Mobile code integrity through static program analysis, steganography, and dynamic transformation control.

摘要

Mobile software provides a highly desirable and flexible form of computing, but creates complex security considerations beyond those associated with the traditional mode of computing. Execution environments with the ability to modify a program at run time compound the risks associated with mobile software. These dynamic program transformation environments could be used to introduce malicious code by transforming an otherwise safe program in a nefarious manner. Inadequate security can have profound, detrimental effects for both the producer and the consumer of mobile code.;Validating the integrity of software is one important criterion for safe execution on the client machine. However, networked devices with severely constrained bandwidth or power resources could handle delivery and management of integrity data much more efficiently than methods currently in use today. Techniques to control how a program evolves in a dynamic transformation environment, based on formal security policy, are also lacking. Prior to this research, techniques to control program transformation based on security policy did not exist.;This research presents a general tamper detection framework along with the design and implementation of two systems to validate program integrity for various forms of mobile computer programs. The tamper detection framework utilizes hybrid steganographic-cryptographic techniques to encode program authentication data by embedding a fragile watermark within a program. Using steganographic techniques to communicate this authentication data greatly simplifies the storage and management of the data. The fragile watermark can be used to authenticate the sender and to validate the integrity of a mobile program.;This dissertation is the first to provide techniques to control dynamic program transformations based upon specified security policy. The developed program transformation control framework is based on a control language which describes transformation policy to the runtime environment. The transformation controls will enable only those program transformations to be applied to the software that are acceptable to the specified policy, thereby controlling how the program is modified at runtime.;The major contributions of this dissertation are (1) identifying key weaknesses in current tamper detection techniques, (2) presenting the development and evaluation of novel techniques and frameworks that utilize static analysis of mobile code to embed and validate a tamper detection mark within mobile code, (3) identifying key weaknesses in current validation techniques for dynamically transforming program files, and (4) presenting the development and evaluation of novel techniques and frameworks that utilize a language developed to specify controls for dynamic program transformations to mobile code. The tamper detection component enables the insertion, extraction, and validation of a tamper detection mark in mobile code while maintaining semantic equivalence to the original code. The transformation controls enable dynamic program transformation to occur on a running program within a user-specified set of permissible transformations. The combined effect of tamper detection marking and transformation control helps provide for the safe dissemination and execution of mobile code through validation of program integrity.