Security issues surrounding programming languages for mobile code

Over the years, computer systems have evolved from centralized monolithic computing devices supporting static applications, into client-server environments that allow complex forms of distributed computing. Throughout this evolution, limited forms of code mobility have existed. The explosion in the use of the World Wide Web, coupled with the rapid evolution of the platform- independent programming languages, has promoted the use of mobile code and, at the same time, raised some important security issues. This chapter introduces mobile code technology and discusses the related security issues. The first part of the chapter deals with the need for mobile codes and the various methods of categorising them. One method of categorising the mobile code is based on code mobility. Different forms of code mobility, like code on demand, remote evaluation, and mobile agents, are explained in detail. The other method is based on the type of code distributed. Various types of codes, like source code, intermediate code, platform-dependent binary code, and just-in-time compilation, are explained. Mobile agents, as autonomously migrating software entities, present great challenges to the design and implementation of security mechanisms. The second part of this chapter deals with the security issues. These issues are broadly divided into code-related issues and host-related issues. Techniques, like sandboxing, code signing, and proof-carrying code, are widely applied to protect the hosts. Execution tracing, mobile cryptography, obfuscated code, and cooperating agents are used to protect the code from harmful agents. The security mechanisms, like language support for safety, OS level security, and safety policies, are discussed in the last section. In order to make the mobile code approach practical, it is essential to understand mobile code technology. Advanced and innovative solutions are to be developed to restrict the operations that mobile code can perform, but without unduly restricting its functionality. It is also necessary to develop formal, extremely easy-to-use safety measures.

Download Full-text

Mobile Code and Security Issues

Mobile and Ubiquitous Commerce ◽

10.4018/978-1-60566-366-1.ch014 ◽

2009 ◽

pp. 256-269

Author(s):

E.S. Samundeeswari ◽

F. Mary Magdalene Jane

Keyword(s):

Programming Languages ◽

Mobile Agents ◽

Rapid Evolution ◽

Just In Time ◽

Mobile Code ◽

Security Issues ◽

Code Mobility ◽

Innovative Solutions ◽

Complex Forms ◽

Execution Tracing

Over the years computer systems have evolved from centralized monolithic computing devices supporting static applications, into client-server environments that allow complex forms of distributed computing. Throughout this evolution limited forms of code mobility have existed. The explosion in the use of the World Wide Web coupled with the rapid evolution of the platform independent programming languages has promoted the use of mobile code and at the same time raised some important security issues. This chapter introduces mobile code technology and discusses the related security issues. The first part of the chapter deals with the need for mobile codes and the various methods of categorizing them. One method of categorising the mobile code is based on code mobility. Different forms of code mobility like code on demand, remote evaluation and mobile agents are explained in detail. The other method is based on the type of code distributed. Various types of codes like Source Code, Intermediate Code, Platform-dependent Binary Code, Just-in-Time Compilation are explained. Mobile agents, as autonomously migrating software entities, present great challenges to the design and implementation of security mechanisms. The second part of this chapter deals with the security issues. These issues are broadly divided into code related issues and host related issues. Techniques like Sandboxing, Code signing and Proof carrying code are widely applied to protect the hosts. Execution tracing, Mobile cryptography, Obfuscated code, Co-Operating Agents are used to protect the code from harmful agents. The security mechanisms like language support for safety, OS level security and safety policies are discussed in the last section. In order to make the mobile code approach practical, it is essential to understand mobile code technology. Advanced and innovative solutions are to be developed to restrict the operations that mobile code can perform but without unduly restricting its functionality. It is also necessary to develop formal, extremely easy to use safety measures.

Download Full-text

Mobile Code and Security Issues

Web Services Security and E-Business ◽

10.4018/978-1-59904-168-1.ch004 ◽

2007 ◽

pp. 75-92

Author(s):

E. S. Samundeeswari ◽

F. Mary Magdalene Jane

Keyword(s):

