1. INTRODUCTIONWith the growth of d

1. INTRODUCTION
With the growth of distributed computers and network
systems and the Internet Technologies, the utilization
of mobile code system such as applets, mobile
agents systems is increasing. Mobile code utilization
may raise security problems because it is generated by
an untrusted producer and can run at a remote host
without user’s approval or intervention. Malicious
mobile code can attack the local host by destroying
data, releasing sensitive information. To avoid these
risks, existing security approaches focused on confining
the mobile code so as to ensure that it can do
04PSI20: Manuscript received on December 28, 2004 ; revised
on May 11, 2005.
The authors are with the Department of Information Systems
Graduate School of Information Systems University
of Electro-Communications 1-5-1, Chofugaoka, Chofu-shi,
Tokyo, 182-8585, Japan. E-mail:{bian, ken, yoshi, maekawa} @maekawa.is.uec.ac.jp
no harm to the host but the cost is a large amount
of useful applications of mobile code are sacrificed to
comply with this security policy. The sand-boxing
technique can ensure the security of the host, but
it also unduly restricted the function of the mobile
code. For example, certain application needs information
from a file however it is considered sensitive
information of the host thus the privilege to read the
file cannot be granted to this application; therefore
this application can not get the information because
of the restriction of security policy. Although the application
does no harm to the host, it still cannot
fully perform its task without necessary information.
Furthermore, existing security approaches are inadequate
and unsatisfactory to guarantee the data confidentiality
and integrity. These approaches can only
restrict the information release but not propagation.
Once information is released from its container the
accessing program may improperly transmit the information
out in another form.