Mobile Code Security Based On Trusted Computing Technology

With the rapid development of broadband network technology, mobile code technology has a great deal of development and promises well. Oftentimes mobile code takes a variety of forms including active contents,scripting,macro,applet,custom control and so on, these dynamic programs that can move across network are often referred to as "mobile code". However, the security problem with mobile code technology obstructs its wide application in real business. Among these security problems, how to protect mobile code from malicious host and how to protect host platforms from malicious mobile code are new issues that cannot be dealt by traditional technologies. In this thesis, we aim at solving these problems based on trusted computing.Trusted computing is one of the focuses of recent research. According to trusted computing, the trustworthiness of code is based on its behavior rather than static characteristics. It meets the development trend of information security. This thesis firstly applies trusted computing technology to solve the security problems of mobile code. We hope the research work can also promote the application of trusted computing rapidly.The security problems and security requirements in mobile code system are analyzed. It is obviously that the existing malicious code detection algorithms which are based on static characteristics have some drawbacks. We get the conclusion that in order to solve the security problems of unknown mobile codes, we should focus on the trustworthiness of its behavior based on trusted computing technology. In this thesis, we propose a three-level protection model to deal with mobile code security problems. In this model we consider code behavior characteristics as basic starting point, and try to build a comprehensive protection architecture. Main research work and key contributions of this dissertation are as follows:1. Considering source controlling as dominate idea, we propose a trusted network connect control strategy which calculates the "healthy status" of a terminal based on analyzing the real-time characteristics of its behavior and process activity. It protects a network and its internal terminals by checking the identification and "healthy status" of each terminal attempting to access the protected network. Then the external terminal which could be getting potential risk will be isolated from the network. Compared with the existing methods which are based on static characteristics, our strategy can get better performance, especially, on identifying and isolating the terminals with potential risk.2. Automated trust negotiation based Trust Mobile Code Verification Model (ATNMCVM) is proposed in this thesis, which establishes trust between strangers with iterative disclosure of credentials and security policies. In addition, the sensitive property and private privacy can be protected in ATNMCVM.3. Inspired by the research of attack tree model, we present a new malicious code detection algorithm based on behavior characteristics by importing improved attack tree model to describe the entity relationships during the malicious code execution time. It is named IBC-DA. The experiments result shows that the proposed algorithm works in most cases of detection and only has minor errors in few conditions. This algorithm has very positive sense for unknown malicious code detection.4. Combining trusted computing with object-oriented method, we propose a new trust extended object-oriented security model (TEOOSM), which can be applied to the access control system of Mobile Codes. Because mobile codes have strong ability of being independent, autonomic, mobile, and mixed with data, it is ineffective to handle their security issues with traditional access control systems. Our model encapsulates the code and data, utilize the trusted status measurement, and then effectively protect platforms, codes and data from being destroyed by malicious codes or systems.5. Environmental key generation can be used when mobile code producer (MCP) needs mobile code consumer (MCC) to decrypt the code correctly only if some special environmental conditions are true. In this thesis, we introduce a new approach, which is based on environmental key generation, to protect sensitive information within mobile code. It is achieved through introduction of Trusted Computing technology-Sealing. Our approach uses the combination of hardware and software technology, so it is tamper-resistant to attackers.