[Main] [Overview] [What's New] [Members] [Resources] |
It is immediately obvious that this model is far too primitive to capture the whole spectrum of meaningful distribution schemes for mobile code. Besides the obvious defects of a versioning scheme based on URLs, there are many modes of mobile-code dissemination and deployment that are likely to be highly useful, but that are badly or not at all supported by current distribution models and architectures. What is needed is an overarching architecture that can describe not only current modes of mobile-code deployment, but also all meaningful future ones. Further, the underlying model must be enforceable by mechanical means. There should be support for fine- grained versioning, migration of mobile programs both in "target-machine independent" as well as in "native" forms (the latter case requiring a proof-carrying code approach to security), the possible physical separation of the machines performing verification, dynamic compilation, and execution, and support for the existence of multiple levels of security along the code distribution pipeline. In this document, we propose methodical research with the dual targets of first systematically examining potential candidates until a suitable model has been identified and then implementing a prototype mobile-code distribution architecture based on this model.
Our research goal is to provide support for this and any other security property that can be cast into a programming language construct at all stages along the mobile-code transportation pipeline. We propose to systematically study existing and proposed security policies, examine how they are currently specified, and how they could be cast into programming language constructs, making them amenable to mechanical verification. We plan to augment an existing programming language with new constructs to directly support some of these additional policies at the source level under programmer control. We will then implement a prototype mobile code transportation scheme directly supporting the extended language semantics. Our implementation will provide both a compiler from the augmented source language into a mobile code representation as well as a just-in-time compiler that not only translates from mobile code into native code, but that also verifies that the additional security policies are being met. This work will be integrated with the mobile-code management architecture described under (1). |
[Main] [Overview] [What's New] [Members] [Resources]
Distributed Systems Lab., University of California, Riverside. Last Updated 02/01/2003