While a vast body of knowledge on cryptographic algorithms exists that provide a core foundation for secure systems, only a small amount of research has been completed in studying security issues in mobile operating system settings. Conventional security controls work well for stationary code, but quickly breakdown with code mobility. In this dissertation, we investigate the need for end-to-end security in mobile and wireless operating environments. We study the implication of mobility—specifically, ways in which the operating system may facilitate mobile code security. We suggest a framework for designing security into mobile code and handheld devices by (a) building encryption into the mobile device itself, providing end-to-end security and eliminating carrier-provided encryption overhead and (b) by equipping the mobile code with software protection mechanisms to defend itself against attacks from malicious hosts and other mobile code. The framework transforms ordinary mobile code into survivable software objects capable of withstanding lasting automated attacks. |