This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
projects:mobilecode [2011/08/24 13:23] sprenkle created |
projects:mobilecode [2011/08/24 13:33] sprenkle [Mobile Code Validation through Static Program Analysis, Steganography, and Transformation Control] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Testing Program-based Security Mechanisms ====== | + | ====== Mobile Code Validation through Static Program Analysis, Steganography, and Transformation Control ====== |
- | Security vulnerabilities in a program can lead to severe damage. The best solution to these problems is to change programming practices. However, this may not be practical due to the expense involved. This can be addressed by program-based security mechanisms which either fix the damage caused by an attack or detect the attack and kill the program. These mechanisms adjust some part of the system environment (such libraries, or the OS) or adjust the compiler to add code to the final executable. | + | Mobile code provides a highly desirable and flexible form of |
+ | computing, but creates complex security considerations beyond those | ||
+ | associated with the traditional mode of computing. Inadequate | ||
+ | security can cause profound, detrimental effects for both the producer | ||
+ | and the consumer of mobile code. Unfortunately, existing security | ||
+ | methods fail to adequately protect users of mobile code. The risks | ||
+ | and potential damages increase when programs are permitted to | ||
+ | automatically transform or react to their computation environment. Our | ||
+ | hypothesis is that static analysis of mobile code can be utilized to | ||
+ | protect code producers and consumers by | ||
- | While many such mechanisms exist, testing of these mechanisms is often poor because vulnerabilities involve the uncommon case. As such, security mechanisms are usually tested by applying the mechanism to a program with a known exploit. Thus, the mechanism is tested in a specific instance rather than in a general fashion. | + | - embedding a tamper detection mark in the code and |
+ | - generating a Transformation Control Specification for the program to control how the program can evolve over time. | ||
- | Our research focuses upon building a framework to allow for the automated and general testing of program-based security mechanisms. The framework is built upon dynamic compilers. The testing procedure within the framework is to apply the mechanism to any program and then run the program as would normally be done. During execution, the framework dynamically inserts attacks to demonstrate the effectiveness of the mechanism. Furthermore, the framework may allow for the quick prototyping of new solutions. | + | The tamper detection mark will be able to reveal the |
- | + | existence of any tampering with the code after its insertion without | |
- | Publications | + | requiring additional bandwidth. The Transformation Control |
+ | Specification will be used by dynamic, adaptive recompilation | ||
+ | environments to control how/what transformations are applied to the | ||
+ | program. The proposed approach to embedding the mark within the code | ||
+ | is to develop hybrid steganographic-cryptographic techniques. The | ||
+ | combined effect of tamper detection marking and transformation control | ||
+ | will help provide the secure dissemination and execution of mobile | ||
+ | code. The proposed research includes the development of a framework | ||
+ | and techniques to statically analyze mobile code and perform various | ||
+ | manipulations on that code to achieve the respective goals of tamper | ||
+ | detection and transformation control. | ||
+ | ===== Publications ===== | ||
+ | [[http://servo.cs.wlu.edu/pubs/handle/id/244/browse?value=Mobile+Code+Validation&type=project&sort_by=2&order=DESC|Our Publications]] | ||
===== Contributors ===== | ===== Contributors ===== | ||
- | Faculty: Dr. Lori Pollock | + | **Faculty:** Dr. Lori Pollock\\ |
- | Former Ph.D. Student: Ben Breech | + | **Collaborator:** Dr. Lisa Marvel, Army Research Laboratory\\ |
- | Former Undergraduate: Mike Tegtmeyer | + | **Former Ph.D. Student:** Mike Jochen\\ |
+ | **Former Undergraduate:** Anteneh Addis Anteneh | ||
+ | |||
+ | =====Funding===== | ||
+ | Army Research Lab Collaborative Technology Alliance\\ | ||
+ | National Science Foundation (NSF) ITR\\ | ||
+ | NSF REU | ||
+ |