Accession Number:

ADA429994

Title:

Mobile Ubiquitous Security Environment (MUSE)

Descriptive Note:

Final rept.

Corporate Author:

PENNSYLVANIA STATE UNIV UNIVERSITY PARK APPLIED RESEARCH LAB

Personal Author(s):

Report Date:

2004-12-01

Pagination or Media Count:

87.0

Abstract:

This is the final report of the Mobile Ubiquitous Security Environment MUSE Critical Infrastructure Protection University Research Initiative CIPURI project. MUSE was proposed to research understanding mobile code in the context of Critical Infrastructure Protection CIP. It made significant advances in this area. Mobile code differs from other software systems in that it uses networks to autonomously move code from one host to another. Many common CIP threats, such as Trojan horses and viruses, pre-date widespread use of the Internet and are not specific to mobile code. Issues such as insuring program correctness, enforcing security policies, avoiding buffer overflows, and detecting malicious code also exist for non-networked software. Our emphasis is on researching how code migration affects infrastructure protection. Viruses, worms, and Denial of Service DoS attacks are difficult to counteract in large part because they are highly distributed. Fortifying the defenses of individual processors, or even sub-nets, cannot sufficiently neutralize these threats. Our game theory analysis of DoS attacks contains examples of the limitations of firewalls for protecting distributed systems. Fortifying individual processors is in some ways similar to building a stronger Maginot line after World War II. MUSE studied both the threat posed by malicious mobile code, and the promise of mobile code to adapt when attacked and neutralize threats. Distributed adaptation can put attacked systems on an equal footing with their attackers. The project Statement of Work SoW consisted of four tasks Develop a theoretical model Study the interface between mobile code and the host computer. Study system adaptation Create an adaptive network infrastructure.

Subject Categories:

  • Computer Systems Management and Standards
  • Computer Hardware

Distribution Statement:

APPROVED FOR PUBLIC RELEASE