3. OUR APPROACH
3.1 Security Model and Verification Mechanism
In the security model, the mobile code system is
considered being composed of two parts, the mobile
code process and the system resources. The mobile
code process is considered as a subject, the system resources
including file systems, network resource, IO
devices and others are a set of objects. Regarding
the operations that the mobile code process interacts
with the system resources, there are two types
of actions: input and output. Input action means
the process obtains data from system resources, such
as reading data from file or network. Output action
means the subject’s activities change the status of the
object, such as writing data to a file or doing some
operations on a device. The output action causes the
status change of an object. Since only the output
action can finally modify the host’s data or release
sensitive information to a third party, the proposal in
our approach is to monitor these output actions.