Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University.

Published byBrandon Greer Modified over 8 years ago

Similar presentations

Presentation on theme: "Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University."— Presentation transcript:

1 Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University of Delaware Lisa Marvel U.S. Army Research Lab

2 Adaptive Software Transformation Systems Examples: Dynamic Compilers Dynamic Optimizers Binary Translation/Rewriting Systems Adaptive Instrumentation Systems Interactive Debuggers Executing Program Analysis Input gather info transform code program state + environment Results Adaptive System

3 Executing in a Networked Environment (Voss and Eigemann01) Evolving Mobile Code : An evolving program not compiled by the local host + Greater performance through distribution Server Clients Network Adaptive Optimizer Running Program Running Program Running Program Adaptive Optimizer

4 But, security concerns... Risks: – Viruses – Worms – Code tampering attacks Server How can we validate the integrity of evolving mobile code?

5 Can existing techniques for mobile code security be applied? Checksum: only checks if change in code Digital Signature: computationally intensive if new signature upon each change Digital Certificate: now a third party, so likely “communicationally” intensive Dynamic techniques: involve execution of code Program Encryption: limits usage, computationally intensive

6 Objective of this Research Enable Tamper Detection for evolving mobile code restricted change non-evolving: no change permitted evolving: change permitted functionally EQ change location restricted semantically EQ change

7 The Proposed Approach Develop an efficient transformation control system for evolving mobile programs: – Develop a framework to enable program transformation control and test effectiveness. – Define a language to specify program transformation control policies and requests. Process: 1. Identify critical behaviors that may not change (e.g., particular value, operation, or computation) 2. Write specs of desired control on transformation 3. Integrate control into adaptive transformation systems

8 v Trusted Server Subnet_1 Subnet_N Subnet_2 Client Server Pool Client Server Pool Server Pool Client Server Pool Server Pool Server Pool Server Pool Server Pool Server Pool Targeted Networked Environment Distribute original P with policy Execute P Request Transform Assist Transform Server Pool – marginally trusted by Clients – group signature

9 Control Framework TConS: Transformation Control Specification Originates @ Trusted Server TReqS: Transformation Request Specification Originates @ Client Node or Server Pool TReqS Client Node New Program Transform Permitted? Alert Server Transform NoYes Modified Dynamic Transformer Trusted Server Program TConS Server Pool Program TConS Program TConS

10 TConS Specification public class foo { public static void 0 main(String args[]) { 4 int w; 8 int x; 12 int y; 16 int z; 20 w = 5; 24 x = 10; 28 y = w; 32 z = x; 36 System.out.println(“Answer : " + subtract(y, z)); } public static int 0 subtract(int a, int b) { 4 int c; 8 int d; 12 c = a; 16 d = b; 20 return c - d; } } TCONS CLASS Foo { METHOD main { /* No propagation of the value w to variable y between address 0 - 36 May propagate the value of x to variable z between address 0 - 36 */ COPY_PROP { 0:36, !w{y}, x{z} }; } } General Form: TCONS “class_name” { “method_name” { “transform” { “specific_rules” };}} Example TConS Spec: Example Program Segment:

11 Current Prototype Jikes Research Virtual Machine (IBM) dynamic, adaptive optimization of Java programs Currently controlling transformations: Copy Propagation Constant Propagation Method Inlining TReqS Program New Program Transform Permitted? Alert Server Optimize NoYes Modified Jikes TConS Client Node

12 Evaluation Plan Effectiveness – What kinds of security control can be obtained? – What level of abstraction can be supported? Cost – Time – Space – Communication Flexibility/Adaptability – Which operating configurations provide best performance for a given network environment?

13 Summary – Generalize adaptive software transformation systems to untrusted network environments – Provide control over transformation as specified by policy – Integrate into existing systems Executing Program Analysis Input gather info transform code program state + environment Results Adaptive System

14 Future Work – Extend prototype system to include more program transformations – More extensive experimental study – Extend/refine TConS and TReqS languages – Raise level of abstraction of control specs

Download ppt "Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University."

Similar presentations

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern.

Addressing the Trust Asymmetry Problem In Grid Computing with Encrypted Computation Peter A. Dinda Prescience Lab Department of Computer Science Northwestern.
M. Muztaba Fuad Masters in Computer Science Department of Computer Science Adelaide University Supervised By Dr. Michael J. Oudshoorn Associate Professor.

M. Muztaba Fuad Masters in Computer Science Department of Computer Science Adelaide University Supervised By Dr. Michael J. Oudshoorn Associate Professor.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI 48309.

Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Gemplus and OSGI Benjamin Maury 10.23.03. Gemplus Introduction  World Leader for Smart Card Solutions  Smart Solutions in Telecommunications  Beyond.

Gemplus and OSGI Benjamin Maury Gemplus Introduction  World Leader for Smart Card Solutions  Smart Solutions in Telecommunications  Beyond.
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.

Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
1 Integrating Influence Mechanisms into Impact Analysis for Increased Precision Ben Breech Lori Pollock Mike Tegtmeyer University of Delaware Army Research.

1 Integrating Influence Mechanisms into Impact Analysis for Increased Precision Ben Breech Lori Pollock Mike Tegtmeyer University of Delaware Army Research.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Hiperspace Lab University of Delaware Antony, Sara, Mike, Ben, Dave, Sreedevi, Emily, and Lori.

Hiperspace Lab University of Delaware Antony, Sara, Mike, Ben, Dave, Sreedevi, Emily, and Lori.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.

Design of a Framework for Testing Security Mechanisms for Program-Based Attacks Ben “Security” Breech and Lori Pollock University of Delaware.
Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.

Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.
Introduction to Java Programming

Introduction to Java Programming
Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,

Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,

Similar presentations

Ads by Google