In traditional computing systems, communication between computers is either code (a software application) or data (a file containing information) and there is no notion of a program moving between hosts while it is being executed. Thus, with a typical computing system, a person may execute a software application (e.g., Microsoft Word) on his own computer and then forward the results of the execution of the software application (e.g., a Word document) to another user. The other user may then view the Word document by executing his own copy of Microsoft Word. A user may also send another user an executable software application file that the other user may download and execute on his own computer. However, these traditional computing systems do not recognize a single instantiation of a software program that may be executed by one or more different computers in order to complete the execution of the software application.
A mobile application, sometimes also called a mobile app or a mobile agent, is a currently executing computer software application/program, or part of a currently executing computer program that can physically move from one computer to another (between hosts) while it is being executed: A mobile application's software may or may not have been previously installed on a particular computers prior to the arrival of the mobile application. The mobile applications are said to jump from one computer to another computer and the process of jumping from one computer to another computer is also referred to as a jump.
The process of initiating a jump between computers is commonly known as a dispatch. Typically, each mobile application will carry with it an ordered list or tree of hosts which the mobile application must visit during its execution, and such a list or tree is called the mobile application's itinerary. The computers that can receive and dispatch mobile applications are called hosts. The collection of hosts, computer networks, and software which executes and supports the mobile applications, and the mobile applications themselves, is called the mobile application system.
A mobile application typically has at least two parts: the state and the code. The state of the mobile application contains all of the data stored, carried, and/or computed by the particular mobile application. The code of the mobile application is the set of computer instructions which the host computer is intended to carry out on behalf of the mobile application during the execution of the mobile application by the particular host computer. In addition, a mobile application may have other parts, including an Access Control List (ACL), an itinerary, a datastore, an audit log, etc. A mobile application's software may or may not have been previously installed on the computers prior to the arrival of the mobile application.
Mobile applications have demonstrable benefits for computer systems. However, they also create security problems. In particular, a host computer might tamper with the code, the state, or the configuration of a mobile application before dispatching it to another host, in order to attack that host or another part of the mobile application system. Thus, there is a need to ensure that a host computer cannot adversely alter the configuration of a mobile application.
Current implementations of mobile application systems support multi-jump security. With this form of security, a mobile application has an Access Control List (ACL) which limits the mobile application's activities. This ACL is dynamically altered, based on the hosts which the mobile application has visited in the past. The ACL reflects the trust which should be placed in the mobile application, based on the hosts which it has visited in the past.
Current technology has limited provision to prevent a mobile application's ACL from being adversely altered. In particular, current implementations do not allow a mobile application's ACL to be altered to allow additional privileges for the mobile application, but it is possible for a host or a mobile application to restrict a mobile application's privileges by altering its ACL. A mobile application whose ACL has been altered to be too restrictive might be unable to complete its intended task. Thus, it is desirable to provide a system which prevents, where appropriate, a mobile application's ACL from becoming too restrictive.