Protecting mobile code in the world

Proposed applications for mobile code systems include autonomous shopping agents, autonomic systems, distributed sensor network applications, and interstellar space networks. I argue the case for mobile code systems as the next-generation distributed programming paradigm and discuss the security problems that must be addressed before this vision is practically realizable. The security discussion will focus on protecting mobile code programs that execute in the wild from malicious actions by remote hosts.     

基于二维码的内外网物理隔离环境下的数据交换

针对保密性较高的工作数据或者其他原因导致的内外网物理隔离环境下数据交换困难的问题,通过对二维码生成和解析过程的研究,并且利用二维码可以携带数据、成本低和可随载体移动的特性,提出了使用二维码来解决一些特殊情况下的数据交换问题。由于单个二维码可携带数据有限,提出利用Protocol Buffer格式和LZMA压缩算法来简化和压缩需要通过二维码传输的数据,对于大型数据则采取多个二维码的组合方式传输。另外还简述了基于二维码的数据交换的应用前景。     

Mobile code daemons for networks of embedded systems

Originally implemented to support wireless sensor networks, the lightweight mobile code daemons works on wired networks as well. The mobile code daemon we present is based on a core network protocol called the remote execution and action protocol (REAP), which is responsible for passing messages between nodes within our network. The authors have implemented them to run on multiple operating systems and architectures. The daemons use a peer-to-peer indexing scheme to find mobile code packages as needed. Calls to the daemons are automatically dereferenced to find the proper package for a node's OS and hardware.     

An Approach to the Development of Flexible Multirobot Systems: the Potential of Using Mobile Code Technology

Building multirobot systems exploiting mobile code technologies: this is quite an attractive possibility that, if successfully exploited, could very much improve the flexibility in development of systems composed of multiple mobile robots. In this paper we present two main contributions that constitute a significant step toward this ambitious scenario. In particular, we present architectural and technological solutions that enable both the mobility of code in a network of robots and the interfacing between robotic platforms and mobile code. Although we are aware that the results presented in this paper are still preliminary and limited, we demonstrate their promising potential with experiments involving two mobile robots.     

基于移动代理的主动网络

在介绍主动网络的基础上,提出了一个在移动代理系统基础上建立的安全而高效的主动网络系统框架MANet(mobile agents based active network).通过将程序代码和数据封装成主动数据包在主动结点上作为代理来运行,这个框架实现了集成化的主动网络,并且通过基于CodeBroker的代码装载和缓存技术改善了整个主动网络的性能和灵活性.     

Mobile code paradigms and security issues

Programs are no longer constrained to execute on the nodes where they reside, and many systems therefore support code mobility. Although mobile code has yet to fully realize its promise of increased system flexibility, scalability, and reliability, the marketplace has embraced mobile code implementations such as Java.Jini, PostScript, and .NET. Several mobile code paradigms exist, and mobile code use raises many security concerns. Here, we map a taxonomy of mobile code paradigms to a taxonomy of network security vulnerabilities, revealing that many important security issues are being ignored.     

Programmable mobile networks

Existing mobile systems (e.g., mobile IP, mobile ATM and third generation cellular systems) lack the intrinsic architectural flexibility to deal with the complexity of supporting adaptive mobile applications in wireless and mobile environments. We believe that there is a need to develop alternative network architectures from the existing ones to deal with the demands placed on underlying mobile signalling, adaptation management and wireless transport systems in support of new mobile services, e.g. interactive multimedia and web access. In this paper we present the design, implementation and evaluation of mobiware, a middleware technology that enables the introduction of new services in mobile networks. Mobiware provides a toolkit that service providers can utilize to build services that can dynamically exploit the intrinsic scalable properties of mobile multimedia applications in response to time-varying mobile network conditions. Based on an open programmable networking paradigm, mobiware runs on mobile devices, wireless access points and mobile-capable switch/routers providing a set of open programmable interfaces and distributed objects for adaptive mobile networking. Mobiware is software-intensive and is built on CORBA and Java distributed object technologies. The source code for mobiware v1.0 is freely available (comet.columbia.edu/mobiware) for experimentation.     

