Mobile Code and Security Issues

Mobile Code and Security Issues

E.S. Samundeeswari (Vellalar College for Women, India) and F. Mary Magdalene Jane (P.S.G.R. Krishnammal, India)
Copyright: © 2009 |Pages: 14
DOI: 10.4018/978-1-60566-366-1.ch014
OnDemand PDF Download:


Over the years computer systems have evolved from centralized monolithic computing devices supporting static applications, into client-server environments that allow complex forms of distributed computing. Throughout this evolution limited forms of code mobility have existed. The explosion in the use of the World Wide Web coupled with the rapid evolution of the platform independent programming languages has promoted the use of mobile code and at the same time raised some important security issues. This chapter introduces mobile code technology and discusses the related security issues. The first part of the chapter deals with the need for mobile codes and the various methods of categorizing them. One method of categorising the mobile code is based on code mobility. Different forms of code mobility like code on demand, remote evaluation and mobile agents are explained in detail. The other method is based on the type of code distributed. Various types of codes like Source Code, Intermediate Code, Platform-dependent Binary Code, Just-in-Time Compilation are explained. Mobile agents, as autonomously migrating software entities, present great challenges to the design and implementation of security mechanisms. The second part of this chapter deals with the security issues. These issues are broadly divided into code related issues and host related issues. Techniques like Sandboxing, Code signing and Proof carrying code are widely applied to protect the hosts. Execution tracing, Mobile cryptography, Obfuscated code, Co-Operating Agents are used to protect the code from harmful agents. The security mechanisms like language support for safety, OS level security and safety policies are discussed in the last section. In order to make the mobile code approach practical, it is essential to understand mobile code technology. Advanced and innovative solutions are to be developed to restrict the operations that mobile code can perform but without unduly restricting its functionality. It is also necessary to develop formal, extremely easy to use safety measures.
Chapter Preview

Mobile Code

Mobile code consists of small pieces of software, obtained from remote systems outside the enclave boundary, transferred across a network, and then downloaded and executed on a local system without explicit installation or execution by the recipient.

The mobile code paradigm encompasses programs that can be executed on one or several hosts other than the one that they originate from. Mobility of such programs implies some built-in capability for each piece of code to travel smoothly from one host to another. A mobile code is associated with at least two parties: its producer and its consumer – the consumer being the host that runs the code.

Examples of mobile code include a Java script embedded within an HTML page, a Visual-Basic script contained in a WORD document, an HTML Help file, an ActiveX Control, a Java applet, a transparent browser plug-in or DLL, a new document viewer installed on demand, an explicitly downloaded executable binary, etc. Since mobile code runs in the execution context of the user that downloads the code, it can issue any system calls that the user is allowed to make, including deleting files, modifying configurations or registry entries, ending emails, or installing back-door programs in the home directory. The most common type of malicious mobile code is email attachment.

Mobile code systems range from simple applets to intelligent software agents. These systems offer several advantages over the more traditional distributed computing approaches like flexibility in software design beyond the well established object oriented paradigm and bandwidth optimization. As usual, increased flexibility comes with a cost that is increased vulnerability in the face of malicious intrusion scenarios akin to Internet. Possible vulnerabilities with mobile code fall in one of two categories: attacks performed by a mobile program against the remote host on which the program is executed as with malicious applets or ActiveX programs, and the less classical category of attacks due to the subversion of the mobile code and its data by the remote execution environment.

Advantages of Mobile Code

Here are some possible advantages of mobile code:

  • Eliminates configuration, installation problems and reduces software distribution costs of desktop applications

