Language Issues in Mobile Program Security [chapter]

Dennis Volpano, Geoffrey Smith
1998 Lecture Notes in Computer Science  
Many programming languages have been developed and implemented for mobile code environments. They are typically quite expressive. But while security is an important aspect of any mobile code technology, it is often treated after the fundamental design is complete, in ad hoc ways. In the end, it is unclear what security guarantees can be made for the system. We argue that mobile programming languages should be designed around certain security properties that hold for all well-formed programs.
more » ... s requires a better understanding of the relationship between programming language design and security. Appropriate security properties must be identified. Some of these properties and related issues are explored. An assortment of languages and environments have been proposed for mobile code. Some have been designed for use in executable content and others for use in agents [15, 34] . Parallel efforts in extensible networks and operating systems have also focused attention on language design for mobility. These efforts include work on active networks [33, 38] , the SPIN kernel [2, 17] and Exokernel [8] . What these efforts have in common is a need for security. We can roughly separate security concerns in this setting into code security and host security. The former is concerned with protecting mobile code from untrusted hosts while the latter is concerned with protecting hosts from untrusted mobile code. This may seem a bit artificial since one might like to model security more symmetrically. 1 Nonetheless, it is a useful distinction for now. The code security problem seems quite intractable, given that mobile code is under the control of a host. For some proposals and a discussion, see [25, 26, 40] . In the remainder of this paper, we treat only the host security problem.
doi:10.1007/3-540-68671-1_3 fatcat:d7znuwyxzfasndcoy3y5fiyyya