Encapsulating mobile objects

Abstract

This paper describes a technique to effectively isolate mobile objects or processes that execute downloaded, potentially suspicious programs. It relies on wish lists, trust lists and capability lists. Wish lists are carried along with programs or mobile objects and denote the resources requested by the program to do what it claims to do. Wish lists are transformed into capability lists when downloaded programs are started. Trust lists reside on stations and are used to determine which members of wish lists are taken over into capability lists. The capability lists are enforced during the execution of programs. All lists are symbolic to enable their interpretation in heterogeneous environments. The paper describes the technique, its integration in a Linux environment and first experiences.