Programming models that support code migration have gained prominence, main
ly due to a widespread shift from stand-alone to distributed applications.
Although appealing in terms of system design and extensibility, mobile prog
rams are a security risk and require strong access control. Further, the mo
bile code environment is fluid, i.e. the programs and resources located on
a host may change rapidly, necessitating an extensible security model. In t
his paper, we present the design and implementation of a security infrastru
cture. The model is built around an event/response mechanism, in which a re
sponse is executed when a security-related event occurs. We support a fine-
grained, conditional access control language, and enforce policies by instr
umenting the bytecode of protected classes. This method enhances efficiency
and promotes separation of concerns between security policy and program sp
ecification. This infrastructure also allows security policies to change at
runtime, adapting to varying system state, intrusion, and other events. (C
) 2000 Published by Elsevier Science B.V. All rights reserved.