Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Published byIvy Hartnell Modified over 10 years ago

Similar presentations

Presentation on theme: "Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems."— Presentation transcript:

1 Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems are becoming popular and ubiquitous,and while…the security issues that these systems raise must now be dealt with more thoroughly. presented by Wei Zhong

2 Outline Introduction Common Assumptions & Their Violations Conclusion

3 Introduction What are mobile code systems? - In mobile code systems, programs or processes travel from a server to a client, then execute on the client after arrival. Mobile code systems raise new security issues. - e.g. CHRISTMA EXEC, internet worms Why? - The mobile code systems violate a number of assumptions, and most existing computer security systems are based on them.

4 Common Assumptions & Their Violations Identity Assumptions 1. Whenever a program attempts some action, we can easily identify a person to whom that action can be attributed, and it is safe to assume that that person intends the action to be taken. Violation by mobile code systems: When a program attempts some action, we may be unable to identify a person to whom that action can be attributed, and it is not safe to assume that any particular person intends the action to be taken. - e.g. email virus

5 Common Assumptions & Their Violations(cnt.) Identity Assumptions 2. There is one security domain corresponding to each user; all actions within that domain can be treated the same way. Violation by mobile code systems: There are potentially many security domains corresponding to each user; different actions initiated by the same user may need to be treated differently. - Different programs may have different level of trust. - The programs which have different level of trust must be treated differently.

6 Common Assumptions & Their Violations(cnt.) Trojan Horses are rare Users think: Essentially all programs are obtained from easily-identifiable and generally trusted sources. users think: Why ? because users think: - Attackers would be - Attackers would be unlikely to escape detection and punishment. - Commercial custom and law place some restraints. Violation by mobile code systems: In mobile code systems, many programs may be obtained from unknown or untrusted sources. - e.g. download files from an unknown site

7 Common Assumptions & Their Violations(cnt.) The origin of attacks Significant security threats come from attackers running programs with the intent of accomplishing unauthorized results. - Most computer security efforts go into user authentication (id, password etc). Violation by mobile code systems: Significant security threats come from authorized users running programs which take advantage of the users rights in order to accomplish undesirable results. - Authentication systems are unable to prevent authorized users attack.

8 Common Assumptions & Their Violations(cnt.) Programs stay put Programs or processes are immobile, they run entirely on one machine or one particular operating system. Computer security is provided by the operating system. Violation by mobile code systems: Programs cross administrative boundaries often, can arrange for their own transmission and reproduction. …Computer security may not be provided by the operating system; … - e.g. internet worms, distributed-processing system.

9 Conclusion All network developers and users should know at least a little bit about Assumption Violation by Mobile Code Systems. This article is an excellent introduction. * Question: Could you explain how setuid feature of Unix violates Identity Assumption ?

Download ppt "Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems."

Similar presentations

By Olga Gelbart rosa@seas.gwu.edu Mobile Agents By Olga Gelbart rosa@seas.gwu.edu.

By Olga Gelbart Mobile Agents By Olga Gelbart
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park.

Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Cyber-Attack On Department Of Defense. Overview Washington has reported that there has been a widespread attack on Defense Department computers that may.

Cyber-Attack On Department Of Defense. Overview Washington has reported that there has been a widespread attack on Defense Department computers that may.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google