DARPA Workshop on

Foundations for Secure Mobile Code

26-28 March 1997

Monterey, California, USA


Workshop Objectives

A working group, organized by DARPA, met in October 1996 to discuss security issues for secure mobile code. It became clear during the meeting that a careful examination of the fundamental issues surrounding secure mobile code is needed. The crux of many arguments for various strategies often depends on hidden assumptions about the model and the level of security one expects. Without an understanding of the model, it is very difficult to prove, or even argue for, interesting security properties in this paradigm.

This workshop aims to examine some of the fundamental issues of mobile code security. It seeks to articulate the structures, semantics, security models and formal methods that form the foundation for remote evaluation. Some issues of interest are listed below.

  1. What is meant exactly by mobile code? Does the term "code" imply an operational interpretation, or might it be declarative in nature like VRML or some other high-level specification language?
  2. What are the desired security properties? Should we worry about resource utilization and covert channels? Are there logics for reasoning about these properties?
  3. Security properties depend on a model of remote evaluation What is the formal model?
  4. What role does programming language design have in guaranteeing the desired security properties? What is the role of the runtime system or compute servers? Are there properties enforceable through static analyses?
  5. What are some approaches to high-assurance extensible systems and what are their strengths and weaknesses?

Workshop Format

Approximately 25 researchers from industry and academia will be invited to participate. Each participant is asked to submit a brief (roughly 2000 words) position statement on foundations for secure mobile computing. Please email your statement, in HTML or PostScript format, to the workshop chair (volpano@cs.nps.navy.mil). Participants are encouraged to address the issues raised above as much as possible in their statements.

We ask that participants familiarize themselves with other positions prior to attending the meeting. See the position statements submitted to the workshop. The organizers will attempt to integrate the positions as much as possible before the meeting and will produce a final workshop report. There are currently no plans to publish proceedings, however, we do plan to submit the final report, and possibly the position statements, for publication after the workshop.

Workshop Program

Click here for the complete workshop program.

Location and Registration

The workshop will take place March 26-28, 1997 at the Doubletree Hotel in Monterey, CA, USA. Hotel rooms are $71.00 for single and $91.00 for doubles. To reserve your hotel room, please call the Doubletree at +1 408 649-4511. Mention that you are with the FSMC group and you will receive these discounted room rates. You must make your reservations prior to 25 February in order to receive these rates.

The cost of the workshop is $150.00 and includes continental breakfast, lunch, one off-site dinner, and proceedings. To register, complete the web page form and send check (in US dollars) payable to Evans & Johnson at PO Box 51621, Pacific Grove, CA 93950; +1 408 655-9924 PH; +1 408 372-0846 FAX. Confirmations will be sent after payment and registration have been received.

For further information contact:
Workshop ChairCo-ChairCo-Chair
Dennis Volpano
Computer Science
Naval Postgraduate School
Monterey, CA 93943, USA
+1 408-656-3091
volpano@cs.nps.navy.mil 		Cynthia Irvine
Computer Science
Naval Postgraduate School
Monterey, CA 93943, USA
+1 408-656-2461
irvine@cs.nps.navy.mil 		Geoffrey Smith
School of Computer Science
Florida Int'l University
Miami, FL 33199, USA
+1 305-348-3744
smithg@cs.fiu.edu

Date last modified - 7 Feb 1997