  • The code is potentially portable to many platforms

  • Enhances the scalability of client/server applications

  • Achieves performance advantages

  • Achieves interoperability of distributed applications

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Milena Head, Eldon Y. Li
Milena Head, Eldon Y. Li
Chapter 1
Jan H. Kietzmann
The recent evolution of mobile auto-identification technologies invites firms to connect to mobile work in altogether new ways. By strategically... Sample PDF
For Those About to Tag
Chapter 2
Adrian Lawrence, Jane Williams
As commercial interest in LBS increases, legal and regulatory bodies are becoming increasingly interested in the extent to which use of LBS may... Sample PDF
Privacy and Location-Based Mobile Services: Finding a Balance
Chapter 3
Dietmar G. Wiedemann, Wolfgang Palka, Key Pousttchi
A sizeable body of research on mobile payment evolved in recent years. Researchers analyzed success factors and acceptance criteria as well as... Sample PDF
Business Models for Mobile Payment Service Provision and Enabling
Chapter 4
Mikko Pynnonen, Jukka Hallikas, Petri Savolainen, Karri Mikkonen
In a digital home a so-called multi-play system integrates networked entertainment and communications systems. Using a mobile phone, all those... Sample PDF
Ubiquitous Communication: where is the Value Created in the Multi-Play Value Network?
Chapter 5
Adam Vrechopoulos, Michail Batikas
Mobile government transform many of the traditional governance practices. The citizens’ adoption of M-Government services (e.g. voting, tax... Sample PDF
Predicting the Adoption of Mobile Government Services
Chapter 6
Katarzyna Wac, Richard Bults, Bert-Jan van Beijnum, Hong Chen, Dimitri Konstantas
Mobile service providers (MoSPs) emerge, driven by the ubiquitous availability of mobile devices and wireless communication infrastructures. MoSPs’... Sample PDF
Towards Mobile Web 2.0-Based Business Methods: Collaborative QoS-Information Sharing for Mobile Service Users
Chapter 7
Giangluigi Me, Daniele Pirro, Roberto Sarrecchia
Currently the most popular attacks to the E-Banking Web applications target the authentication systems relying on the single-side client... Sample PDF
Strong Authentication for Financial Services: PTDs as a Compromise Between Security and Usability
Chapter 8
Antonio Ruiz-Martinez, Daniel Sanchez-Martinez, Maria Martinez-Montesinos, Antonio Gomez-Skarmeta
Non-repudiation is an important issue in mobile business and mobile commerce in order to provide the necessary evidences to prove whether some party... Sample PDF
Mobile Signature Solutions for Guaranteeing Non-Repudiation in Mobile Business and Mobile Commerce
Chapter 9
Soe-Tsyr Yuan, Fang-Yu Chen
Peer-to-Peer applications harness sharing between free resources (storage, contents, services, human presence, etc.). Most existing wireless P2P... Sample PDF
UbiSrvInt: A Context-Aware Fault-Tolerance Approach for WP2P Service Provision
Chapter 10
Dianne Cyr, Milena Head, Alex Ivanov
Anytime anywhere services offered through mobile commerce hold great potential to serve customers in wireless environments. However, there is... Sample PDF
Perceptions of Mobile Device Website Design: Culture, Gender and Age Comparisons
Chapter 11
Douglass J. Scott, Constantinos K. Coursaris, Yuuki Kato, Shogo Kato
This study compared the exchange of emotional content in PC and mobile e-mail in business-related discussions. Forty American business people were... Sample PDF
The Exchange of Emotional Content in Business Communications: A Comparison of PC and Mobile E-Mail Users
Chapter 12
Carla Ruiz-Mafe, Silvia Sanz-Blas, Adrian Broz-Lofiego, Daniel Marchuet
The chapter aims to present an in-depth study of the factors influencing Mobile Internet adoption. The authors analyse the influence of Internet use... Sample PDF
Mobile Internet Adoption by Spanish Consumers
Chapter 13
Mahil Carr
This chapter introduces concepts, frameworks and possible models for introducing mobile payments in India. The introductory section defines mobile... Sample PDF
Framework for Mobile Payment Systems in India
Chapter 14
E.S. Samundeeswari, F. Mary Magdalene Jane
Over the years computer systems have evolved from centralized monolithic computing devices supporting static applications, into client-server... Sample PDF
Mobile Code and Security Issues
Chapter 15
Tommi Pelkonen
This chapter describes the Finnish mobile telecommunications industry trends and prospects. In addition, it presents two theoretical frameworks... Sample PDF
Finland: Internationalization as the key to Growth and M-Commerce Success
Chapter 16
Dickson K.W. Chiu, S.C. Cheun, Ho-Fung Leung
In a service-oriented enterprise, the professional workforce such as salespersons and support staff tends to be mobile with the recent advances in... Sample PDF
Mobile Workforce Management in a Service-Oriented Enterprise: Capturing Concepts and Requirements in a Multi-Agent Infrastructure
Chapter 17
Dawn-Marie Turner, Sunil Hazari
Wireless technology has broad implications for the healthcare environment. Despite its promise, this new technology has raised questions about... Sample PDF
Bringing Secure Wireless Technology to the Bedside: A Case Study of Two Canadian Healthcare Organizations
About the Contributors