: discretion, veriication, transformation , and arbitration. We evaluate each category by looking at how well they address the security needs of mobile code computation.