Wei Sun,Xiangwei Kong,Dequan He,Xingang You

DOI: https://doi.org/10.1109/ISECS.2008.147

2008-01-01

Abstract:The purpose of this paper is to resolve information security problem in the mobile electronic commerce industry chain. We analyze information security based on evolutionary game theory. In this paper, we set up the information security game model with penalty parameter, calculate replicator dynamics, and analyze the evolutionary stable strategy of the game model. The result reveals that reducing the investment cost is the key factor to promote information security investment. If this condition can not be satisfied, the regulation of penalty parameter will help to promote the investment. The research method in this paper provides a new thought for the solution of information security in the mobile electronic commerce chain.

TC Ma,SP Li

DOI: https://doi.org/10.1109/clustr.2003.1253356

2003-01-01

Cluster Computing

Abstract:In this paper, an instance-oriented security mechanism is proposed, to attack possible security threats in grid-based mobile agent system. The proposed delegation profile allows application systems to define their own security instances, while it provides mechanisms to delegate one's identity on those instances, instead of on certain hosts, just like the conventional delegation does. This can prevent the delegated host from abusing privileges. By adopting the new delegation profile kernel, a new trust framework is then proposed to enhance the security verification ability and provide more fine-grained authorization to mobile agent platforms.

Tianchi Ma,Shanping Li

DOI: https://doi.org/10.1007/978-3-540-24679-4_153

2004-01-01

Abstract:An instance-oriented security mechanism is proposed to deal with security threats in building a general-purpose mobile agent middleware in Grid environment. The proposed solution imports security instance, which is an encapsulation of one set of authorizations and their validity specifications with respect to the agent's specific code segments, or even the states and requests. Study shows this mechanism can inject large flexibility and scalability into the security framework, and can avoid the inefficiency and potential damages obscuring in a conventional linear delegation model.

Long Qin,Si Duanfeng,Han Xinhui,Zou Wei

DOI: https://doi.org/10.1109/cmpsac.2004.1342868

2004-01-01

Abstract:Mobile code can potentially be malicious. To protect the local system against malicious mobile code, a hybrid security framework of mobile code is proposed, which combines different static and dynamic techniques to provide a general solution to mobile code security. For a given mobile code and a set of security policies that the code needs to enforce, a static analysis tool is used to verify the mobile code against the policy. If the static analysis shows that the mobile code will never violate the policy, nothing needs to do; otherwise it never rejects the code simply but adds dynamic checks to enforce the policy when necessary. Several static analysis optimizing algorithms is also proposed to improve performance of dynamic enforcement.

ZHANG Fei,CHEN Zi-chen,XIONG Li

DOI: https://doi.org/10.3969/j.issn.1006-5911.2006.10.012

2006-01-01

Abstract:To improve the performance and network security of collaborative commerce chain system and to deal with shortcomings of existing solution to electronic commerce,Mobile Agent technology was introduced into the modeling of network-based collaborative commerce chain system.Based on Mobile Agent properties,problems of security and network security confronted with Mobile Agent in the transaction process of network-based collaborative commerce chain were analyzed.Finally,a prototype system between the customer Agent and the supplier Agent was used to expatiate security negotiation bargain procedure based on Mobile Agent under the public key infrastructure and certification authority.Research results showed that Agent's submission permit to the supplier server during authentication process could enhance the network bargain security of the collaborative commerce chain system.

Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

Yan Tong,Jian Zhang,Tao Qin

DOI: https://doi.org/10.1145/3028842.3028866

2016-01-01

Abstract:Security mechanism of the mobile agent running platform is very important for mobile agent system operation and stability running. In this paper we mainly focus on the security issues related with the mobile agent running platform and we proposed a cross validation mechanism mixed with encryption algorithm to solve the security problems during the migration and communication of mobile agents. Firstly, we employ the cross-validation mechanism to authenticate the nodes mobile agents will be visiting. Secondly, we employ the hybrid encryption mechanism, which combines the advantages of the symmetric encryption and asymmetric encryption, to encrypt the mobile agents and ensure the transferring process of data. Finally, we employ the EMSSL socket communication method to encrypt the content of transmission, in turn to enhance the security and robustness of the mobile agent system. We implement several experiments in the simulation environment and the experimental results verify the efficiency and accuracy of the proposed methods.

Jia Jie,Zhang Zhaoyang,Chen Jian,Zhao Linliang,Wang Xingwei

DOI: https://doi.org/10.1109/PCSPA.2010.83

2010-01-01

Abstract:Security plays an important role in the ability to deploy and retrieve trustworthy data for a wireless sensor network. Secure coverage is an effective defense against attacks which take advantage of a lack of deployment information. In this work, on the basis of improved genetic algorithm, a novel algorithm is proposed to guarantee the effect of secure surveillance. Comparison and simulation results show that the proposed solution outperforms the virtual force algorithm in terms of coverage rate and secure connectivity.

