CAREER: Type Systems for Secure Code Migration

0347542 CAREER: Type Systems for Secure Code Migration James Riely Distributed systems increasingly rely on forms of code migration, such as client-side scripting, downloaded plugins, application service providers, and networked class loading. In executing migrating code, trust becomes an important issue: why should a host trust some newly arrived code to run locally? And why should a migrating agent trust the host where it is now running? One part of a trust architecture can be the use of type-checking: a host trusts a newly arrived agent if it can type-check it. This project uses semantic techniques to provide a formal basis for trust issues in distributed object-oriented systems with code migration. The formal models are a basis for a prototype language implementation that provides a secure infrastructure for distributed application development. The following issues are addressed: foundations of distributed objects, security properties of code migration, and code migration to hostile hosts. Work on object foundations brings together research on the semantics of class-based and aspect-oriented languages and distributed process-calculi. Work on security properties focuses on the problem of untrusted migrating agents: when can a host trust a newly arrived agent? The problems are formalized using type systems incorporating trust and models of encryption and digital signatures in order to transmit trust across the network. Work on hostile hosts addresses the other side of the coin: when can a mobile agent trust the host it is running on? If the host has been compromised, then the results of running the agent cannot be trusted. However, a notion of partial trust may be developed, again using encryption and digital signatures.