الفهرس 
IntroductionOnly 14 pages are availabe for public view
 |  | from | 32 |  |  |
| | | from | 32 | | |
Abstract
The definition of the mobile code paradigm appears as a natural step in the evolution of distributed system and encompasses programs that can he executed on one or several hosts, other than the host from which they have originated
Mobile code is generally justified on the grounds of greater efficiency and increased flexibility, even if these !i;atures have not been fully exploited yet. However, flexibility docs not come without a price:
increased exposure to security threats. Possible vulnerabilities with mobile code tall in one of t\\’o catcgories:
• Attacks performed by the mobile program against the remote execution environment and its resources:
• Subversion of the mobile code and unauthorized modification of its data by the remote execution environment. .
Our work focuses on the second category aiming at the protection of mobile code from the execution environment. This category results in new and challenging problems that have not yet attracted much attention from software manufacturers and for which no practical solutions exist at this moment. This category is also quite atypical since it does not rely on the security of the execution environment, \\hich has always been a basic assumption in classical reasoning about the security of cryptographic systems.
We further analyze mobile code protection in two directions: code protection focusing on the integrity and privacy of the code semantics at run-time and data protection focusing on the security of the data uansported by the mobile code.
Code protection addresses a more systematic form of maliciousness in which the environment where the mobile code runs cannot be trusted. Code protection means the protection of the code during its execution, considering the environment as a potential adversary, rather than the protection of the code during transmission.
Data protection deals with the security of data gathered by mobile code roaming thought a set of competing hosts. Classical data protection techniques are not suited to the protection of data that changes dynamically during the code’s trip.
Concerning code protection; privacy of execution aims at preventing the disclosure of the code semantics during its execution in a potentially hostile runtime environment. We present original solutions that deal with this requirement (privacy execution). We present solutions using privacy homomorphism that address some models of computation. Based on the solutions for the protection of the code execution and the solutions for the privacy of data in untrusted memories, we suggest an integrated architecture for code and data protection that relies on a novel component-based design.
We develop a palette of protocols & design patterns using (homomorphism) encryption techniques to design and implement privacy of data and computations for mobile codes (CED/CEF); this is done by combining several encryption techniques with different homomorphism properties to implement more complex services on encrypted data.
By examining techniques preserving order and/or equality a novel application appeared: one can perform selections and/or joins on encrypted data stored in DBs (SQL in general).
We also introduced a technique for computing with encrypted functions based on time reversal encryption.
Also a novel component-based architecture for mobile code is presented in this thesis that utilizes the proposed security components palette.