Presentation
Download
Report
Transcript Presentation
Prepared By
: Awni Adnan AL-arab
Supervised By : Dr. Lo’ai Tawalbeh
Mobile code – a technique where code is
transferred from the computer system
that stores the codes file to the computer
system that executes the code
Mobile agent – a special type of mobile
code
Code fetching – user downloads the code
to be executed; initiative is with the
receiver of the code Java, O’Caml, Limbo
Agent – programmed to migrate
themselves; initiative is with the mobile
code itself Obliq, Telescript
Mobile code can:
Overwrite memory
Read private memory
Create machine code
and jump to it
Execute illegal
instructions
Obtain control
Infinite-loop (in a
system without
interrupts)
……
Abuse of API calls:
Read files on disk
Write files on disk
Obtain critical
locks
Denial of service
Perform operations
without holding
required lock
……
The issue of safe execution of code comes down
to a concern with access to system resources.
Any running program has to access system
resources in order to perform its task.
Traditionally, that access has been to all normal
user resources. 'Mobile Code' must have
restricted access to resources for safety.
However, it must be allowed some access in
order to perform its required functions. Just
which types of access and how these are to be
controlled is a key research issue.
The types of resources to which access is required
include:
file system
network
random memory
output devices (entire display, various
windows, speaker)
input devices (keyboard)
process control (access to CPU cycles)
user environment
system calls
One of the key issues in providing for safe
execution of 'mobile code' is determining
exactly which resources a particular code unit
is to be granted access to. That is, there is a
need for a security policy which determines the
type of access of any 'mobile code' unit. This
policy may be:
fixed for all 'mobile code' units
very restrictive but easy, and is the approach
currently used to handle applet security in
web browsers such as Netscape
that the user verifies each security-related
access request
relatively easy, but rapidly gets annoying,
and eventually is self-defeating when users
stop taking notice of the details of the
requests (whilst there is a place for querying
the user, it should be used exceedingly
sparingly)
Mobile agents are software
agents that have the ability to travel from one
place to another to do the work assigned to
them autonomously. A mobile agent can
interact with the hosts it visits and with the
other agents that happen to be on those hosts at
the same time.
Data collection from many places. Mobile agents
can be used to implement a network backup tool,
for instance. The tool can employ an agent to
periodically check and gather information from
every computer in the network. ·
Searching and filtering. A mobile agent could visit
many sites, search through the information
available at each site, and build an index of links to
pieces of information that match a search criterion.
· Monitoring. An agent could go to a stock market
host, wait for a certain stock to hit a certain price,
and then notify its user or even buy some of the
stocks on behalf of its user.
Nothing is for free; as mobile agents paradigm
facilitates network programming and distributed
computing in general, it also introduces a lot of
problems and challenges especially in the area
of security.
A mobile agent visiting a host will ask for some
services and resources from the host. These
resources should be protected from malicious or
erroneous agents. Also, an agent carrying some
private data such as credit card number or private
key of its owner should protect these data from
illegal access by the hosting server or other agents
on that server. Not only the carried data needs to
be protected but also sometimes we need to protect
the code of the agent itself
Another important aspect of agent security is
transferring the agent securely from its source
to the desired destination. Simply because
there may be some attackers listening to the
network either to learn some of the information
carried by the agent (passive attacks) or
modifying that information for their favor
(active attacks.)
three different approaches (sandboxing, digital
shrink-wrap, and proof-carrying code) used to
protect the host from a malicious agent.
Please install and
execute this.
Code producer
OK, but let me quickly look
over the instructions first.
Host
Code producer
Host
This store
instruction is
dangerous!
Code producer
Host
Can you prove that
it is always safe?
Code producer
Host
Yes! Here’s the proof I got from
my certifying Java compiler!
Can you prove that
it is always safe?
Code producer
Host
Code producer
Your proof checks out. I
believe you because I
believe in logic.
Host
Language executed by browser
Used in many attacks (to exploit other vulnerabilities)
With the assistance of some JavaScript code,
an attacker could construct a Web page or
HTML-based e-mail that could access any
cookie in the browser's memory or those
stored on disk ...
JavaScript runs
Before the HTML is loaded, before the document is viewed
While the document is viewed, or as the browser is leaving
The Component Object Model (COM) is
Microsoft's architecture for creating
programming objects that can be reused and
provide services to other programs
An ActiveX control is simply a COM object
that is designed to be downloaded and used
within web pages. Once an ActiveX control is
installed on the system it runs directly on the
workstation in the security context of the web
browser (normally the logged on user).
Warning
An ActiveX control can be an extremely insecure
way to provide a feature.
Why?
Component Object Model (COM )object, control can
do any user action
read and write Windows registry
access the local file system
Other web pages can attack a control
Once installed, control can be accessed by any page
Page only needs to know class identifier (CLSID)
Java is general programming language
Web pages may contain Java code
Java executed by Java Virtual Machine