Java Mobile Code Security by Bytecode Analysis

Since mobile code can migrate from a remote site to a host and can interact with the resources and facilities of the host, security becomes the key to the success of mobile code computation. Existing mobile code security mechanisms such as access control are not able to fully address the import security properties of the host including confidentiality and integrity. And these practices tend to protect the host from potential attacks by confining the mobile code, thus will impair the function of mobile code. Information-flow policy is a technique that can ensure confidentiality, however the analysis of the information flow is practically difficult. This paper describes an innovative approach to provide Java mobile code system security by bytecode analysis. The key technique of the approach is the dependence analysis adapted to information flow analysis. A security model for mobile code system is also proposed in this paper. By this approach, two major properties of the host security– integrity and confidentiality can be protected while the additional restriction on mobile code can be greatly avoided. A prototype has been implemented, which can be applied to analyze Java class file, applet and mobile agent.