CHAPTER 17

MOBILE CODE

Robert Gezelter

17.1 INTRODUCTION

17.1.1 Mobile Code from the World Wide Web

17.1.2 Motivations and Goals

17.1.3 Design and Implementation Errors

17.2 SIGNED CODE

17.2.1 Authenticode

17.2.2 Fundamental Limitations of Signed Code

17.2.3 Specific Problems with the ActiveX Security Model

17.2.4 Case Studies

17.3 RESTRICTED OPERATING ENVIRONMENTS

17.3.1 Java

17.4 DISCUSSION

17.4.1 Asymmetric, and Transitive or Derivative, Trust

17.4.2 Misappropriation and Subversion

17.4.3 Multidimensional Threat

17.4.4 Client Responsibilities

17.4.5 Server Responsibilities

17.5 SUMMARY

17.6 FURTHER READING

17.7 NOTES

17.1 INTRODUCTION.

At its most basic, mobile code is a set of instructions that are delivered to a remote computer for dynamic execution. The problems with mobile code stem from its ability to do more than just display characters on the remote display.

It is this dynamic nature of mobile code that causes policy and implementation difficulties. A blanket prohibition on mobile code is secure, but that prohibition would prevent users of the dynamic Web from performing their tasks. It is this tension between integrity and dynamism that is at the heart of the issue.

The ongoing development of computer-based devices, particularly personal digital assistants (PDAs) and mobile phones, has broadened the spectrum of devices that use mobile code, and therefore are vulnerable to related exploits. The advent of the Apple iPhone in 2007 highlighted this hazard.¹

Several definitions, ...