Mobile code has become an integral part of the Internet. We constantly encounter mobile code execution in our daily computer usage: JavaScript, software patches, executable e-mail attachments, and many other forms of explicitly/implicitly downloaded code. Mobile code is also the key to the success of active networks and agent-based applications such as travel or hotel reservations, information gathering, meeting schedulers, etc. There are significant risks associated with the use of mobile code, in that malicious code producer can damage an end-user's valuable resources in the his/her computing environment, steal private information such as passwords and credit-card information, monitors user activities, or gain access to launch future attacks, etc. In agent-based applications, the users that initiate mobile agents and the hosts that serve agent requests are equally vulnerable. Thus, in order to make the mobile code approach practical, it is essential to develop advanced and innovative solutions to restrict the operations that mobile code can perform but without unduly restricting its functionality. The Model-Carrying Code (MCC) project has been developing such an approach for the past few years. This project tackles some of the key issues in making the MCC approach pactical, including:

• Redesign for platform-neutrality and portability: Development of platform-neutral specifications of security policies and program behavior models, and redesign of the MCC runtime environment so that it can be easily ported to multiple platforms based on different hardware and operating systems.
  
• Standardization for interoperability: Based on the platform-neutral design, this task involves working with Computer Associates in industrial consortia and forums to gain acceptance of our technology in areas such as policy definition language and model representation.
• Support tools for use and management: Development of tools for users and system administrators to create new security policies and/or to manage existing ones, and to ensure transparent integration of these tools on a user's desktop.
• Protecting privacy of information in the context of mobile agents: Development of practically useful techniques for controlling information flow, and integrating it smoothly in the context of web-based agents.