Penn State University                        

Security and Reliability

[Home] [Research] [Publications] [Resume] [Contact Information] [Links]

 

 

Security and Reliability

Security is an omnipresent issue in computer systems. My work on computer security has attacked two problems. One deals with mobile code security and the other with secure code partitioning.

 

In the mobile security front I considered the problem of the privacy of mobile code. When host A needs to execute code on host B, it sends the code to host B.  The code is then executed by host B and the results are sent back to host A. The main issues that have been addressed by prior efforts have been to 1) protect the code and the results from eavesdroppers, 2) protect host B from malicious code sent by host A, 3) protect host A from incorrect results sent by host B. One issue that has not been addressed has been to protect the mobile code sent by Host A to Host B. Once Host A sends its code to Host B, it in effect loses intellectual property. My work presents a code translation technique that allows Host A to send a modified code to Host B. Host B then executes this modified code and gives the alternate results to Host A. Host A then uses an inverse translation technique to generate the original results as if Host A had executed the original code locally!

 

One of the key issues in any security technique is to keep the performance penalty of using that security technique low. Multi-Level Security (MLS) is a technique that is used to classify data objects according to their sensitivity level and subjects (hosts) that access the data according to their capability level. Typically, a hierarchical relation in the form of a tree is used to describe the hosts. The root of the tree is the most powerful host with the most capability. However, this capability may be unused as shown in the example below.

 

Host A, B and C have differing capabilities on the data and Host C is the most powerful host. The diagram in the middle shows how of data each host can access. In case each host operates on only that data it it alone can access, then the finish times of the hosts are as shown in the figure on the right.

Clearly this imbalance is undesirable.

 

 

My work uses the capabilities of hosts, the hierarchical relations between them and the sensitivity of the data to transfer computations from one host to another in such a way that load balance is achieved as far as possible while ensuring that no security constraints are violated.

 

 

Last updated: Apr 2008