This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
projects:mobilecode [2011/08/24 13:23]
sprenkle created
projects:mobilecode [2011/08/24 13:35] (current)
sprenkle Page moved from project:mobilecode to projects:mobilecode
Line 1: Line 1:
-====== ​Testing ​Program-based Security Mechanisms ​======+====== ​Mobile Code Validation through Static ​Program ​Analysis, Steganography,​ and Transformation Control ​======
-Security vulnerabilities in program can lead to severe damage. The best solution to these problems is to change programming practices. Howeverthis may not be practical due to the expense involvedThis can be addressed by program-based ​security ​mechanisms which either fix the damage caused by an attack or detect the attack ​and kill the programThese mechanisms adjust some part of the system environment (such librariesor the OS) or adjust the compiler ​to add code to the final executable.+Mobile code provides ​highly desirable and flexible form of 
 +computingbut creates complex security considerations beyond those 
 +associated with the traditional mode of computing ​Inadequate 
 +security ​can cause profound, detrimental effects for both the producer 
 +and the consumer of mobile code ​Unfortunatelyexisting security 
 +methods fail to adequately protect users of mobile ​code.  The risks 
 +and potential damages increase when programs are permitted ​to 
 +automatically transform or react to their computation environmentOur 
 +hypothesis is that static analysis of mobile code can be utilized to 
 +protect code producers and consumers by 
-While many such mechanisms exist, testing of these mechanisms is often poor because vulnerabilities involve ​the uncommon case. As such, security mechanisms are usually tested by applying ​the mechanism ​to program ​with a known exploit. Thus, the mechanism is tested in a specific instance rather than in a general fashion.+  - embedding a tamper detection mark in the code and 
 +  - generating a Transformation Control Specification for the program ​to control how the program ​can evolve over time.
-Our research focuses upon building a framework ​to allow for the automated and general testing ​of program-based security mechanisms. The framework is built upon dynamic ​compilers. The testing procedure ​within the framework ​is to apply the mechanism to any program ​and then run the program as would normally be done. During ​execution, the framework dynamically inserts attacks to demonstrate the effectiveness ​of the mechanismFurthermore, ​the framework ​may allow for the quick prototyping ​of new solutions+The tamper detection mark will be able to reveal ​the 
- +existence ​of any tampering with the code after its insertion without 
-Publications+requiring additional bandwidth The Transformation Control 
 +Specification will be used by dynamic, adaptive recompilation 
 +environments to control how/what transformations are applied to the 
 +program The proposed approach to embedding the mark within the code 
 +is to develop hybrid steganographic-cryptographic techniques. ​ The 
 +combined effect of tamper detection marking ​and transformation control 
 +will help provide ​the secure dissemination and execution of mobile 
 +code The proposed research includes ​the development of a framework 
 +and techniques to statically analyze mobile code and perform various 
 +manipulations on that code to achieve ​the respective goals of tamper 
 +detection and transformation control
 +===== Publications ===== 
 +[[http://​servo.cs.wlu.edu/​pubs/​handle/​id/​244/​browse?​value=Mobile+Code+Validation&​type=project&​sort_by=2&​order=DESC|Our ​Publications]]
 ===== Contributors ===== ===== Contributors =====
-Faculty: Dr. Lori Pollock +**Faculty:** Dr. Lori Pollock\\ 
-Former Ph.D. Student: ​Ben Breech +**Collaborator:​** Dr. Lisa Marvel, Army Research Laboratory\\ 
-Former Undergraduate: ​Mike Tegtmeyer+**Former Ph.D. Student:** Mike Jochen\\ 
 +**Former Undergraduate:​** Anteneh Addis Anteneh 
 +Army Research Lab Collaborative Technology Alliance\\ 
 +National Science Foundation (NSF) ITR\\ 
projects/mobilecode.1314206589.txt.gz · Last modified: 2011/08/24 13:23 by sprenkle
  • 213 Smith Hall   •   Computer & Information Sciences   •   Newark, DE 19716  •   USA
    Phone: 302-831-6339  •   Fax: 302-831-8458