Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing

  • Xinwen Zhang
  • Francesco Parisi-Presicce
  • Ravi Sandhu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4266)


We present an approach to protect mobile code and agents at runtime using Trusted Computing (TC) technologies. For this purpose, a “mobile policy” is defined by the mobile code originator, and is enforced by the runtime environment in a remote host to control which users can run the mobile code and what kind of results a user can observe, depending on the security properties of the user. The separation of policy specification and implementation mechanism in existing mobile computing platform such as Java Runtime Environment (JRE) enables the implementation of our approach by leveraging current security technologies. The main difference between our approach and existing runtime security models is that the policies enforced in our model are intended to protect the resources of the mobile applications instead of the local system resources. This requires the remote runtime environment to be trusted by the application originator to authenticate the remote user and enforce the policy. Emerging TC technologies such as specified by the Trusted Computing Group (TCG) provide assurance of the runtime environment of a remote host.


Mobile Agent Access Control Policy Trusted Platform Module Runtime Environment Java Virtual Machine 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    AMD platform for trustworthy computing. Microsoft WinHEC (2003),
  2. 2.
    LaGrande Technology Preliminary Architecture Specification,
  3. 3.
    OASIS XACML TC. Core Specification: eXtensible Access Control Markup Language (XACML) (2005)Google Scholar
  4. 4.
    Sun’s XACML implementation,
  5. 5.
    TCG Specification Architecture Overview,
  6. 6.
    Algesheimer, J., Cashin, C., Camenisch, J., Karjoth, G.: Cryptographic Security for Mobile Code. In: IEEE Symposium On Research in Security and Privacy (2001)Google Scholar
  7. 7.
    Balfanz, D., Gong, L.: Experience with Secure Multi-Processing in Java. In: International Conference on Distributed Computing Systems (1998)Google Scholar
  8. 8.
    Cubaleska, B., Scheider, M.: Applying Trust Policies for Protecting Mobile Agents Aganist DoS. In: 3rd Workship on Policies for Distributed Systems and Networks (2002)Google Scholar
  9. 9.
    Gong, L., Gary, E., Mary, D.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, Reading (2003)Google Scholar
  10. 10.
    Gong, L., Mueller, M., Prafullchandra, H., Schemers, R.: Going Beyond the Sandbox: An Overview of the New Security Arthitecture in the Java Development Kit 1.2. In: USENIX Symposium on Internet Technologies and Systems (1997)Google Scholar
  11. 11.
    Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation - a virtual machine directed approach to trusted computing. In: Proc. of the Third virtual Machine Research and Technology Symposium. USENIX (2004)Google Scholar
  12. 12.
    Hauswirth, M., Kerer, C., Kurmanowytsch, R.: A Secure Execution Framework for Java. In: Proc. of ACM Computer and Communication Security (2000)Google Scholar
  13. 13.
    Hohl, F.: Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, p. 92. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    Jajodia, S., Samarati, P., Subrahmanian, V., Bertino, E.: A Unified Framework for Enforcing Multiple Access Control Policies. In: ACM SIGMOD (1997)Google Scholar
  15. 15.
    Lai, C., Gong, L., Koved, L., Nadalin, A., Schemers, R.: User Authentication and Authorization in the Java Platform. In: Annual Computer Security Applications Conference (1999)Google Scholar
  16. 16.
    LaMacchia, B., Lange, S., Lyons, M., Martin, R., Price, K.: Net Framework Security. Addison-Wesley, Reading (2002)Google Scholar
  17. 17.
    Lee, P., Necula, G.: Research on Proof-carry Code for Mobile Code Security. In: DARPA workshop on Foundation for Secure Mobile Code (1997)Google Scholar
  18. 18.
    Liang, Z., Venkatakrishan, V.N., Sekar, R.: Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs. In: Annual Computer Security Applications Conference (2003)Google Scholar
  19. 19.
    McGraw, G., Felten, E.: Securing Java: Getting Down to Business with Mobile Code. Wiley, Chichester (1999), Google Scholar
  20. 20.
    McGraw, G., Morrisett, G.: Attacking Malicious Code: A Report to the Infosec Research Council. IEEE Software 17(5) (September/October 2000)Google Scholar
  21. 21.
    Oaks, S.: Java Security. O’Reilly, Sebastopol (2001)Google Scholar
  22. 22.
    Sander, T., Tschudin, C.F.: Protecting Mobile Agent against Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, p. 44. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  23. 23.
    TCPA Design Philosphies and Concepts,
  24. 24.
    Trusted Computing Group Home,
  25. 25.
    Venkatakrishnan, V., Peri, R., Sekar, R.: Empowering Mobile Code Using Expressive Security Policies. In: New Security Paradigms Workshop (2002)Google Scholar
  26. 26.
    Vigna, G.: Protecting Mobile Agents Through Tracing. In: Proc. of the Workshop on Mobile Object systems (1997)Google Scholar
  27. 27.
    Wallach, D.S., Felten, E.: Understand Java Stack Inspection. In: IEEE Symposium On Research in Security and Privacy (1998)Google Scholar
  28. 28.
    Yee, B.: A Sanctuary for Mobile Agents. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  29. 29.
    Zachry, J.: Protecting Mobile Code in the Wild. IEEE Internet Computing (March/April 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Xinwen Zhang
    • 1
  • Francesco Parisi-Presicce
    • 1
  • Ravi Sandhu
    • 1
  1. 1.George Mason UniversityFairfaxUSA

Personalised recommendations