Mobile code provides a highly desirable and flexible form of computing, but creates complex security considerations beyond those associated with the traditional mode of computing. Inadequate security can cause profound, detrimental effects for both the producer and the consumer of mobile code. Unfortunately, existing security methods fail to adequately protect users of mobile code. The risks and potential damages increase when programs are permitted to automatically transform or react to their computation environment. Our hypothesis is that static analysis of mobile code can be utilized to protect code producers and consumers by

1. embedding a tamper detection mark in the code and
2. generating a Transformation Control Specification for the program to control how the program can evolve over time.

The tamper detection mark will be able to reveal the existence of any tampering with the code after its insertion without requiring additional bandwidth. The Transformation Control Specification will be used by dynamic, adaptive recompilation environments to control how/what transformations are applied to the program. The proposed approach to embedding the mark within the code is to develop hybrid steganographic-cryptographic techniques. The combined effect of tamper detection marking and transformation control will help provide the secure dissemination and execution of mobile code. The proposed research includes the development of a framework and techniques to statically analyze mobile code and perform various manipulations on that code to achieve the respective goals of tamper detection and transformation control.

Our Publications

Faculty: Dr. Lori Pollock
Collaborator: Dr. Lisa Marvel, Army Research Laboratory
Former Ph.D. Student: Mike Jochen
Former Undergraduate: Anteneh Addis Anteneh

Army Research Lab Collaborative Technology Alliance
National Science Foundation (NSF) ITR
NSF REU