| DARPA ISO
Sponsored Research
1999 Project Summary
Secure Execution of Mobile Programs
University of California, Davis |
| Project Website: |
http://pdclab.cs.ucdavis.edu |
| Quad Chart: |
QuadChart |
| Objective: |
The primary goal of the Ariel project
is to develop a distributed programming environment that supports migration
of both code and data among distributed hosts. The programming environment
will support a flexible programming model for customizing migration of
program components, an access control mechanism for protecting host
resources from malicious mobile programs, and scheduling algorithms for
controlling allocation of host resources to programs. |
| Approach: |
We are building the programming environment by
developing the following components of the programming environment:
-
Access control: Our approach to protecting local resources
from malicious code contains two components: (i) A declarative specification
language, which is used to specify a conditional access relationship
between a mobile program and a resource highlighting the conditions under
which the mobile program can access the resource. (ii) An enforcement
mechanism, which enforces the security policies of a site by generating
code for the policies and integrating them within the mobile programs and
the protected resources.
-
Resource consumption control: We are developing a scheduling
scheme that can be used to enforce constraints (both mobile program and
host defined) on how resources should be allocated to mobile programs.
The scheme involves building a scheduling graph that captures various non
real-time and real-time mobile programs and different constraints (such
as upper bound, share, weight and deadline constraints), traversing the
graph to enforce the different constraints, and resolving any conflicts
among the different constraints.
-
Programming environment: We are developing a distributed
programming model for supporting general purpose mobility of code and data
components of a program. The model will allow users, hosts, and runtime
system to dynamically customize the mobility properties of a code component.
|
| Recent FY-99
Accomplishments: |
The following are the FY-99 accomplishments:
-
Design and implementation of resource consumption control scheme and algorithms.
This has resulted in the development of a simulation environment and a
modified JVM that implements our scheme and algorithms. (Appears in ASA/MA'99)
-
Design and implementation of a modified Java virtual machine that supports
the ability to modify the behavior of classes during runtime. (To appear
in ECOOP'2000)
-
Design and implementation of an extensible access control mechanism. (To
appear in WWW'2000).
|
| FY-00 Plans: |
The primary goal during FY-00 is to develop
a runtime environment and integrate the different components within the
runtime environment. It includes the following:
-
Design and implementation of a programming model that supports general
purpose mobility of program components.
-
Development of a security model for the programming model.
-
Integration of the access control model within the runtime system.
-
Integration of the resource scheduling scheme within the runtime system.
-
Extension of the access control model to support security across multiple
sites.
-
Support for dynamic security policy distribution.
|
| Technology
Transition: |
Both Sun Microsystems and HP are potential targets
for our research effort. We will be making our research papers and prototypes
available for evaluation purposes. |
| Principal Investigator: |
PI Name: Raju Pandey
Organization: University of California, Davis
Address: Computer Science Department, University of California, Davis,
CA 95616
Phone: (530)-752-3584
Fax: (530)-752-4767
email: pandey@cs.ucdavis.edu
Admin Contact Name: Meshell Hays
Organization: University of California, Davis
Address: Computer Science Department, University of California, Davis,
CA 95616
Phone: (530)-752-7004
Fax: (530)-752-4767
email: hays@cs.ucdavis.edu |