QR二维码防钓鱼的研究

QR码(quick response code)是一种简单易用的矩阵条码。随着移动互联网的崛起和繁荣,已经广泛应用于人们的日常活动中。它给人们带来便利的同时,还伴有钓鱼网站、病毒软件、信息泄漏等网络安全风险和恶意攻击。越来越多的钓鱼攻击由传统的诱导式电子邮件转变为一扫即开的二维码,堂而皇之地在移动互联网世界里游荡。新闻稿中也屡见各种伪造二维码、钓鱼二维码导致人们的信息和财产受到损失的报道。目前流行的具有支持扫码功能的App如微信、支付宝等均无法有效甄别钓鱼网站。文中分析了QR码的基本结构和原理,钓鱼网站以及防范钓鱼的传统技术,从URL结构和网页内容两个方面分析钓鱼网站的异常特征,并且相应地给出检测方法和数学模型,设计并实现Android平台的QR码钓鱼网站识别技术。     

The SATIN Component System-A Metamodel for Engineering Adaptable Mobile Systems

Mobile computing devices, such as personal digital assistants and mobile phones, are becoming increasingly popular, smaller, and more capable. We argue that mobile systems should be able to adapt to changing requirements and execution environments. Adaptation requires the ability-to reconfigure the deployed code base on a mobile device. Such reconfiguration is considerably simplified if mobile applications are component-oriented rather than monolithic blocks of code. We present the SATIN (system adaptation targeting integrated networks) component metamodel, a lightweight local component metamodel that offers the flexible use of logical mobility primitives to reconfigure the software system by dynamically transferring code. The metamodel is implemented in the SATIN middleware system, a component-based mobile computing middleware that uses the mobility primitives defined in the metamodel to reconfigure both itself and applications that it hosts. We demonstrate the suitability of SATIN in terms of lightweightedness, flexibility, and reusability for the creation of adaptable mobile systems by using it to implement, port, and evaluate a number of existing and new applications, including an active network platform developed for satellite communication at the European space agency. These applications exhibit different aspects of adaptation and demonstrate the flexibility of the approach and the advantages gained     

手机二维码在国内的发展及应用

手机二维码是将二维条码和无线移动终端结合的产物,它一方面具有二维条码的特点,另一方面利用移动网络实现手机增值服务.文章介绍了手机二维码在国内的发展现状和成功应用案例.     

一种移动代理安全通信的方法

随着网络技术的发展,移动代理技术的应用前景越来越广阔,与此同时,其安全性问题也越来越重要。文章在分析移动代理安全隐患的基础上,提出了一种基于移动代理代码身份认证和处理结果加密的方法对移动代理及其携带的数据和处理结果提供保护。     

A survey of theories for mobile agents

This paper presents a comparative survey of formalisms related to mobile agents. It describes the -calculus and its extensions, the Ambient calculus, Petri nets, Actors, and the family of generative communication languages. Each of these formalisms defines a mathematical framework that can be used to reason about mobile code; they vary greatly in their expressiveness, in the mechanisms they provide to specify mobile code based applications and in their practical usefulness for the validation and the verification of such applications. In this paper we show how these formalisms can be used to represent the mobility and communication aspects of two mobile code environments: Obliq and Messengers. We compare and classify the different formalisms with respect to mobility and discuss some shortcomings and desirable extensions. We also point to other emerging concepts in formalisms for mobile code systems.     

Designing a videoconference system for active networks

Active networks are receiving increasing attention due to their promise of great flexibility in tailoring services to applications. This capability stems from the exploitation of network devices whose behaviour can be changed dynamically by applications, possibly using technologies and architectures originally conceived for mobile code systems. Notwithstanding the promise of active networks, real-world applications that clearly benefit by them are still missing. In this paper we describe the design of a videoconference system conceived expressly for operation over active networks. The goal of this activity is to pinpoint the benefits that mobile code and active networks bring to this application domain and to provide isnights for the exploitation of these concepts in other application domains.     

Remote Interaction with Mobile Robots

This paper describes an architecture, which can be used to build remote laboratories to interact remotely via Internet with mobile robots using different interaction devices. A supervisory control strategy has been used to develop the remote laboratory in order to alleviate high communication data rates and system sensitivity to network delays. The users interact with the remote system at a more abstract level using high level commands. The local robot's autonomy has been increased by encapsulating all the robot's behaviors in different types of skills. User interfaces have been designed using visual proxy pattern to facilitate any future extension or code reuse. The developed remote laboratory has been integrated into an educational environment in the field of indoor mobile robotics. This environment is currently being used as a part of an international project to develop a distributed laboratory for autonomous and teleoperated systems (IECAT, 2003).     

