Mobile code security
- 1 January 1998
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Internet Computing
- Vol. 2 (6) , 30-34
- https://doi.org/10.1109/4236.735984
Abstract
Sandboxes, code signing, firewalls, and proof carrying code are all techniques that address the inherent security risks of mobile code. The article summarizes the relative merits of each. It is concluded that each of these techniques offers something different, and the best approach is probably a combination of security mechanisms. The sandbox and code signing approaches are already being hybridized. Combining these with firewalling techniques such as the playground gives an extra layer of security. The PCC approach is not yet ready for prime time, but the ability to prove safety properties of code is an important element in the arsenal available for securing mobile code. None of the techniques can do much to protect users from social engineering attacks, where a user is somehow fooled into revealing something they shouldn't reveal. For example, JavaScript can be employed in a way that fools a user into revealing passwords to a remote server. Java applets could be used to do this as well, even under the strictest security policy. User education is the only way to combat mobile code attacks that are based on social engineeringKeywords
This publication has 4 references indexed in Scilit:
- Secure execution of Java applets using a remote playgroundPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Blocking Java applets at the firewallPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Extensible security architectures for JavaPublished by Association for Computing Machinery (ACM) ,1997
- Safe kernel extensions without run-time checkingPublished by Association for Computing Machinery (ACM) ,1996