Controlled access protection in the Telescript programming language

Abstract

Research on the ability of the Telescript language and execution mechanism to enforce controlled access protection on mobile agents moving in and across distributed computer networks has not been published. Nor has General Magic, the creator of the language, conducted security testing on their product. This thesis investigates whether the mobile agents and execution mechanism proposed by General Magic in its Telescript(TM) language meet the Class C2 Controlled Access Protection criteria as promulgated in the Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). This was done by conducting an analysis of the documentation provided by General Magic in their Telescript Development Kit (TDK) and Active Web Tools (AWT). The results of this thesis show that the mobile agents and execution mechanism of the Telescript(TM) language do not meet the criteria for TCSEC Class C2 Controlled Access Protection. In particular, the criteria for object reuse, system architecture, system integrity, security testing and security documentation are not met. However, discretionary access control (DAC) can be enforced using a user-defined security policy and the requirements for identification and authentication (I&A) and audit are satisfied.