Security Risks in Java-based Mobile Code Systems


Walter Binder
Volker Roth


Java is the predominant language for mobile agent systems, both for
implementing mobile agent execution environments and for writing mobile
agent applications. This is due to inherent support for code mobility by
means of dynamic class loading and separable class name spaces, as well as a
number of security properties, such as language safety and access control by
means of stack introspection. However, serious questions must be raised
whether Java is actually up to the task of providing a secure execution
environment for mobile agents. At the time of writing, it has neither
resource control nor proper application separation. In this article we take
an in-depth look at Java as a foundation for secure mobile agent systems.


Special Issue Papers