A Framework for Execution of Secure Mobile Code based on Static Analysis

Arica, Chile November 11-November 12

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/QEST.2004.1

XXIV International Conference of the ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mart? Nordio Articles by Ricardo Medel Articles by Francisco Bavera Articles by Jorge Aguirre Articles by Gabriel Baum

	ASCII Text	x
	Mart? Nordio, Ricardo Medel, Francisco Bavera, Jorge Aguirre, Gabriel Baum, "A Framework for Execution of Secure Mobile Code based on Static Analysis," Chilean Computer Science Society, International Conference of the, pp. 59-66, XXIV International Conference of the Chilean Computer Science Society (SCCC'04), 2004.

	BibTex	x
	@article{ 10.1109/QEST.2004.1, author = {Mart? Nordio and Ricardo Medel and Francisco Bavera and Jorge Aguirre and Gabriel Baum}, title = {A Framework for Execution of Secure Mobile Code based on Static Analysis}, journal ={Chilean Computer Science Society, International Conference of the}, volume = {0}, year = {2004}, isbn = {0-7695-2200-9}, pages = {59-66}, doi = {http://doi.ieeecomputersociety.org/10.1109/QEST.2004.1}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Chilean Computer Science Society, International Conference of the TI - A Framework for Execution of Secure Mobile Code based on Static Analysis SN - 0-7695-2200-9 SP59 EP66 A1 - Mart? Nordio, A1 - Ricardo Medel, A1 - Francisco Bavera, A1 - Jorge Aguirre, A1 - Gabriel Baum, PY - 2004 KW - Mobile Code KW - Proof-Carrying Code KW - Certifying Compilation KW - Security Properties KW - Automated Program Verification VL - 0 JA - Chilean Computer Science Society, International Conference of the ER -

Mart? Nordio, Universidad Nacional de R?o Cuarto, Argentina

Ricardo Medel, Stevens Institute of Technology, New Jersey

Francisco Bavera, Universidad Nacional de R?o Cuarto, Argentina

Jorge Aguirre, Universidad Nacional de R?o Cuarto, Argentina

Gabriel Baum, Universidad Nacional de La Plata, LIFIA, Argentina

Since its conception, Proof-Carrying Code (PCC) woke up the interest of the research community and several methods based on this technique were developed. This technique guarantees that untrusted programs run safely in a host machine. In a PCC framework, the code producer equips the produced code with a formal proof establishing that the code satisfy the consumer's security policies. So, the code consumer only needs to verify such proof before the execution of the mobile code. On the other hand, static analysis is a technique useful for the production of the information required to construct the mentioned proof. Based on these two techniques, PCC and static analysis, we developed a framework that guarantees the safe execution of mobile code. This framework uses a high-level intermediate language to verify the security of the code. Acontrol flow graph or an abstract syntax tree with type annotations could be used. Such intermediate representations of the code enable us to use static analysis techniques to generate and verify the type information needed. Moreover, we implemented a prototype as a proof of concept for our framework.

Index Terms:

Mobile Code, Proof-Carrying Code, Certifying Compilation, Security Properties, Automated Program Verification

Citation:

Mart? Nordio, Ricardo Medel, Francisco Bavera, Jorge Aguirre, Gabriel Baum, "A Framework for Execution of Secure Mobile Code based on Static Analysis," sccc, pp.59-66, XXIV International Conference of the Chilean Computer Science Society (SCCC'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.