Get Complete Project Material File(s) Now! »
Code obfuscation (prevention)
Hohl (1997, 1998) suggested a mechanism called Blackbox Security. The strategy behind this technique involves the scrambling of the code in such a way that it is impossible to gain a complete understanding of the code’s function (i.e., specification and data). It is also impossible to modify the resulting code without detection. Hohl (1997, 1998) proposed code-obfuscation as a combination of two mechanisms. The first mechanism dynamically generates a new and less understandable version of the mobile agent code, while the second mechanism restricts the lifetime of the mobile agent’s code and data.
Time sensitive agents (prevention)
Time sensitive agents make use of the fact that it takes time for a malicious host to evaluate an executing agent. If the amount of time needed to execute a mobile agent on a host is limited, then the chance that it will be tampered with is minimized. It is necessary to determine the maximum amount of time needed by a mobile agent to execute safely on an untrusted host. Once this maximum time has elapsed, the agent can be programmed for example to shut down or to move to the next host specified on the itinerary (Grimley & Monroe, 1999). At the moment, the implementation of one specific countermeasure is seldom enough to provide acceptable security against a malicious host, but it is essential to select and combine solutions according to the needs of the user and the sensitivity of the mobile agent. Time sensitive agents can be used to prevent malicious host attacks by combining them with for example code obfuscation techniques.
Integrity Interference
The four different integrity interference threats namely, transmitting the mobile agent incorrectly, transmitting the mobile agent to a host not on the itinerary, not executing the mobile agent completely and executing the mobile agent arbitrarily as well as the countermeasures that can be used to prevent/detect these attacks are outlined in Table 3.1 and Table 3.2. The tables follow the same outline as in Chapter 2, whereby the grey cells indicate that the type of offence listed in the column does not affect the particular part of the agent and thus no countermeasure/s are needed. Tamper resistant hardware (Wilhelm et al., 1998) together with the creation of a trusted environment (Sander & Tschudin, 1998) is the only two countermeasures that provide the most preventative protection against possible integrity interference attacks.
Mobile Agent Models and Frameworks
For the purpose of this research, we have studied more than thirty mobile agent models, frameworks and architectures as described in literature. The literature that was studied do not necessarily agree on (or distinguish between) terminology such as frameworks, models, architectures and systems. For example, some describe their work as a “framework”, whilst others use the term “model” to structure similar research efforts. It is outside the scope of this research to get absorbed in the definitions of these terms. Our aim is rather to recapitulate the essence of the different research efforts that were investigated and therefore, we merely use the same terminology offered by the authors. These proposals and implementations introduce interactions between different countermeasures as well as measures not discussed as part of the previous chapters.
Police office model (POM)
Guan et al. (2000) presented a mobile agent security model by setting up special hosts called police offices within defined regions. These police offices are based on the concept of police stations in the real world. The idea of POM is to prevent a large number of attacks that can be performed by malicious hosts against mobile agents. This is achieved by the separation of critical components (of the agent) and only allowing non-critical components to be executed at the remote hosts. Regions are defined that consist of a number of special hosts connected to each other. Regions may not overlap and hosts within a region have high-speed connections relative to low speed connections to hosts outside the region.
Security enhanced mobile agents
Varadharajan (2000) proposed a security model whereby the notion of a security enhanced mobile agent is introduced. The security enhanced agent carries a passport that contains its security credentials and related security code. Each host in this model contains a trusted security management component (SMC), which maintains security policy information as well as public and private keys. Hosts that obey the same security policies are also grouped together to form a domain. Each domain has a security authority, namely the security management authority (SMA) that is responsible to interact with the SMC’s in the domain in order to establish and maintain security policies. It is also responsible to interact with SMAs in other domains. Each SMC and SMA in the system has public-private key pairs and they are trusted entities.
