The Grenade Timer: Fortifying the Watchdog Timer Against Malicious Mobile Code

Systems accepting mobile code need protection from denial of service attacks staged by the guest program. While protected mode is the most general solution, it is not available to the very low-cost microcontrollers that are common in embedded systems. In this paper we introduce the grenade timer, an evolution of the watchdog timer that can place a hard upper bound on the amount of processor time that guest code may consume. Unlike its predecessor, it is resistant to malicious attacks from the software it controls; but its structure remains extremely simple and maps to very frugal hardware resources.

[1]  William M. Farmer,et al.  Security for Mobile Agents: Issues and Requirements , 1996 .

[2]  Gene Tsudik,et al.  Itinerant Agents for Mobile Computing , 1995, IEEE Communications Surveys & Tutorials.

[3]  Andy Hopper,et al.  Piconet: embedded mobile networking , 1997, IEEE Wirel. Commun..

[4]  Ross J. Anderson,et al.  On the Reliability of Electronic Payment Systems , 1996, IEEE Trans. Software Eng..

[5]  Joann J. Ordille,et al.  When agents roam, who can you trust? , 1996, Proceedings of COM'96. First Annual Conference on Emerging Technologies and Applications in Communications.

[6]  Mahmoud Naghshineh,et al.  Bluetooth: vision, goals, and architecture , 1998, MOCO.

[7]  Jim Lansford,et al.  HomeRF#8482; and SWAP: wireless networking for the connected home , 1998, MOCO.