ABSTRACT
Since mobile code can migrate from a remote site
to a host and can interact with the resources and facilities
of the host, security becomes the key to the
success of mobile code computation. Existing mobile
code security mechanisms such as access control are
not able to fully address the import security properties
of the host including confidentiality and integrity.
And these practices tend to protect the host from potential
attacks by confining the mobile code, thus will
impair the function of mobile code. Information-flow
policy is a technique that can ensure confidentiality,
however the analysis of the information flow is practically
difficult. This paper describes an innovative
approach to provide Java mobile code system security
by bytecode analysis. The key technique of the
approach is the dependence analysis adapted to information
flow analysis. A security model for mobile
code system is also proposed in this paper. By
this approach, two major properties of the host security
– integrity and confidentiality can be protected
while the additional restriction on mobile code can be
greatly avoided. A prototype has been implemented,
which can be applied to analyze Java class file, applet
and mobile agent.