TABLE OF CONTENTS :
- CHAPTER
- 1.1 Introduction
- 1.2 Problem Statement
- 1.3 Solution Approach
- 1.4 Research Context
- 1.5 Scope of Study
- 1.6 Synopsis
- CHAPTER
- 2.1 Introduction
- 2.2 Background
- 2.3 Advantages and Uses
- 2.4 Software Agents
- 2.4.1 Stationary Agent
- 2.5 Mobile Agent Context
- 2.5.1 Description
- 2.5.2 Components
- 2.5.3 Features
- 2.5.4 Mobile Agent Lifecycle
- 2.6 Mobile Agent System
- 2.6.1 Mobile Agent System Components
- 2.6.2 Mobile Agent Platform Features / Tasks
- 2.7 Security Issues
- 2.7.1 Host Threats
- 2.7.2 Mobile Agent Threats
- 2.8 Threats in Mobile Agent Security
- 2.8.1 Integrity
- 2.8.2 Availability
- 2.8.3 Confidentiality
- 2.8.4 Authentication
- 2.9 Mobile Agent Threats Model
- 2.9.1 Integrity Threats
- 2.9.2 Availability Threats
- 2.9.3 Confidentiality Threats
- 2.9.4 Authentication Threats
- 2.10 Conclusion
- CHAPTER
- 3.1 Introduction
- 3.2 Countermeasure Structure
- 3.3 Countermeasure Classes
- 3.3.1 Class 1: Trust-based computing
- 3.3.2 Class 2: Countermeasures based on recording and tracking techniques
- 3.3.3 Class 3: Countermeasures based on cryptographic techniques
- 3.3.4 Class 4: Countermeasures based on obfuscation and time techniques
- 3.4 Analysis of Threats and Countermeasures
- 3.4.1 Integrity Interference
- 3.4.2 Integrity modification
- 3.4.3 Availability
- 3.4.4 Confidentiality
- 3.4.5 Authentication
- 3.5 Conclusion
- CHAPTER
- 4.1 Introduction
- 4.2 Mobile Agent Models and Frameworks
- 4.2.1 Trusted environment
- 4.2.2 Open environment
- 4.2.3 Evaluative summary of mobile agent frameworks, architectures and models
- 4.3 Mobile Agent Systems
- 4.3.1 Evaluative summary of mobile agent systems
- 4.4 Mobile Agent System Applications
- 4.4.1 Evaluative summary of mobile agent applications
- 4.5 Conclusion
- CHAPTER
- 5.1 Introduction
- 5.2 Mobile Agent Standards
- 5.3 Challenges in Mobile Agent Security
- 5.3.1 Requirement for sound autonomy and mobility
- 5.3.2 Tolerating changing network and application environments
- 5.3.3 Anticipating remote host support
- 5.3.4 Anticipating the required level of security support
- 5.3.5 Avoiding multiple communication sessions
- 5.3.6 Minimising the computational cost for the deployment countermeasures
- 5.4 Requirements for a Mobile Agent Security Framework
- 5.5 Evaluation of proposed and current countermeasures, frameworks, architectures, models, systems and applications
- 5.5.1 Evaluation of countermeasures
- 5.5.2 Frameworks, architectures and models
- 5.5.3 Mobile agent systems and tools
- 5.5.4 Mobile agent system applications
- 5.6 Conclusion
- CHAPTER
- 6.1 Introduction
- 6.2 Establishing Security Levels
- 6.3 Countermeasures for Security Levels
- 6.4 Conclusion
- CHAPTER
- 7.1 Introduction
- 7.2 Summary of the Proposed Mobile Agent Security Framework
- 7.3 Implementation Specifications
- 7.3.1 Primary software environment
- 7.3.2 Experimentation environment and equipment
- 7.4 Aglet Security Model
- 7.5 Implementation of Framework
- 7.5.1 Basic Closed Level
- 7.5.2 Extended closed security level
- 7.5.3 Basic restricted security level
- 7.5.4 Extended restricted level
- 7.5.5 Basic Open Security Level
- 7.6 Evaluation of Framework
- 7.7 Conclusion
- CHAPTER
- 8.1 Summary of Propositions
- 8.2 Evaluation of Proposed Framework
- 8.2.1 Problems in current systems
- 8.2.2 Countermeasures
- 8.2.3 Security levels
- 8.3 Practical Implementation of the Framework
- 8.4 Drawbacks of the Proposed Framework
- 8.5 Future Research and Possible Extensions
- BIBLIOGRAPHY
- ADDENDUM A
- ADDENDUM B
- ADDENDUM C
- ADDENDUM D
- ADDENDUM E
A FRAMEWORK FOR THE PROTECTION OF MOBILE AGENTS AGAINST MALICIOUS HOSTS