This invention relates generally to a system and method for enhancing the operation and security of a software application and in particular to a system and method for improving the security of a mobile software application.
In traditional computing systems, communication between computers is either code (a software application) or data (a file containing information) and there is no notion of a program moving between hosts while it is being executed. Thus, with a typical computing system, a person may execute a software application (e.g., Microsoft Word) on his own computer and then forward the results of the execution of the software application (e.g., a Word document) to another user. The other user may then view the Word document by executing his own copy of Microsoft Word. A user may also send another user an executable software application file that the other user may download and execute on his own computer. However, these traditional computing systems do not recognize a single instantiation of a software program that may be executed by one or more different computers in order to complete the execution of the software application.
A mobile application, sometimes also called a mobile app or a mobile agent, is a currently executing computer software application/program, or part of a currently executing computer program that can physically move from one computer to another (between hosts) while it is being executed: A mobile application's software may or may not have been previously installed on a particular computer prior to the arrival of the mobile application. The mobile applications are said to jump from one computer to another computer and the process of jumping from one computer to another computer is also referred to as a jump.
The process of initiating a jump between computers is commonly known as a dispatch. Typically, each mobile application will carry with it an ordered list or tree of hosts which the mobile application must visit during its execution, and such a list or tree is called the mobile application's itinerary. An example of a mobile application and it itinerary is described below with reference to FIG. 2. The computers that can receive and dispatch mobile applications are called hosts. The collection of hosts, computer networks, and software which executes and supports the mobile applications, and the mobile applications themselves, is called the mobile application system.
A mobile application typically has at least two parts: the state and the code. The state of the mobile application contains all of the data stored, carried, and/or computed by the particular mobile application. The code of the mobile application is the set of computer instructions which the host computer is intended to carry out on behalf of the mobile application during the execution of the mobile application by the particular host computer. In addition, a mobile application may have other parts, including an Access Control List (ACL), an itinerary, a datastore, an audit log, etc.
The problem faced by software products that support mobile applications are insurmountable security problems. In particular, there are three problems that are most often cited:
1) An hostile host can send code with undesirable behavior to another host. Currently, there is no way to ensure that an hostile host cannot inject unsafe code into the mobile application system.
2) A mobile application cannot be protected from a hostile host. In particular, when a mobile application arrives at a host and begins execution, that mobile application is at the mercy of the host. In other words, there is no guarantee that the host will execute the computer instructions properly. There is not even any guarantee that the host will run any particular software at all; and
3) A mobile application cannot be securely sent to or received from a host outside of a group of trusted computers, known as the Trusted Computing Base (TCB).
A Trusted Computing Base (TCB) is the collection of computers, computer peripherals, and communication networks which must perform all requested operations properly, and must not perform extraneous operations, and are trusted to do so, in order to properly complete whatever computations are required. A host outside of the TCB can perform nefarious tasks on the mobile application. This nefarious behavior cannot be controlled, and it cannot be detected. Therefore, once a mobile application has visited an untrusted host, it could be altered in an undesirable way, and therefore is a security hazard. In addition, the mobile application that visited the untrusted host can no longer be trusted to execute within the TCB. All of these security problems with mobile applications need to be overcome before mobile applications become more accepted as an alternative to traditional computing systems. Thus, it is desirable to provide a mobile application security system and method that overcomes the above problems and limitations with conventional mobile application systems and it is to this end that the present invention is directed so that mobile applications may be used in most financial, commercial, and military computer systems.