Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing

摘要

We present an approach to protect mobile code and agents at runtime using Trusted Computing (TC) technologies. For this purpose, a "mobile policy" is defined by the mobile code originator, and is enforced by the runtime environment in a remote host to control which users can run the mobile code and what kind of results a user can observe, depending on the security properties of the user. The separation of policy specification and implementation mechanism in existing mobile computing platform such as Java Runtime Environment (JRE) enables the implementation of our approach by leveraging current security technologies. The main difference between our approach and existing runtime security models is that the policies enforced in our model are intended to protect the resources of the mobile applications instead of the local system resources. This requires the remote runtime environment to be trusted by the application originator to authenticate the remote user and enforce the policy. Emerging TC technologies such as specified by the Trusted Computing Group (TCG) provide assurance of the runtime environment of a remote host.