Abstract
Sandboxes, code signing, firewalls, and proof carrying code are all techniques that address the inherent security risks of mobile code. The article summarizes the relative merits of each. It is concluded that each of these techniques offers something different, and the best approach is probably a combination of security mechanisms. The sandbox and code signing approaches are already being hybridized. Combining these with firewalling techniques such as the playground gives an extra layer of security. The PCC approach is not yet ready for prime time, but the ability to prove safety properties of code is an important element in the arsenal available for securing mobile code. None of the techniques can do much to protect users from social engineering attacks, where a user is somehow fooled into revealing something they shouldn't reveal. For example, JavaScript can be employed in a way that fools a user into revealing passwords to a remote server. Java applets could be used to do this as well, even under the strictest security policy. User education is the only way to combat mobile code attacks that are based on social engineering.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
