Secure Mediation with Mobile Code

  • Joachim Biskup
  • Barbara Sprick
  • Lena Wiese
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3654)

Abstract

A mediator helps a client of a distributed information system to acquire data without contacting each datasource. We show how mobile code can be used to ensure confidentiality of data in a secure mediation system. We analyze what advantages mobile code has over mobile data for secure mediation. We present a Java implementation of a system that mediates SQL queries. Security risks for the client and the mobile code are delineated; offending the integrity of its own data is identified as a special type of attack of mobile code in a mediation system. We name appropriate countermeasures and describe the amount of trust needed in our system. As an extension, we consider security in a hierarchy of mediators. Finally, we combine mobile code with mobile agent technology.

References

  1. 1.
    Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic security for mobile code. In: SP 2001: Proceedings of the IEEE Symposium on Security and Privacy 2001, pp. 2–11. IEEE Computer Society Press, Los Alamitos (2001)CrossRefGoogle Scholar
  2. 2.
    Altenschmidt, C., Biskup, J., Flegel, U., Karabulut, Y.: Secure mediation: Requirements, design and architecture. Journal of Computer Security 11(3), 365–398 (2003)CrossRefGoogle Scholar
  3. 3.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of Obfuscating Programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–19. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    The Legion of the Bouncy Castle, http://www.bouncycastle.org/
  5. 5.
    Fong, P.W.L.: Proof Linking: A Modular Verification Architecture for Mobile Code Systems. Phd thesis, Simon Fraser University, Burnaby, Canada (January 2004), See, http://www.cs.sfu.ca/research/publications/theses/
  6. 6.
    Karjoth, G., Asokan, N., Gülcü, C.: Protecting the Computation Results of Free-Roaming Agents. In: Rothermel, K., Hohl, F. (eds.) MA 1998. LNCS, vol. 1477, pp. 195–207. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    Karjoth, G., Lange, D.B., Oshima, M.: A Security Model for Aglets. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 188–205. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Loureiro, S., Molva, R., Roudier, Y.: Mobile code security. In: Proceedings of ISYPAR’2000 (4ème Ecole d’Informatique des Systèmes Parallèles et Répartis), Toulouse, France, pp. 95–103 (2000)Google Scholar
  9. 9.
    Necula, G.C., Lee, P.: Safe, Untrusted Agents Using Proof-Carrying Code. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 61–91. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Peine, H.: Run-Time Support for Mobile Code. Dissertation, Universität Kaiserslautern, Fachbereich Informatik (October 2002)Google Scholar
  11. 11.
    Rivest, R.L., Adleman, L., Dertouzos, M.L.: On data banks and privacy homomorphisms. Foundations of Secure Computation, 169–179 (1978)Google Scholar
  12. 12.
    Sander, T., Tschudin, C.F.: Protecting Mobile Agents Against Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 44–60. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Wiederhold, G.: Mediators in the architecture of future information systems. IEEE Computer 25(3), 38–49 (1992)CrossRefGoogle Scholar
  14. 14.
    Wiederhold, G., Genesereth, M.: The conceptual basis for mediation services. IEEE Expert Intelligent Systems and their Applications 12(5), 38–47 (1997)Google Scholar
  15. 15.
  16. 16.
    Wiese, L.: Sichere Mediation mit mobilem Code – Implementierung und Sicherheitsanalyse. Diploma thesis (in German), Universität Dortmund, Dortmund, Germany (October 2004), http://ls6-www.cs.uni-dortmund.de/issi/archive/literature/2004/Wiese_2004.pdf
  17. 17.
    Yee, B., Tygar, J.D.: Secure coprocessors in electronic commerce applications. In: Proceedings of the First USENIX Workshop of Electronic Commerce, Berkeley, CA, USA, pp. 155–170. USENIX Assoc. (1995)Google Scholar
  18. 18.
    Young, A., Yung, M.: Malicious Cryptography – Exposing Cryptovirology. Wiley, Indianapolis (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Joachim Biskup
    • 1
  • Barbara Sprick
    • 1
  • Lena Wiese
    • 1
  1. 1.Universität DortmundDortmundGermany

Personalised recommendations