Computability, complexity, and languages (2nd ed.): fundamentals of theoretical computer science
Computability, complexity, and languages (2nd ed.): fundamentals of theoretical computer science
Computer related risks
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Blocking Java Applets at the Firewall
SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
A secure execution framework for Java
Proceedings of the 7th ACM conference on Computer and communications security
Enabling trusted software integrity
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
Protecting Mobile Code in the Wild
IEEE Internet Computing
Bidirectional mobile code trust management using tamper resistant hardware
Mobile Networks and Applications - Security in mobile computing environments
Approaches to fault-tolerant and transactional mobile agent execution---an algorithmic view
ACM Computing Surveys (CSUR)
Mobile Code Paradigms and Security Issues
IEEE Internet Computing
Mobile Agents for Distributed and Heterogeneous Information Retrieval
Information Retrieval
ROST: Remote and hot service deployment with trustworthiness in CROWN Grid
Future Generation Computer Systems
SOMA: mutual approval for included content in web pages
Proceedings of the 15th ACM conference on Computer and communications security
Object placement and caching strategies on AN.P2P
WAIM '06 Proceedings of the 7th international conference on Advances in Web-Age Information Management
Using image steganography for decryptor distribution
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
SP 800-28 Version 2. Guidelines on Active Content and Mobile Code
SP 800-28 Version 2. Guidelines on Active Content and Mobile Code
Applications of agent technology in communications: a review
Computer Communications
Coping with denial of service due to malicious Java applets
Computer Communications
| Hi-index | 0.00 |
Sandboxes, code signing, firewalls, and proof carrying code are all techniques that address the inherent security risks of mobile code. The article summarizes the relative merits of each. It is concluded that each of these techniques offers something different, and the best approach is probably a combination of security mechanisms. The sandbox and code signing approaches are already being hybridized. Combining these with firewalling techniques such as the playground gives an extra layer of security. The PCC approach is not yet ready for prime time, but the ability to prove safety properties of code is an important element in the arsenal available for securing mobile code. None of the techniques can do much to protect users from social engineering attacks, where a user is somehow fooled into revealing something they shouldn't reveal. For example, JavaScript can be employed in a way that fools a user into revealing passwords to a remote server. Java applets could be used to do this as well, even under the strictest security policy. User education is the only way to combat mobile code attacks that are based on social engineering