1. The paper's title: "Security Policy: A Design Pattern for Mobile Java Code". 2. Author name: Qusay H. Mahmoud 3. e-mail address: qmahmoud@scs.carleton.ca 4. Snail mail address: School of Computer Science Carleton University Ottawa, Ontario K1S 5B6 Canada 5. Phone#: (613) 520-2600 (Ext. 4337) 6. Abstract: When users on the net visit a homepage that has an applet embedded into it, the applet's code is downloaded to the user's machine and executed there. In other words, the applet's code migrates from the host's machine to the user's machine, and it will run on the user's machine. In such an environment, we want to make sure that the code being downloaded does not do any harm to the system on which it will be executed. Also, when network computers (devices with not much local storage) get deployed on the net, they would have to use the network as a source for all sorts of full-fledged applications. In such an environment, it is impossible to predict what a downloaded application will need to do. In such distributed environments, security is a major concern. This paper presents the Security Policy pattern, a design pattern that has been used in many contexts, and proved to be useful, to develop applications capable of securely loading classes off the network and executing them locally. The Security Policy pattern can be used either on the client- or server-side. For example, in the case of a Web browser, the pattern is used on the client-side, and in the case of a global compute engine the pattern is used on the server-side. While the pattern may sound Java-centric, it can however be implemented in other languages.