Skip to Main Content
Mobile code can potentially be malicious. To protect the local system against malicious mobile code, a hybrid security framework of mobile code is proposed, which combines different static and dynamic techniques to provide a general solution to mobile code security. For a given mobile code and a set of security policies that the code needs to enforce, a static analysis tool is used to verify the mobile code against the policy. If the static analysis shows that the mobile code will never violate the policy, nothing needs to do; otherwise it never rejects the code simply but adds dynamic checks to enforce the policy when necessary. Several static analysis optimizing algorithms is also proposed to improve performance of dynamic enforcement.