Mobile Code Security
The goal of this project is to investigate security issues related to
mobile code. Mobile code encompasses various applications ranging from
simple applets to intelligent software agents or nomadic computing
applications. The mobile code paradigm offers several advantages over
the more traditional distributed computing approaches: flexibility in
software design beyond the well established object oriented paradigm
and bandwidth optimization, just to name two of them. As usual,
increased flexibility comes with a cost that is increased
vulnerability in the face of malicious intrusion scenarios akin to
Internet.
Possible vulnerabilities with mobile code fall in one of two categories:
- attacks performed by a mobile program against the remote host on
which the program is executed like in the now common example of
malicious applets
- subversion of the mobile code and its data by the remote execution
environment.
Team
Publications
| [LBR02] |
Sergio Loureiro,
Laurent Bussard, and Yves Roudier.
Extending Tamper-Proof Hardware Security to Untrusted Execution Environments.
in Proceedings of the Fifth Smart Card Research and Advanced Application Conference (CARDIS'02) - USENIX -
IFIP working group 8.8 (smart cards), San Jose, California, November 20th-22nd, 2002.
|
| [LMP01] |
Sergio Loureiro, Refik Molva, and Alain
Pannetrat.
Secure Data Collection with Updates.
Electronic Commerce Research Journal, 1/2:119-130, February/March
2001.
PDF |
| [Lou01] |
S. Loureiro.
Mobile Code Protection.
PhD thesis, January 2001. Sophia Antipolis, France.
PDF |
| [MR00] |
Refik Molva and Yves Roudier.
A Distributed Access Control Model
for Java. In Proceedings of ESORICS 2000 (European Symposium On
Research In Computer Security), Toulouse, France, October 2000.
PDF |
| [LM00] |
Sergio Loureiro and Refik Molva.
Mobile Code Protection with Smartcards.
In 6th ECOOP Workshop on Mobile Object Systems, Cannes, France,
June 2000.
PDF
|
| [LMR00] |
Sergio Loureiro, Refik Molva, and Yves
Roudier.
Mobile Code Security. In proceedings
of ISYPAR 2000 (4ème Ecole d'Informatique des Systèmes Parallèles
et Répartis), Code Mobile, Toulouse, France, February 2000.
PDF |
| [LM99c] |
Sergio Loureiro and Refik Molva.
Privacy for Mobile Code. In Proceedings
of the Distributed Object Security Workshop - OOPSLA'99, pages 37-42,
Denver, November 1999.
PDF |
| [LM99b] |
Sergio Loureiro and Refik Molva.
Function Hiding based on Error Correcting
Codes. In Manuel Blum and C. H. Lee, editors, Proceedings of Cryptec'99
- International Workshop on Cryptographic Techniques and Electronic Commerce,
pages 92-98. City University of Hong-Kong, July 1999.
PDF |
| [LM99a] |
S. Loureiro and R. Molva.
Process for securing the execution
of a mobile code in an untrusted environment, July 1999. European Patent
99480057. |
| [MT98] |
R. Molva and G. Tsudik.
Secret Sets and Applications. Information
Processing Letters, 65, April 1998.
PDF |
|
