Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Sharing and protection in a single-address-space operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on computer architecture
Exokernel: an operating system architecture for application-level resource management
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
A specification of Java loading and bytecode verification
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Type-safe linking and modular assembly language
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Techniques for trusted software engineering
Proceedings of the 20th international conference on Software engineering
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
The Java Language Specification
The Java Language Specification
Compile-Time Detection of Information Flow in Sequential Programs
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Stack-Based Typed Assembly Language
TIC '98 Proceedings of the Second International Workshop on Types in Compilation
Mobile Agents: Are They a Good Idea?
MOS '96 Selected Presentations and Invited Papers Second International Workshop on Mobile Object Systems - Towards the Programmable Internet
A Security Kernel Based on the Lambda-Calculus
A Security Kernel Based on the Lambda-Calculus
A survey of active network research
IEEE Communications Magazine
Editorial message: special track on the programming languages and object technologies
Proceedings of the 2002 ACM symposium on Applied computing
Hi-index | 0.00 |
In the mobile code paradigm for distributed systems (as well as in the active networks and agents frameworks), programs from possibly unknown hosts interact with the resources local to the host. While this model offers great potential, it also raises difficult security and performance issues. The mobile code unit should be guaranteed to be safe (not to abuse the resources of the host) in a limited time (since the acquisition of the code happens in real time --- e.g., a Java applet). Existing host security schemes can be classified as: (i) discretion based: accept certificate of authenticity at your discretion; and (ii) verification based: formally prove the safety. Verification provides the desired level of security; however, it comes at a large performance delay while discretion is efficient, but limited and relies on blind trust. We present an optimization, verification caching, for enhancing the performance of verification-based security methods. Secure indexing of previously encountered code units is established by using message digest algorithm (e.g., MD 5) to generate a fingerprint of the code. We characterize the performance and security of this scheme and investigate optimizations to lower the cost of generating the fingerprint (by indexing on small, partial, fingerprints and generating the full fingerprint only if there is a cache hit). In addition, we generalize the approach to allow multiple trusting nodes to distribute caching among them, sharing experiences and effectively increasing the cache size.