DARPA ISO Sponsored Research

1999 Project Summary
Secure Execution of Mobile Programs
University of California, Davis

Project Website:  http://pdclab.cs.ucdavis.edu
Quad Chart:  QuadChart
Objective: The primary goal of the Ariel project is to develop a distributed programming environment that supports migration of both code and data among distributed hosts. The programming environment will support a flexible programming model for customizing migration of program components, an  access control mechanism for protecting host resources from malicious mobile programs, and scheduling algorithms for controlling allocation of host resources to programs. 
Approach: We are building the programming environment by developing the following components of the programming environment: 
  • Access control: Our approach to protecting local resources from malicious code contains two components: (i) A declarative specification language, which is used to specify a conditional access relationship between a mobile program and a resource highlighting the conditions under which the mobile program can access the  resource. (ii) An enforcement mechanism, which enforces the security policies of a site by generating code for the policies and integrating them within the mobile programs and the protected resources. 
  • Resource consumption control: We are developing a scheduling scheme that can be used to enforce constraints (both mobile program and host defined) on how resources should be allocated to mobile programs. The scheme involves building a scheduling graph that captures various non real-time and real-time mobile programs and different constraints (such as upper bound, share, weight and deadline constraints), traversing the graph to enforce the different constraints, and resolving any conflicts among the different constraints. 
  • Programming environment: We are developing a distributed programming model for supporting general purpose mobility of code and data components of a program. The model will allow users, hosts, and runtime system to dynamically customize the mobility properties of a code component. 
Recent FY-99 Accomplishments: The following are the FY-99 accomplishments: 
  • Design and implementation of resource consumption control scheme and algorithms. This has resulted in the development of a simulation environment and a modified JVM that implements our scheme and algorithms. (Appears in ASA/MA'99)
  • Design and implementation of a modified Java virtual machine that supports the ability to modify the behavior of classes during runtime. (To appear in ECOOP'2000)
  • Design and implementation of an extensible access control mechanism. (To appear in WWW'2000). 
FY-00 Plans:  The primary goal during FY-00 is to develop a runtime environment and integrate the different components within the runtime environment. It includes the following: 
  • Design and implementation of a programming model that supports general purpose mobility of program components.
  • Development of a security model for the programming model.
  • Integration of the access control model within the runtime system.
  • Integration of the resource scheduling scheme within the runtime system.
  • Extension of the access control model to support security across multiple sites.
  • Support for dynamic security policy distribution.
Technology Transition: Both Sun Microsystems and HP are potential targets for our research effort. We will be making our research papers and prototypes available for evaluation purposes.
Principal Investigator: PI Name: Raju Pandey 
Organization: University of California, Davis 
Address: Computer Science Department, University of California, Davis, CA 95616 
Phone: (530)-752-3584 
Fax: (530)-752-4767 
email: pandey@cs.ucdavis.edu 

Admin Contact Name: Meshell Hays 
Organization: University of California, Davis 
Address: Computer Science Department, University of California, Davis, CA 95616 
Phone: (530)-752-7004 
Fax:  (530)-752-4767 
email: hays@cs.ucdavis.edu

Return to the ITS Project Summary Page  ]