On certifying mobile code for secure applications

Summary form only given. The security issues in mobile code arise from the fact that someone else´s program is running on your machine often without your knowledge and approval, often without controls on its privileges, and often without knowledge for how trustworthy that program is. Several different approaches have emerged for providing some assurance against malicious behavior. Javasoft implemented a “sandbox” for constraining the privileges of applets executing within a browser. Microsoft has implemented a trust-based approach called Authenticode which comes in the form of a certificate attached to any mobile piece of software. The approach espoused by this author is to combine the best of both solutions. The proposed solution involves distributing certificates with mobile code that verify not only the authenticity of the organization or individual that produced the code, but also the secure behavior of that code. Certification would be based on a process that involves testing the program for security-related defects (such as buffer overflow flaws) and verifying that the program is free from malicious code. The former activity can benefit from software reliability engineering (SRE), while the latter cannot. While SRE can be useful for producing reliable, if not correct, code, it does not address malicious intentions of either developers or hackers. To this end, software produced from an SRE process or otherwise must be certified as being free from security-related defects and malicious behavior