Threaded Runtime Support for Execution of Fine Grain Parallel Code on Coarse Grain Multiprocessors

The goal of this research is to provide systems support that allows fine grain, data parallel code to execute efficiently on much coarser grain multiprocessors. The task of writing parallel applications is simplified by allowing the programmer to assume a number of processors convenient to the algorithm being implemented. This paper describes and evaluates a runtime approach that efficiently manages thousands of virtual processors per actual processor. The limits in using user-level threads as fine grain virtual processors are identified. Key techniques used are tight integration and specialization of scheduling, communication, optimized context switching, and fine-tuned stack management. A prototype of this runtime approach is evaluated by comparing implementations of three problems, a smoothing kernel of a thin-layer Navier–Stokes code, a five point stencil problem, and a block bordered system of linear equations on an Intel Paragon multiprocessor and on a network of DEC Alpha workstations. The additional cost relative to an efficient manually contracted code can be as low as 15% for granularities of 50 floating point operations per virtual processor and is typically 5–20% for granularities of about 100 floating point operations per virtual processor. The overhead is analyzed in detail to show the costs of scheduling, communication, context switching, reduced memory performance, and insuring data consistency. The implementation and analysis indicate that fine grain code can be efficiently executed on a coarse grain multiprocessor using very lightweight, specialized threads.     

A Modular Approach to Mobile QoS Signaling— Motivation,Design & Implementation

In order to support mobile multimedia applications in next generation wireless IP-based networks, it is necessary to deliver seamless voice, video and data at high quality. Therefore, session mobility and Quality of Service (QoS) for mobile end systems are required. Within this article, the authors point out a new way to approach the problem. Instead of tightly coupling a modified QoS signaling mechanism with a certain mobility mechanism, a more generic and long-term solution is proposed and exemplified on the basis of existing IETF protocols. The connection-less IP network layer is enhanced by a lightweight and truly optional connection-oriented mobile network service, which offers the possibility to establish soft state unicast connections at the network layer. Hence, a connection-oriented network service is available within a radio access network (RAN) architecture to all end systems—mobile or fixed—independent of the application. Thereby, it is possible to integrate QoS and connectivity signaling for mobile end systems, as well as other connection-oriented services like explicit routing or load balancing.     

Experiences building a communication‐oriented JavaOS

Mobile code makes it easier to maintain, debug, update, and customize a system. Active networks are one of the more interesting applications of mobile code: code is injected into the nodes of a network to customize the network's functionality, such as routing, and to add new features, such as special‐purpose congestion control and filtering algorithms. The challenge is to develop a communication‐oriented platform for such systems. We refer to mobile code targeted at low‐level, communication‐oriented systems like active networks as liquid software, the key distinction being that liquid software is focused on the efficient transfer of data, not high‐performance computation. To this end, we have designed and implemented Joust, which consists of a complete re‐implementation of the Java virtual machine (including both the runtime system and a just‐in‐time compiler), running on the Scout operating system (a configurable, communication‐oriented OS). The result is a configurable, high‐performance platform for running liquid software. We present the results of implementing two different applications of liquid software on Joust, including a prototype architecture for active networks. Copyright © 2000 John Wiley & Sons, Ltd.     

Protecting network users in mobile code systems

Conventional access control mechanisms are rather insensitive to occurrences of context-dependent illegal accesses. Insensitivity to context-dependent accesses may lead to failure to protect network users and resources. Context-dependent illegal accesses resulting from data and privilege flows in open networks cannot be prevented by either authentication or access control mechanisms since unauthorized access need not be attempted. In this paper we present a protection model which tracks data and privilege flows in mobile code systems. It can uniformly define various types of illegal access patterns and has the advantage of preventing context-dependent illegal accesses such as those caused by inadvertent execution of remote mobile code containing viruses or Trojan Horses. The proposed flow control model is expected to complement the conventional model for access control.     

针对 BYOD 的网络入口边界安全研究

近年来,云计算业务平台的广泛应用强化了研究人员对于移动设备的依赖性。员工携带自己的设备（Bring Your Own Devices, BYOD）已经成为当前移动办公的主要趋势。针对BYOD环境中的数据泄露和恶意代码等问题,提出了一种跨平台的安全解决方案。该方案应用无客户端网络准入控制方式获取终端属性,并在向量表示法的基础上,为CPU空闲率等特殊属性设计了一种动态数值型评估方式。因此,该方案能够对进入网络的移动智能终端进行准确地可信评估,将终端分别判入可信域、非可信域和隔离域,确保最终进入网络的BYOD设备处于可信状态,以实现网络入口边界安全。实验结果表明本文方案比现有方案在移动智能终端安全状态的评估和防止对数据的非法访问等方面具有更好的效果。     

Formulae Meet Programs Over the Net: A Framework for Correct Network Aware Programming

A general framework for network aware programming is presented that consists of a language for programming mobile applications, a logic for specifying properties of the applications and an automatic tool for verifying such properties. The framework is based on X-KLAIM, eXtended KLAIM, an experimental programming language specifically designed to program distributed systems composed of several components interacting through multiple tuple spaces and mobile code. The proposed logic is a modal logic inspired by Hennessy-Milner logic and is interpreted over the same labelled structures used for the operational semantics of X-KLAIM. The automatic verification tool is based on a complete proof system that has been previously developed for the logic.