This project explores the use of physically secure coprocessors and cryptographic techniques to solve the remote execution problem. This is exemplified by issues arising from mobile code, e.g., active network capsules and mobile software agents that autonomously move among servers. The primary focus of this project is on mobile agent systems. Remote execution exemplifies mutual distrust: not only must the servers be protected from potentially malicious agents, but agents must also be protected from potentially malicious servers. This latter agent security problem is much harder, since without a trusted computing base at the serve (1) the agents have no guarantee that they will actually run at all once they arrive there, and (2) agents cannot keep any secrets (e.g., cryptographic keys) from the server. The objective of this work is to resolve the agent security problem and explore the security engineering issues involved in building a mobile agent system. To achieve protection from hostile servers, this project will explore using secure coprocessors to provide a secure execution environment, a "sanctuary", within the server. Additionally, cryptographic techniques such as Perfect Forward Integrity and other new schemes will be developed to enhance the security of agents when no sanctuary servers are available.
