240 likes | 439 Views
Mobile code. Prepared By : Awni Adnan AL-arab Supervised By : Dr. Lo ’ ai Tawalbeh. Introduction. Mobile code – a technique where code is transferred from the computer system that stores the codes file to the computer system that executes the code
E N D
Mobile code Prepared By : Awni Adnan AL-arab Supervised By : Dr. Lo’ai Tawalbeh
Introduction • Mobile code – a technique where code is transferred from the computer system that stores the codes file to the computer system that executes the code • Mobile agent – a special type of mobile code
Two Mobility Models • Code fetching – user downloads the code to be executed; initiative is with the receiver of the code Java, O’Caml, Limbo • Agent – programmed to migrate themselves; initiative is with the mobile code itself Obliq, Telescript
Mobile code can: Overwrite memory Read private memory Create machine code and jump to it Execute illegal instructions Obtain control Infinite-loop (in a system without interrupts) …… Abuse of API calls: Read files on disk Write files on disk Obtain critical locks Denial of service Perform operations without holding required lock …… Mobile Code Threats & Attacks
Resource Access & Safety • The issue of safe execution of code comes down to a concern with access to system resources. Any running program has to access system resources in order to perform its task. Traditionally, that access has been to all normal user resources. 'Mobile Code' must have restricted access to resources for safety. However, it must be allowed some access in order to perform its required functions. Just which types of access and how these are to be controlled is a key research issue.
Resource Access & Safety The types of resources to which access is required include: • file system • network • random memory • output devices (entire display, various windows, speaker) • input devices (keyboard) • process control (access to CPU cycles) • user environment • system calls
Granting Access to Resources • One of the key issues in providing for safe execution of 'mobile code' is determining exactly which resources a particular code unit is to be granted access to. That is, there is a need for a security policy which determines the type of access of any 'mobile code' unit. This policy may be:
Granting Access to Resources • fixed for all 'mobile code' units • very restrictive but easy, and is the approach currently used to handle applet security in web browsers such as Netscape • that the user verifies each security-related access request • relatively easy, but rapidly gets annoying, and eventually is self-defeating when users stop taking notice of the details of the requests (whilst there is a place for querying the user, it should be used exceedingly sparingly)
Mobile agents • Mobile agents are software agents that have the ability to travel from one place to another to do the work assigned to them autonomously. A mobile agent can interact with the hosts it visits and with the other agents that happen to be on those hosts at the same time.
Mobile Agents Applications • Data collection from many places. Mobile agents can be used to implement a network backup tool, for instance. The tool can employ an agent to periodically check and gather information from every computer in the network. · • Searching and filtering. A mobile agent could visit many sites, search through the information available at each site, and build an index of links to pieces of information that match a search criterion. • · Monitoring. An agent could go to a stock market host, wait for a certain stock to hit a certain price, and then notify its user or even buy some of the stocks on behalf of its user.
Security Issues • Nothing is for free; as mobile agents paradigm facilitates network programming and distributed computing in general, it also introduces a lot of problems and challenges especially in the area of security.
A mobile agent visiting a host will ask for some services and resources from the host. These resources should be protected from malicious or erroneous agents. Also, an agent carrying some private data such as credit card number or private key of its owner should protect these data from illegal access by the hosting server or other agents on that server. Not only the carried data needs to be protected but also sometimes we need to protect the code of the agent itself
Another important aspect of agent security is transferring the agent securely from its source to the desired destination. Simply because there may be some attackers listening to the network either to learn some of the information carried by the agent (passive attacks) or modifying that information for their favor (active attacks.) • three different approaches (sandboxing, digital shrink-wrap, and proof-carrying code) used to protect the host from a malicious agent.
Overview of PCC Approach OK, but let me quickly look over the instructions first. Please install and execute this. Code producer Host
Overview of PCC Approach Code producer Host
Overview of PCC Approach This storeinstruction is dangerous! Code producer Host
Overview of PCC Approach Can you prove that it is always safe? Code producer Host
Overview of PCC Approach Yes! Here’s the proof I got from my certifying Java compiler! Can you prove that it is always safe? Code producer Host
Overview of PCC Approach Your proof checks out. I believe you because I believe in logic. Code producer Host
JavaScript • Language executed by browser • Used in many attacks (to exploit other vulnerabilities) With the assistance of some JavaScript code, an attacker could construct a Web page or HTML-based e-mail that could access any cookie in the browser's memory or those stored on disk ... • JavaScript runs • Before the HTML is loaded, before the document is viewed • While the document is viewed, or as the browser is leaving
ActiveX • The Component Object Model (COM) is Microsoft's architecture for creating programming objects that can be reused and provide services to other programs • An ActiveX control is simply a COM object that is designed to be downloaded and used within web pages. Once an ActiveX control is installed on the system it runs directly on the workstation in the security context of the web browser (normally the logged on user).
Risks associated with controls • Warning • An ActiveX control can be an extremely insecure way to provide a feature. • Why? • Component Object Model (COM )object, control can do any user action • read and write Windows registry • access the local file system • Other web pages can attack a control • Once installed, control can be accessed by any page • Page only needs to know class identifier (CLSID)
Java • Java is general programming language • Web pages may contain Java code • Java executed by Java Virtual Machine