Designing distributed applications with mobile code paradigms
ICSE '97 Proceedings of the 19th international conference on Software engineering
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language
ACM Transactions on Programming Languages and Systems (TOPLAS)
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
A Language-Based Approach to Security
Informatics - 10 Years Back. 10 Years Ahead.
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Empowering mobile code using expressive security policies
Proceedings of the 2002 workshop on New security paradigms
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Hi-index | 0.00 |
Mobile code can potentially be malicious. To protect the local system against malicious mobile code, a hybrid security framework of mobile code is proposed, which combines different static and dynamic techniques to provide a general solution to mobile code security. For a given mobile code and a set of security policies that the code needs to enforce, a static analysis tool is used to verify the mobile code against the policy. If the static analysis shows that the mobile code will never violate the policy, nothing needs to do: otherwise it never rejects the code simply but addsdynamic checks to enforce the policy when necessary. Servant static analysis optimizing algorithms is also proposed to improve performance of dynamic enforcement.