Aneta Zwierko,Zbigniew Kotulski

DOI: https://doi.org/10.48550/arXiv.cs/0506103

2005-06-29

Cryptography and Security

Abstract:The recent developments in the mobile technology (mobile phones, middleware) created a need for new methods of protecting the code transmitted through the network. The proposed mechanisms not only secure the compiled program, but also the data, that can be gathered during its "journey". The oldest and the simplest methods are more concentrated on integrity of the code itself and on the detection of unauthorized manipulation. Other, more advanced proposals protect not only the code but also the execution state and the collected data. The paper is divided into two parts. The first one is mostly devoted to different methods of securing the code and protecting its integrity; starting from watermarking and fingerprinting, up to methods designed specially for mobile agent systems: encrypted function, cryptographic traces, time limited black-box security, chained-MAC protocol, publicly-verifiable chained digital signatures The second part presents new concept for providing mobile agents with integrity protection, based on a zero-knowledge proof system.

LIU Caixia,JI Xinsheng,WU Jiangxing

DOI: https://doi.org/10.11959/j.issn.1000−436x.2022176

2022-01-01

Abstract:Based on the understanding of the mobile communication essential characteristics and the mobile communication network inherent characteristics, from a new perspective, the genetic defects existing in the mobile communication network inherent mechanism, especially in the mobility management mechanism were analyzed.These genetic defects would not disappear with the intergenerational development of mobile communication network, therefore, they were also known as endogenous security defects or endogenous security common problems of mobile communication networks.The endogenous security threats that may be introduced by security defects such as “acquiescence in information authenticity” and “ubiquitous data visibility” were pointed out.Under the guidance of the cyberspace endogenous security theory, the ideas and methods to solve the endogenous security common problems in mobile communication networks were proposed, such as breaking the “default trust” with “zero trust” and realizing the “user data limited visibility” with“variable implicit mapping”.

Junhua Ding,Jidong Ge

DOI: https://doi.org/10.1109/apscc.2012.43

2012-01-01

Abstract:Code mobility provides a flexible paradigm for building high performance mobile computing systems. Because code mobility can cause dynamic configuration of system structures in mobile computing systems, assuring design quality of the system is challenge. Formal specification and analysis provide a rigorous way to ensure system requirements are correctly designed. In this paper, we first introduce the formalism developed based on high level Petri nets and a communication channel mechanism for modeling mobile computing systems specifically code mobility. The formalism has the expressive capacity to naturally model mobile computing systems, and easily define mobility and mobile communication properties in the system. Then we model three representative styles of code mobility in mobile computing systems using the formalism. The formal models developed in this paper provide a solid foundation for formal analysis of code mobility. The formal analysis approach used for analyzing the code mobility models is illustrated via model checking the code mobility models using symbolic model checking tool NuSMV. Through successfully modeling and model checking the code mobility, the paper demonstrates that formal specification and modeling checking provide an effective and efficient way to ensure the design quality of mobile computing systems.

Saleh M. Alnaeli,Melissa Sarnowski,Md Sayedul Aman,Kumar Yelamarthi,Ahmed Abdelgawad,Haowen Jiang

DOI: https://doi.org/10.1109/uemcon.2016.7777883

2016-01-01

Abstract:A study is presented that examines the distribution and the usage of some unsafe functions that are known to cause security vulnerabilities in 15 software systems, written in C/C++. The systems are commonly used for mobile computing, and they comprise almost six million lines of code. A tool that uses a static analysis approach is applied to each system, and the number of calls to unsafe functions is determined and tabulated. The results show that vulnerable functions such as strcmp, strlen, and memcpy represent the vast majority of used unsafe functions that are banned by many companies (e.g., Microsoft) in the studied systems. This fact can help software trainers better design and plan training courses and materials on secure coding practices for software developers. Additionally, findings can help software engineers to conduct more effective refactoring processes that help to clean software systems from vulnerable code, and focus primarily on the removal of vulnerable code with higher usage for better outcomes. The historical data for a number of systems, subset, is presented over a five-year period. The data shows that few of the systems examined are increasing the number of unsafe function calls over time. This is somewhat contradictory to the literature, which claims that the use of vulnerable functions is decreasing in software systems. This fact demands that more attention and effort from software engineering and mobile computing communities be put towards addressing this phenomenon.

Shaohua Tang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.01.003

2001-01-01

Abstract:Java mobile code is a kind of Java program which can be transmitted from one computer to another through the network and then run one the destination computer, and is widely adopted in modern network computing and e-commerce. However, this distinguished feature of Java implies a disadvantage ofauthorization and access control, i.e., the unauthorized people can easily run these programmes illegally. Aiming at the disadvantage of Java mobile code, authorization and access control schemes are proposed for Java Applet and Java Servlet respectively to solve the problems securely and efficiently.

