The Sanctuary mobile code system includes security mechanisms for protecting mobile agents from malicious servers as well as mechanisms for protecting mobile agent servers from malicious mobile code. To protect remotely executed mobile code, we integrate several key approaches: (1) security attributes certification to enable mobile code to avoid nodes in the agent-server network that are untrustworthy, as determined by user-centric security policies; (2) forward secure cryptography to improve detection of malicious tampering by servers; and (3) defining separate roles for agent author and agent owner, which justifies restricted delegation and external reference monitors with owner-provided agents to limit potential damage caused by buggy or compromised agent code. Simply put, we enable mobile code to avoid trouble when possible, and to detect trouble when it is unavoidable. We examine security-aware itinerary planning as a means to supplement these approaches, and describe our analysis of this problem. Our server uses well known approaches to defend itself from malicious code, and custom extensions that address the security needs of the mobile code itself. This paper describes our mechanisms and how they are integrated into the Sanctuary mobile code system.
The authors of these documents have submitted their reports to this technical report series for the purpose of non-commercial dissemination of scientific work. The reports are copyrighted by the authors, and their existence in electronic format does not imply that the authors have relinquished any rights. You may copy a report for scholarly, non-commercial purposes, such as research or instruction, provided that you agree to respect the author's copyright. For information concerning the use of this document for other than research or instructional purposes, contact the authors. Other information concerning this technical report series can be obtained from the Computer Science and Engineering Department at the University of California at San Diego, firstname.lastname@example.org.
[ Search ]