Programming Languages ◽

Mobile Agents ◽

Rapid Evolution ◽

Just In Time ◽

Mobile Code ◽

Security Issues ◽

Code Mobility ◽

Complex Forms ◽

Cooperating Agents ◽

Execution Tracing

Over the years, computer systems have evolved from centralized monolithic computing devices supporting static applications, into client-server environments that allow complex forms of distributed computing. Throughout this evolution, limited forms of code mobility have existed. The explosion in the use of the World Wide Web, coupled with the rapid evolution of the platform-independent programming languages, has promoted the use of mobile code and, at the same time, raised some important security issues. This chapter introduces mobile code technology and discusses the related security issues. The first part of the chapter deals with the need for mobile codes and the various methods of categorising them. One method of categorising the mobile code is based on code mobility. Different forms of code mobility, like code on demand, remote evaluation, and mobile agents, are explained in detail. The other method is based on the type of code distributed. Various types of codes, like source code, intermediate code, platform-dependent binary code, and just-in-time compilation, are explained. Mobile agents, as autonomously migrating software entities, present great challenges to the design and implementation of security mechanisms. The second part of this chapter deals with the security issues. These issues are broadly divided into code-related issues and host-related issues. Techniques, like sandboxing, code signing, and proof-carrying code, are widely applied to protect the hosts. Execution tracing, mobile cryptography, obfuscated code, and cooperating agents are used to protect the code from harmful agents. The security mechanisms, like language support for safety, OS level security, and safety policies, are discussed in the last section. In order to make the mobile code approach practical, it is essential to understand mobile code technology. Advanced and innovative solutions are to be developed to restrict the operations that mobile code can perform, but without unduly restricting its functionality. It is also necessary to develop formal, extremely easy-to-use safety measures.

Download Full-text

Mobile Code and Security Issues

Electronic Business ◽

10.4018/978-1-60566-056-1.ch135 ◽

2009 ◽

pp. 2183-2197

Author(s):

E. S. Samundeeswari ◽

F. Mary Magdalene Jane

Keyword(s):

Programming Languages ◽

Mobile Agents ◽

Rapid Evolution ◽

Just In Time ◽

Mobile Code ◽

Security Issues ◽

Code Mobility ◽

Complex Forms ◽

Cooperating Agents ◽

Execution Tracing

Over the years, computer systems have evolved from centralized monolithic computing devices supporting static applications, into client-server environments that allow complex forms of distributed computing. Throughout this evolution, limited forms of code mobility have existed. The explosion in the use of the World Wide Web, coupled with the rapid evolution of the platform- independent programming languages, has promoted the use of mobile code and, at the same time, raised some important security issues. This chapter introduces mobile code technology and discusses the related security issues. The first part of the chapter deals with the need for mobile codes and the various methods of categorising them. One method of categorising the mobile code is based on code mobility. Different forms of code mobility, like code on demand, remote evaluation, and mobile agents, are explained in detail. The other method is based on the type of code distributed. Various types of codes, like source code, intermediate code, platform-dependent binary code, and just-in-time compilation, are explained. Mobile agents, as autonomously migrating software entities, present great challenges to the design and implementation of security mechanisms. The second part of this chapter deals with the security issues. These issues are broadly divided into code-related issues and host-related issues. Techniques, like sandboxing, code signing, and proof-carrying code, are widely applied to protect the hosts. Execution tracing, mobile cryptography, obfuscated code, and cooperating agents are used to protect the code from harmful agents. The security mechanisms, like language support for safety, OS level security, and safety policies, are discussed in the last section. In order to make the mobile code approach practical, it is essential to understand mobile code technology. Advanced and innovative solutions are to be developed to restrict the operations that mobile code can perform, but without unduly restricting its functionality. It is also necessary to develop formal, extremely easy-to-use safety measures.

Download Full-text

Non-disclosure for distributed mobile code

Mathematical Structures in Computer Science ◽

10.1017/s096012951100017x ◽

2011 ◽

Vol 21 (6) ◽

pp. 1111-1181

Author(s):

ANA ALMEIDA MATOS ◽

JAN CEDERQUIST

Keyword(s):

Programming Language ◽

Information Flow ◽

Flow Property ◽

Mobile Code ◽

Information Flows ◽

Distributed Programs ◽

Security Issues ◽

Code Mobility ◽

Global Computing ◽

Language Based Security

With the emergence of the new possibilities offered by global computing, new security issues follow from the fact that these possibilities can be equally exploited by parties with malicious intentions. Many attacks arise at the application level, and can be tackled by means of programming language techniques. For instance, confidentiality can be violated during the execution of programs that reveal secret information. This kind of program behaviour can be avoided by information flow analyses that detect the encoding of illegal flows.This paper studies information flows that occur in distributed programs with code mobility from a language-based security perspective. New forms of security leaks that are introduced by code mobility, which we callmigration leaks, are presented and compared with well-known forms of illegal flow. We propose an information flow property that is adequate for networks consisting of a generalisation of the non-disclosure policy. We design a type and effect system for enforcing it on an expressive distributed calculus, and explain a soundness proof methodology in detail.

