Theory and Practice of Logic Programming


Special issue
Regular Paper

Secure Prolog-based mobile code


SENG WAI LOKE a1 1 and ANDREW DAVISON a2
a1 DSTC, Monash University, Caulfield, Victoria 3145, Australia (e-mail: swloke@dstc.monash.edu.au)
a2 Department of Computer Engineering, Prince of Songkla University, Hat Yai, Songkhla 90112, Thailand (e-mail: dandrew@ratree.psu.ac.th)

Abstract

LogicWeb mobile code consists of Prolog-like rules embedded in Web pages, thereby adding logic programming behaviour to those pages. Since LogicWeb programs are downloaded from foreign hosts and executed locally, there is a need to protect the client from buggy or malicious code. A security model is crucial for making LogicWeb mobile code safe to execute. This paper presents such a model, which supports programs of varying trust levels by using different resource access policies. The implementation of the model derives from an extended operational semantics for the LogicWeb language, which provides a precise meaning of safety.


Key Words: Prolog; World Wide Web; mobile code security.


Footnotes

1 This author is grateful to Leon Sterling who (with Andrew Davison) co-supervised the work on which this paper is based.