Prepared By : Awni Adnan AL-arab

Supervised By : Dr. Lo’ai Tawalbeh

Mobile code – a technique where code is transferred from the computer system that stores the codes file to the computer system that executes the code

Mobile agent – a special type of mobile code

Code fetching – user downloads the code to be executed; initiative is with the receiver of the code Java, O’Caml, Limbo

Agent – programmed to migrate themselves; initiative is with the mobile code itself Obliq, Telescript

Mobile code can:

Overwrite memory Read private

memory Create machine

code and jump to it Execute illegal

instructions Obtain control Infinite-loop (in a

system without interrupts)

……

Abuse of API calls:

Read files on disk Write files on disk Obtain critical

locks Denial of service Perform

operations without holding required lock

……

The issue of safe execution of code comes down to a concern with access to system resources. Any running program has to access system resources in order to perform its task. Traditionally, that access has been to all normal user resources. 'Mobile Code' must have restricted access to resources for safety. However, it must be allowed some access in order to perform its required functions. Just which types of access and how these are to be controlled is a key research issue.

The types of resources to which access is required include:

file system network random memory output devices (entire display, various

windows, speaker) input devices (keyboard) process control (access to CPU cycles) user environment system calls

One of the key issues in providing for safe execution of 'mobile code' is determining exactly which resources a particular code unit is to be granted access to. That is, there is a need for a security policy which determines the type of access of any 'mobile code' unit. This policy may be:

fixed for all 'mobile code' units very restrictive but easy, and is the

approach currently used to handle applet security in web browsers such as Netscape

that the user verifies each security-related access request relatively easy, but rapidly gets annoying,

and eventually is self-defeating when users stop taking notice of the details of the requests (whilst there is a place for querying the user, it should be used exceedingly sparingly)

Mobile agents are softwareagents that have the ability to travel from

one place to another to do the work assigned to them autonomously. A mobile agent can interact with the hosts it visits and with the other agents that happen to be on those hosts at the same time.

Data collection from many places. Mobile agents can be used to implement a network backup tool, for instance. The tool can employ an agent to periodically check and gather information from every computer in the network. ·

Searching and filtering. A mobile agent could visit many sites, search through the information available at each site, and build an index of links to pieces of information that match a search criterion.

· Monitoring. An agent could go to a stock market host, wait for a certain stock to hit a certain price, and then notify its user or even buy some of the stocks on behalf of its user.

Nothing is for free; as mobile agents paradigm facilitates network programming and distributed computing in general, it also introduces a lot of problems and challenges especially in the area of security.

A mobile agent visiting a host will ask for some services and resources from the host. These resources should be protected from malicious or erroneous agents. Also, an agent carrying some private data such as credit card number or private key of its owner should protect these data from illegal access by the hosting server or other agents on that server. Not only the carried data needs to be protected but also sometimes we need to protect the code of the agent itself

Another important aspect of agent security is transferring the agent securely from its source to the desired destination. Simply because there may be some attackers listening to the network either to learn some of the information carried by the agent (passive attacks) or modifying that information for their favor (active attacks.)

three different approaches (sandboxing, digital shrink-wrap, and proof-carrying code) used to protect the host from a malicious agent.

Please install and execute this.

OK, but let me quickly look over the instructions first.

Code producer Host

Code producer Host

This store instruction is dangerous!

Code producer Host

Can you prove that it is always safe?

Code producer Host

Can you prove that it is always safe?

Yes! Here’s the proof I got from my certifying Java compiler!

Code producer Host

Your proof checks out. I believe you because I believe in logic.

Code producer Host

Language executed by browser Used in many attacks (to exploit other

vulnerabilities)

With the assistance of some JavaScript code, an attacker could construct a Web page or HTML-based e-mail that could access any cookie in the browser's memory or those stored on disk ...

JavaScript runs Before the HTML is loaded, before the document is viewed While the document is viewed, or as the browser is

leaving

The Component Object Model (COM) is Microsoft's architecture for creating programming objects that can be reused and provide services to other programs

An ActiveX control is simply a COM object that is designed to be downloaded and used within web pages. Once an ActiveX control is installed on the system it runs directly on the workstation in the security context of the web browser (normally the logged on user).

Warning An ActiveX control can be an extremely

insecure way to provide a feature. Why?

Component Object Model (COM )object, control can do any user action read and write Windows registry access the local file system

Other web pages can attack a control Once installed, control can be accessed by any

page Page only needs to know class identifier (CLSID)

Java is general programming language Web pages may contain Java code Java executed by Java Virtual Machine