Secure Prolog-Based Mobile Code
Seng Wai Loke, Andrew Davison
TL;DR
This paper introduces a security model for LogicWeb mobile code, based on Prolog-like rules in web pages, ensuring safe execution across different trust levels through resource access policies.
Contribution
It presents a novel security framework for LogicWeb mobile code, extending operational semantics to define safety and trust management.
Findings
The security model effectively differentiates trust levels.
It provides a formal semantics for safe code execution.
Implementation supports resource access control policies.
Abstract
LogicWeb mobile code consists of Prolog-like rules embedded in Web pages, thereby adding logic programming behaviour to those pages. Since LogicWeb programs are downloaded from foreign hosts and executed locally, there is a need to protect the client from buggy or malicious code. A security model is crucial for making LogicWeb mobile code safe to execute. This paper presents such a model, which supports programs of varying trust levels by using different resource access policies. The implementation of the model derives from an extended operational semantics for the LogicWeb language, which provides a precise meaning of safety.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsMobile Agent-Based Network Management · Service-Oriented Architecture and Web Services · Distributed systems and fault tolerance