Mobile Code - PowerPoint PPT Presentation

About This Presentation
Title:

Mobile Code

Description:

Code is a series of commands, and (usually) contains no or little ... lists of numbers, and your ex-girlfriend's social security number are examples of data. ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 26
Provided by: mitun
Category:
Tags: code | ex | girlfriend | mobile

less

Transcript and Presenter's Notes

Title: Mobile Code


1
Mobile Code and Worms By Mitun Sinha Pandu
rang Kamat
04/16/2003
2
Mobile Code
  • And Mobile Code Security

3
Part I
What is mobile code?
4
First, What Is Code?
And how is it different from data?
  • Code is a series of commands, and (usually)
    contains no or little information.
  • Code can be executed, and running code most often
    requires some outside information (data) to work
    on.
  • Programs, applications, operating systems, games,
    calculators, media players, word processors and
    viruses are examples of code.
  • Resumes, pictures, videos, music, lists of
    numbers, and your ex-girlfriends social security
    number are examples of data.

5
Enter the Internet
  • Today, we constantly download or make web pages,
    movies, music and pictures then send them to
    friends and family. Data has definitely been
    successfully mobilized.
  • If I download Half-life, install and play it on
    my computer, then FTP it to a friend so he can
    install and play it, could we then say that
    Half-life counts as mobile code?

Legal battle with Sierra sold seperately
6
Mobile code is
  • a general term used to refer to processes
    (executable code) that migrate and execute at
    remote hosts
  • any code that is specifically designed to be able
    to transport itself from one machine to another

7
Mobile code is
  • a general term used to refer to processes
    (executable code) that migrate and execute at
    remote hosts
  • any code that is specifically designed to be able
    to transport itself from one machine to another

8
Mobile code is
  • able to transport itself
  • fairly autonomous
  • often platform-independent
  • code that is moved from one host to another with
    or without interaction with the user

9
Examples of mobile code
  • Java applets and Java scripts
  • ActiveX controls
  • Visual Basic macros and scripts
  • Dynamic e-mail
  • Viruses, trojan horses, worms
  • The agents in The Matrix

10
What is mobile code good for?
  • Instead of moving large amounts of data around,
    move the computation to the data.
  • Add functionality anywhere anytime
  • Make distributed systems simpler, more flexible
  • Natural for network software

11
Every rose
What is the problem with mobile code?
SECURITY
12
Part II
Mobile Code Security
13
A Tale of Two Problems
  • Malicious Code Problem
  • Malicious Host Problem

14
Malicious Code Problem
  • Mobile code that arrives at your workstation and
    intentionally or unintentionally causes you harm
  • Four attack classes
  • invasion of privacy
  • denial of service
  • antagonism
  • system modification

15
Example?
  • Antagonism
  • meant to annoy or show off
  • no real damage to files or system
  • display of unwanted graphics or text
  • System modification
  • deletion of data or system files
  • capturing hard drive space for e.g. to host
    shareware server

16
Example?
  • Invasion of privacy
  • read surfing history
  • read directory listings
  • steal files
  • Denial of service
  • re-aim browser
  • stealing CPU cycles
  • Web spoofing

17
Web Spoofing - example
  • Steal control of users view of web and simulate
    normal operation
  • Classic man-in-the-middle attack

18
Mobile code is smart
  • A firewall attempts to block Java in HTML by
    scanning port 80 (HTTP port) for the
    tag
  • Javascript can dynamically construct the
    tag once past the firewall

19
Counter-measures
20
Examples of mobile code
  • Java applets and Java scripts
  • ActiveX controls
  • Visual Basic macros and scripts
  • Dynamic e-mail
  • Viruses, trojan horses, worms
  • The agents in The Matrix

21
Microsofts security
  • (Yeah right!)
  • Internet site zones of trust
  • ActiveX control signing and marking
  • Macro signing
  • Attachment warnings

22
SUNs JAVA 2 Security
  • Identity
  • Origin
  • Signature not same as origin!
  • Policy
  • Set by user(!!) or system administrator (still
    bad)
  • Good ol Sandboxing
  • Signatures use variation of X.509v3

23
Verisign Digital Signing
  • Trusted third party that allows developers to
    digital sign their code
  • Consumers can feel safe in knowing that signed
    code is safe and has not been altered or tampered
    with IF they trust the third party

24
Verisign Digital Signing
  • Verisign works with
  • Microsoft Authenticode and VBA
  • Netscape Object Signing
  • Sun Java signing
  • Techniques used include industry-standard
    cryptographic methods learnt in class like RSA
    and PKI

25
Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Mobile Code" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!