ZHANG Yang,CAO Ying-Chun,XIE Li

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.03.004

2005-01-01

Computer Science

Abstract:Mobile agent is a new kind of network computing paradigm in the field of distributed computing. Because of its distinguished advantages, such as asynchrony,autonomy,mobility,mobile agent is likely to become the dominant approach in network applications. However,with the popu1arity of mobile agent technology,more and more challenges come from those possible security threats in mobile agent systems. Starting from a detailed analysis of these security threats on mobile agent systems,we describe and compare the primary countermeasures for mobile agent security. Some representative mobile agent systems are introduced and their security mechanisms are evaluated.

Hu JingDe,Shi Gang

DOI: https://doi.org/10.1109/iccsn.2009.46

2009-01-01

Abstract:Protecting against software attacks is becoming a major concern in embedded systems since many of them have more and more functionality added. In this paper, an obfuscation-based approach for providing security of programming a remote embedded Java device is proposed. The basic idea of the proposed approach is that the programming system and the authorized embedded node exchange a Java bytecode substitution table using standard encryption techniques.

Hongjun Zhu,Hao Chen,Baojian Hua,Ye Liu,Yu Guo

DOI: https://doi.org/10.3969/j.issn.1000-386x.2016.03.074

2016-01-01

Abstract:Android platform-based applications are easily to be attacked by viruses or malware.Apart from the causes of the platforms being open source and opening and so on,the weaker protection ability of the mobile applications code itself is also a main factor.For this problem,in the paper we take Android platform applications as the research objects,analyse the security threats model and the codes security demands of the mobile applications,study the mechanisms of code protection techniques,such as code obfuscation,code-behind,code encryption and code signature,and describe their advantages and disadvantages;Then,we design and implement an Android application code protection technology analysis engine,and analyse and summarise the experimental data.Result shows that all the samples in different sizes and types have the Android applications to certain proportion,their code protection strengths are not strong;in particular,the smaller the scale of the applications,the weaker the code protection strength,and this results in such class of applications being maliciously attacked much easier.

Yuan Zhang,Min Yang,Guofei Gu,Hao Chen

DOI: https://doi.org/10.1109/TIFS.2016.2581304

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model. However, current model could not enforce fine-grained control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed mal...

Kun Gao,Lifeng Xi,JiFang Li

2007-01-01

WSEAS TRANSACTIONS ON COMPUTERS

Abstract:As the mobile commerce market is booming recently, deep research of the overall architecture of mobile computing security is important. In this paper, we present an architecture model for mobile computing security. This security architecture model is partitioned into three layers: nature attribute, bounded goal, and detailed application. In each layer, we discuss main research issues in detail. Firstly, we present some basic issues related to mobile computing security in the nature attribute layer. Secondly, upon the limitation operation of mobile computing technology, we discuss security issues in mobile networks and computing. Finally, we propose a brief classification of mobile computing applications in the detailed application layer, and present the security topics in mobile payment as an example.

Dazhi Li,Minglu Li,Jianhua Liu

DOI: https://doi.org/10.1007/s00500-017-2486-x

IF: 3.732

2017-01-01

Soft Computing

Abstract:With the prosperity of cloud computing, many mobile nodes choose to deliver their certificate by service AP nodes, where each service AP node as a broker is responsible for authenticating virtual resource access with mobile users who are likely to be malicious in the underlying service requests. However, this access control system requires mobile users’ certificate information and may fail due to their privacy. In light of the growing privacy concerns, this paper proposes a certificate-aware framework for online access control system in mobile computing, where users are compensated for their privacy certificate and operation disclosure and are motivated to present more certificate information. In this framework, a broker pays a trust degree to users and virtual authentication coordinators for disclosing more certificate information. This paper models the interactions among virtual authentication coordinators, the authentication broker and mobile users as a three-stage game, where every player aims at maximizing its own utility, and the trust allocation is achieved by G value learning. Numerical results have shown that the proposed certificate-aware framework is effective, as it enables all players to maximize their utilities and improve the degree of the trust of mobile computing systems.

Yu. M. Barkalov,A. D. Nesterov

DOI: https://doi.org/10.21822/2073-6185-2019-46-2-71-80

2019-08-28

Abstract:Objectives The article presents a formal model of information security in mobile devices running the Android operating system, an example of detection and investigation of malicious software, as well as static and dynamic analysis of malicious software. Method To protect sensitive information on mobile devices, you can use software and organizational measures at the same time. Result The proposed formal model of information security and analysis of suspected malicious software will ensure the security of information in mobile devices, as well as reduce the risk of threats to an acceptable level at a minimum cost of the protection system. The presented algorithm of the application designed for illegal transfer of funds, as well as an example of the analysis of this application will allow the specialist to improve the quality of their professional tasks in the analysis of incidents in the field of information security. Conclusion Due to the fact that today there is no scientifically based method of detection and analysis of malicious software in the memory of mobile devices, the information provided in this article will help to improve the efficiency of information protection in mobile devices running the Android operating system.