Towards a Mobile Code Management Environment for Complex,Real-Time,Distributed Systems

We present a novel mobile code management environment,currently under design and development. Our design employs anopen architecture, suitable for ``plug-and-play' with COTS andother groups' tools. While we have studied new algorithms, costand objective functions, and other fundamental issues, the maincontribution of this experimental research work is in the environmentitself. It should be noted that networked platforms, such asthe World Wide Web, are inherently not suitable for traditional,predictable real-time applications. Thus, real-time concernsnecessarily need to be blended with others concerns, and thetarget applications, making use of our environment, will toobe a blend of partially hard real-time and partially (or mostly)soft-real- time ones. The prototype environment will thereforesupport performance-based analysis and management focusing notonly on predictability but also on compilation, efficiency, safetyand other tradeoffs. We have selected the Java language and itsbytecode format as a representation for mobile code as well asa language for our implementation.     

移动代码安全

本文介绍了网络安全所应考虑的几个方面,重点说明了移动代码中存在的安全问题,分析了其基本的原理,并介绍了两种弥补措施:证据携带码和基于历史的访问控制。     

对机器语言进行检查保证移动代码安全

介绍了一种在安全策略语言的指导下,对机器语言进行安全检查的方法。它使用基于编程语言的理论和实现技术,通过分析程序语义和系统调用等特征,对程序进行检查。安全策略语言提供了一种灵活、统一的安全描述手段,希望这种将安全检查的实现机制和检查内容分离的做法能给其他的研究者提供了有用的参考。     

Abstraction-Carrying Code: a Model for Mobile Code Safety

Proof-Carrying Code (PCC) is a general approach to mobile code safety in which programs are augmented with a certificate (or proof). The intended benefit is that the program consumer can locally validate the certificate w.r.t. the “untrusted” program by means of a certificate checker—a process which should be much simpler, efficient, and automatic than generating the original proof. The practical uptake of PCC greatly depends on the existence of a variety of enabling technologies which allow both proving programs correct and replacing a costly verification process by an efficient checking procedure on the consumer side. In this work we propose Abstraction-Carrying Code (ACC), a novel approach which uses abstract interpretation as enabling technology. We argue that the large body of applications of abstract interpretation to program verification is amenable to the overall PCC scheme. In particular, we rely on an expressive class of safety policies which can be defined over different abstract domains. We use an abstraction (or abstract model) of the program computed by standard static analyzers as a certificate. The validity of the abstraction on the consumer side is checked in a single pass by a very efficient and specialized abstract-interpreter. We believe that ACC brings the expressiveness, flexibility and automation which is inherent in abstract interpretation techniques to the area of mobile code safety.

---

     

Towards Anonymous Mobile Community services

In the current market conditions, network operators are in search of novel value-added services that will increase their revenue. This paper introduces the innovative concept of Anonymous Mobile Community (AMC) services and thoroughly defines and describes a robust platform targeted for their deployment. AMC services take advantage of the terminals’ capabilities to collect information and deliver it to the network. In this context, terminals are enabled to form communities that serve as sources of information. In these communities, the anonymity and privacy of the end-users are respected and guarded. Several examples of promising AMC services are presented and categorized. An indicative example application is the provision of real-time information regarding road-traffic conditions, based on the location and speed of mobile terminals. A system aiming at the provision of diverse AMC services is proposed, and its requirements, architecture and functionality are described in detail. The related scalability issues and business models are carefully outlined, and a use case scenario as well as trial results are presented.     

基于提示的移动代码安全检查

基于语言内部安全机制能够有效地保证移动代码的安全执行，其思想是要在移动代码中附加详细且足够的满足安全策略检查的注解信息．基于提示的移动代码的安全检查，克服了目前PCC存在的验证条件必须回送和证明长度过于庞大等缺陷，从而获得了更佳的代码安全检查性能．     

Building Agile Systems with Mobile Code

Mobile code has been championed as a solution to a plethora of software problems. This paper describes investigative work undertaken in order to evaluate the mobile code abstractions of Mobile Agents and Mobile Objects, and to understand the implications of using these abstractions to build distributed systems.We describe two systems built to support the Sales Order Process of a distributed manufacturing enterprise, using IBM's Aglets Software Development Kit. The Sales Order Process model and the requirements for agility used as the basis for these implementations are derived from data collected in an industrial case study.Both systems are evaluated using the Goal/Question/Metric methodology. Two new metrics for Semantic Alignment and Change Capability are presented and used to evaluate each system with respect to the degree of system agility supported. The systems are evaluated through a set of scenarios generated during the case study in an attempt to see if they support system integration and agility in the manufacturing domain. Further we examine the implications of using a mobile code abstraction when compared with the abstraction offered by traditional distribution technology.The work described provides evidence that both Mobile Agent and Mobile Object systems have inherent properties that can be used to build agile distributed systems. Further, Mobile Agents with their additional autonomy provide marginally greater support.     

