Owen Arden, Michael D. George, Jed Liu, K. Vikram, Aslan Askarov, and Andrew C. Myers
Department of Computer Science, Cornell University
Mobile code is now a nearly inescapable component of modern computing, thanks to client-side code that runs within web browsers. The usual tension between security and functionality is particularly acute in this setting, and current mobile code platforms disappoint on both dimensions.
We introduce a new architecture for secure mobile code, with which developers can securely use, publish, and share mobile code across trust domains. This architecture enables new kinds of distributed applications, and makes it easier to securely reuse and evolve code from untrusted providers. The architecture gives mobile code considerable expressive power: it can securely access distributed, persistent, shared information from multiple trust domains, unlike web applications bound by the same-origin policy. The core of our approach is analyzing how flows of information within mobile code affect confidentiality and integrity. Because mobile code is untrusted, this analysis requires novel constraints on information flow and authority.
We show that these constraints offer principled enforcement of strong security while avoiding the limitations of current mobile-code security mechanisms. We evaluate our approach by demonstrating a variety of mobile code applications, showing that new functionality can be offered along with strong security.
[ Full paper (PDF) ]