Skip to Main Content
In this paper we study securing mobile code execution by embedding a rule-based security monitor into the mobile code before execution on a platform. A security monitor guards how the mobile code uses resources of the execution platform. We consider that this run-time monitoring approach is more practical than providing a proof of security properties along with the mobile code. Writing execution context related rule-based security policies enables us to be flexible with respect to the restrictions we wish to impose on the mobile code. In our opinion, establishing an authority for certifying the safety of mobile code is too inflexible, since depending on the situation the user might temporarily want to tighten the restrictions. We describe our language for expressing rule-based security policies and show how those policies can be translated into aspects, which together form a run-time security monitor. In practice, we translate our policy expression to AspectJ with our MPLc compiler and only consider embedding a run-time monitor into Java applications.