Abstract
Unlike mobile computing, in which hardware moves, mobile code moves from nodes to other nodes and can change the machines where it is executed. A paradigmatic example of such mobile code are Java applets that can be downloaded from a distant machine and executed by a virtual machine embedded in a browser. Multi-application smart cards (like Javacards) are an example of an execution environment that allows the loading and the execution of (mobile) programs into a card after its issuance. Code mobility allows the software reconfiguration without delivering a physical support, as done by Sun initially with Java to reprogram cable TV boxes, or nowadays, by Microsoft to promptly distribute software patches. PostScript files are another type of mobile programs which execute in printers to produce graphic images. Mobile code may also be used in distributed systems to adapt autonomously in order to balance loads or compensate for hardware failures (Brooks, 2004). Mobile code has received a great deal of interest as a promising solution to increase system flexibility, scalability, and reliability. However, to reach such objectives, some issues need to be matured, namely security issues. This article addresses security issues in mobile code paradigms.
TopBackground
Several mobile code paradigms have been reported (Brooks, 2004; Brooks & Orr, 2002; Fuggetta, Picco, & Vigna, 1998; Milojicic, Douglis, & Wheeler, 1999; Tennenhouse, Smith, Sincoskie, Wetherall, & Minden, 1997; Wu, Agrawal, & Abbadi, 1999). These paradigms differ on where code is executed and who determines when mobility occurs (Brooks & Orr, 2002; Brooks, 2004) and can be classified as follows:
- •
Client-Server: The user node invokes code resident on a distant node: the server or program node. This node fetches the required data from data nodes, executes the invoked program, and returns the result to the user node. Examples include the common object request broker architecture. CORBA integrates remote procedure calls (RPCs) with the object-oriented paradigm.
- •
Remote Evaluation: The user node requests the execution of code resident on a distant node. This node uploads the code to the node containing the data needed for its execution. The execution takes place in this node, and the result is then sent to the user node. Examples include CORBA, Simple Object Access Protocol (SOAP) and Web Services.
- •
Code-On-Demand: The user node requests the execution of code resident on a distant node. This code is downloaded on user node and locally executed. Examples include Java applets and Active X programs.
- •
Process Migration: The operating system dispatches processes from one node to others nodes in order to balance the load. Examples include Mosix and Sprite.
- •
Mobile Agents: The user node executes a program, called agent, which moves, along with its execution context, from node to node. The decision to move from one node to another node or to execute a specific set of operations on a particular node is made by the agent itself. The result of the execution is, at the end, transmitted within the program to the user node. There are several agent and multi-agent platforms.
- •
Active Networks: In this paradigm, the network configuration and infrastructure can be modified by the transmitted packets. Here, the packets act as mobile code. An example would be Capsules.
A mobile agent is a program that encapsulates code, data, and execution context. The mobile agent is sent by the client to another node. Unlike a procedure call, the agent does not have to return data to the client. The agent can migrate to other node, send information to the client, or come back to the client. However, the efficiency of each approach depends on network configuration and the size of programs and data files.
Key Terms in this Chapter
Mobile Agents Paradigm: In this mobile code paradigm, a program moves from site to site. It represents the current more advanced stage of mobile computing paradigms.
Process Migration Paradigm: In this mobile code paradigm, processes move from one node to another to balance the load.
SOAP (Simple Object Access Protocol): Protocol developed by Microsoft, DevelopMentor, and Userland Software. It allows the communication between a program executed in a given operating system with a program in the same or in another operating system using HTTP and XML as a mechanism for message exchange.
Code-On-Demand Paradigm: In this mobile code paradigm, local clients download and execute code as needed.
Remote Evaluation Paradigm: In this mobile code paradigm, a remote node downloads code before executing it.
Client-Server Paradigm: In this mobile code paradigm, client invokes code resident on another node.
Active Networks Paradigm: In this mobile code paradigm, packets moving through the network reprogram the network infrastructure.
Proof-Carrying Code: This approach for security in mobile code is based on two actors: the code consumer and the code producer, and on the following two statements: 1) a proof is lot easier to check than to build and 2) the code producer must be responsible for the behavior of the produced executable code.