Mobile Code Project

We designed and implemented Rico system. As shown in the fig1, Rico sits between the Internet and end users and works as code generating proxy. Unsafe binary code downloaded from the internet will be rewritten by Rico to conform to some specified security policies.

figure 1. Working principle of Rico

We employed Cornell's PoET technique as its binaries rewriter. We proposed the following architecture to conveniently implement PoET and to efficiently manage security policies and versions of binaries. It is composed of three parts: GUI, Database and Policy Writer.

figure 2. Rico architecture

We are currently working on security policies acquiring system. Although Rico provides an efficient tool to create policies, it is still not easy for ordinary system administrators to write the policies. Instead of creating security policies, we are designing an intelligent database system, which not only can acquire security policies from code authors, but also can do the integrity check.