Download Full-text

Perception of Security Issues in the Development of Cloud-IoT Systems by a Novice Programmer

Intelligent Environments 2021 - Ambient Intelligence and Smart Environments ◽

10.3233/aise210074 ◽

2021 ◽

Author(s):

Fulvio Corno ◽

Luigi De Russis ◽

Luca Mannella

Keyword(s):

Programming Languages ◽

Point Of View ◽

Cloud Services ◽

Security Issues ◽

Engineering Company ◽

Novice Programmer ◽

Amazon Web Services ◽

Small Pool ◽

Security By Design ◽

Perception Of Security

It is very hard (or ineffective) to take an old system and add to it security features like plug-ins. Therefore, a computer system is much more reliable designed with the approach of security-by-design. Nowadays, there are several tools, middlewares, and platforms designed with this concept in mind, but they must be appropriately used to guarantee a suitable level of reliability and safety. A security-by-design approach is fundamental when creating a distributed application in the IoT field, composed of sensors, actuators, and cloud services. The IoT usually requires handling different programming languages and technologies in which a developer might not be very expert. Through a use case, we analyzed the security of some IoT components of Amazon Web Services (AWS) from a novice programmer’s point of view. Even if such a platform could be secure by itself, a novice programmer could do something wrong and leave some possible attack points to a malicious user. To this end, we also surveyed a small pool of novice IoT programmers from a consulting engineering company. Even if we discovered that AWS seems quite robust, we noticed that some common security concepts are often not clear or applied, leaving the door open to possible issues.

Download Full-text

Asymmetric Encryption Scheme to Protect Cloud Data Using Paillier-Cryptosystem

International Journal of Applied Evolutionary Computation ◽

10.4018/ijaec.2021040104 ◽

2021 ◽

Vol 12 (2) ◽

pp. 50-58

Author(s):

Jaydip Kumar ◽

Vipin Saxena

Keyword(s):

Programming Languages ◽

Homomorphic Encryption ◽

Data Encryption ◽

Object Oriented Programming ◽

Significant Advance ◽

Shared Resources ◽

Cloud Data ◽

Security Issues ◽

Cipher Text ◽

Paillier Cryptosystem

Cloud computing is used for large shared resources to facilitate execution and storage. So there is a need of resolving crucial security issues to avoid data theft. Hence cloud security provides data encryption for security parameters to change plain-text to cipher-text. The homomorphic encryption technique is used for performing operations on encrypted data. To manage the huge and growing informational collections that are being prepared these days, great encryption execution is a significant advance for the common sense of homomorphic encryption techniques, the Paillier cryptosystem is also used by researchers for securing the decimal digits of information. In the present work, a hybrid Paillier cryptosystem technique is used for reducing the bit length of the cipher-text by performing hex code operations on encryption. The proposed method has been implemented in the use of two object-oriented programming languages i.e. C++ and Python programming languages. The simulated results show the minimum encrypted bit length as well as provide more secure data. And we have also analyzed our algorithm based on the two parameters namely space complexity and time complexity which are represented in the form of tables and graphs given below.

Download Full-text

Mobile code paradigms and security issues

IEEE Internet Computing ◽

10.1109/mic.2004.1297274 ◽

2004 ◽

Vol 8 (3) ◽

pp. 54-59 ◽

Cited By ~ 14

Author(s):

R. Brooks

Keyword(s):

Mobile Code ◽

Security Issues

Download Full-text

DDS : A Solution to Network Centric Warfare

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit206432 ◽

2020 ◽

pp. 270-277

Author(s):

Isha Jakhar

Keyword(s):

Programming Languages ◽

Data Exchange ◽

Distribution Systems ◽

Research Work ◽

Data Distribution ◽

Distributed Environment ◽

File Transfer ◽

Security Issues ◽

Language Communication ◽

Data Distribution Service

The Open Management Group Data Distribution Service ( OMG DDS ) is a standard for publish-subscribe data distribution systems which is emerging as a specification for data exchange. It is a type of Message Oriented Middleware ( MOM ) that provides various functionalities such as portability and interoperability across many DDS implementations. In this, we create models which are platform independent. One platform can be mapped to others. These platforms can be in different programming languages. The existing issues with this technology include its inability to support request-reply services, file transfer and transaction processing. These issues can be considered as research work for future. Nowadays, there is always a need to exchange data among several communication machines instead of just a single machine. DDS caters this need by allowing data to be sent and received in a distributed environment. While doing so, the various security issues related to data integrity and loss of data are also taken into consideration. In this paper, Data Distribution Service ( DDS ) has been implemented to be used in network centric warfare, in three programming languages i.e Java, C and C++ in order to allow for cross language communication without any loss of data on a standalone mode .Data can also be exchanged between several machines in a distributed environment.

Download Full-text