Language-based security for mobile code, with applications to smart cards

A 7-hour lecture given at TECS Week 2005 by Xavier Leroy.

This detailed set of slides explains various security models, and related attacks.

It has been awhile since we discussed mobile code and its security implications, but I am sure everyone realizes this is a major issue, that will only become more important as network applications become more and more pervasive (e.g., via mobile phones).

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

proof-carrying code patented

On a related note, it seems that `proof-carrying code' (page 126) has already been patented (see espacenet) - though it talks about `source code level', so applying it to bytecode is probably out of its reach.

Now this might be an invalid patent, but getting it recognised as invalid and removed will be both costly and slow. Until that time it might be a powerful means of intimidation...

From the information on espac

EDIT: From the information on espacenet, I can't tell if this is a granted patent, as it was published in 2005, and has no INPADOC legal information available, although the application is from 2003. Of course, USPTO online services are largely unavailable this weekend, as they are moving to a new datacentre. Moreover, this application has only been made in the USA, leaving most people free to enjoy the security that US residents may be denied if this is granted.