移动代码的安全性研究

该文首先剖析了移动代码的计算过程,在此基础上讨论了移动代码在生成环境、执行环境采取的安全机制,并从语言层次的角度分析了移动代码的安全性。     

移动代码加密理论研究

“如何保护移动代码不受结点主机的篡改”是移动智能体及主动网安全机制的研究难点,传统采用防篡改硬件保护法而对基于密码学的纯软件保护法研究很少．介绍了该类方法的研究现状并着重阐述了移动代码加密理论的产生背景、盲计算理论基础、与传统加密理论差异及该理论目前所存在的问题,提出了面向对象的加密理论概念,指出其未来的研究方向及潜在的应用领域．     

Quantifying the Benefits of SSA-Based Mobile Code

High-performance just-in-time compilers for Java need to invest considerable effort before actual code generation can commence. This is in part due to the very nature of the Java Virtual Machine, which is not well matched to the requirements of optimizing code generators. Alternative transportation formats based on Static Single Assignment form should theoretically be superior to virtual machines, but this claim has not previously been validated in practice. This paper revisits the topic and attempts to quantify the effect of using an SSA-based mobile code representation (IR) instead of a virtual-machine based one.To this end, we have integrated full support for a verifiable SSA-based IR into Jikes RVM, an existing Java execution environment. The resulting system is capable of loading and executing Java programs represented in either format, traditional JVM bytecode as well as the SSA-based representation, and it can even execute programs made up of a mixture of the two formats. In our implementation, the two alternative just-in-time compilation pipelines share a common low-level code generator.Performance results are encouraging and show simultaneous improvements in both compilation time and code quality relative to Jikes RVM's standard optimizing compiler for JVM class files. They support the hypothesis that SSA-based intermediate representations offer advantages in the context of just-in-time compilation.     

Towards reliable self-clustering Mobile Ad Hoc Networks

With the introduction of Mobile Ad Hoc Networks (MANETs), nodes are able to participate in a dynamic network which lacks an underlying infrastructure. In this paper, we present a novel approach to improve the search efficiency and scalability of MANETs by clustering nodes based on trust mechanism. In our method, the trust relationship is formed by evaluating the level of trust using Bayesian statistic analysis, and clusters can be formed and maintained autonomously by nodes with only partial knowledge. Simulation results show that each node can form and join proper clusters based on their trust degree, and the cluster-based search algorithm with trust mechanism outperforms over those in current popular clustering models.     

What We Can Learn About Malicious Mobile Code

Just as graffiti has been around for as long as humans have been capable of written communication, malicious mobile code has existed for as long as humans have mastered digital communication. It is only in the last few years that viruses and worms have become worthy of mainstream media attention. The first notable instance was the ‘Apple Virus’ that broke out in 1981. By 1986, one of the first PC based viruses — ‘The Brain’ — had been created.     

使用CCF保护移动代码的实现研究

如何使用加密方法保护智能体不受恶意主机的攻击是近些年来移动智能体安全研究方面的关键问题。最近的基于“加密函数”的计算方法局限于只有智能体的源发处知道计算结果。在文章的前序论文——ProtectingAutonomousAgentsbyUsingCCF中,提出了一种新的方案CCF(Crypto-ComputingwithFeedback,带反馈的加密计算),它支持自治智能体在远程主机上完成安全计算。文章先简单说明CCF的原理,然后介绍实现这一系统的设计方案。     

Interactive and Probabilistic Proof of Mobile Code Safety

This paper proposes a new proof-based approach to safe evolution of distributed software systems. Specifically, it extends the simple certification mechanism of proof-carrying code (PCC) to make it interactive and probabilistic, thereby devising interactive proof-carrying code (iPCC). With iPCC, a code consumer is convinced, with overwhelming probability, of the existence and validity of a safety proof of a transmitted code through interaction with a code producer. The iPCC mechanism theoretically solves the problem of proof explosion with PCC and can be used to efficiently prove a greater variety of safety properties that may require longer proofs. Technically, the class (PSPACE) of safety properties that are efficiently provable by iPCC is larger than the class (NP) efficiently provable by PCC. To illustrate the power of iPCC, this paper demonstrates that the verification of certain basic safety properties of typical machine instruction codes needs co-NP-complete computation, and shows how these safety properties can be efficiently verified by the iPCC mechanism.This is an extended and revised version of Tsukada (2001a), which appeared in the Proceedings of the 2000 International Symposium on Principles of Software Evolution. A preliminary version was also presented at the International Conference on Advances in Infrastructure for Electronic Business, Science, and Education on the Internet (Tsukada, 2001b).     

基于Java的移动通信汉字编码的研究

对移动通信中Java手机的汉字处理出现的问题进行了分析与探讨,提出了基于UNICDOE编码的且使用UTF-8编码做存贮与交换的解决方法,详细阐述了UNICODE与UTF-8编码之间的转换算法。     

Mobile Agent的远程代码动态装配研究

针对Mobile Agent整体迁移时的缺点,文中提出了Mobile Agent的远程代码动态装配思想,即把部分执行代码存放在迁移节点,Agent在此节点运行时进行动态组装,运行完毕后动态拆卸。探讨了在此思想下Agent实体以及Agent Server的结构,分析了Agent的执行流程和执行效率。     

基于代理的移动组播协议分析

具有针对性地对基于组播代理的移动组播协议进行讨论,对已经提出的属于这一类的移动组播算法从体系结构、组管理和组播分组传输方法,以及组播服务切换三方面进行分析,深入剖析了这些算法的优点和缺陷,并对这些协议综合对比.最后,对基于代理的移动组播进行深层次的总结分析,并提出今后的研究重点.     

基于重定义JVM类加载器移动代码的安全

移动代理代码在目标主机代理平台上加载运行中,存在着其意图易被探测、泄露、修改的安全隐患。论文通过采用重建虚拟机的系统类加载器和自定义类加载器的方法解决这一安全问题。