1 / 22

Mobile Agents and Security

Mobile Agents and Security. Presented by: Chan Hing Wing, Anthony March 29, 1999 Room 1027, SHB, CUHK. Introduction. Problem of the Client/Server Paradigm Mobile Code Paradigms and Technologies Security Issues in Distributed Systems Security Concerns for Mobile Code Paradigms

candy
Télécharger la présentation

Mobile Agents and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Agents and Security Presented by: Chan Hing Wing, Anthony March 29, 1999 Room 1027, SHB, CUHK

  2. Introduction • Problem of the Client/Server Paradigm • Mobile Code Paradigms and Technologies • Security Issues in Distributed Systems • Security Concerns for Mobile Code Paradigms • Security Services of Mobile Code Technologies

  3. The Client/Server Paradigm • Client/Server Paradigm • conventional design paradigm (i.e., example or pattern, Webster) of distributed applications • two processes (client and server) running on two different hosts; communicate by message exchange • Example: a simple network file server • handle only one file per client request (I.e., no mput / mget) • file listing service also provided • How to delete all files starting with “f”?

  4. Problems, Client/Server • The only way: • list all files on server • figure out files starting with “f” • delete files one by one • Problems: • large number of exchanged messages (2n+2 messages for deleting n files) • requirement of user-computer interactivity • Solution: • upgrade the server and client (to provide mdelete) • inflexible: how about next time I want mput/mget? • any other solution?

  5. The Mobile Code Paradigm • It would be great if I could send a self-executing code fragment (instead of a single instruction) to the server side, that decides which file to delete for me dynamically! • Advantages • reduced network traffic (only code sending, and perhaps an acknowledgement) • no need for user-computer interactivity

  6. Mobile Code Paradigm (MCP) • Common examples of mobile code: • rsh in Unix (remote evaluation) • SQL queries (remote evaluation) • downloading Java applets (code on demand) • Other possible applications (mobile agent): • mobile computing • electronic commerce, etc.

  7. MCP Classification • know-how: the code to be executed • resources: input/output of code • processor: abstract machine that carries out holds the state of computation

  8. Mobile Agents • Mobile Agents: • The most interesting form of mobile code; one form of “Intelligent Agents”, which is a hot topic in the AI field • Mobility: programs can move across different machines and platforms, and run on different host machines • Agency: programs act autonomously for the their users / owners • Agents can move with different execution states, therefore, they can co-operate to perform complex tasks

  9. Supporting Technologies • Client/Server: Sockets / RPC / CORBA • Remote evaluation: rsh, SQL, etc. • Code on demand: Java applets • Mobile Agents? • Many Mobile Agent Systems (MAS) being developed, e.g., Aglets from IBM, Odyssey from General Magic, and Objectspace’s Voyager (ORB) • OMG is drafting the Mobile Agent System Interoperability Facility (MASIF) to allow for cross-MAS agents under CORBA

  10. Security Issues in Distributed Systems • General system security requirements: • integrity • authenticity • confidentiality • availability, for both code and data • Widely adopted security model: • each particular “computing base” forms a “security fortress”, everything (code, data, users, computers) in the same fortress are trusted

  11. Client/Server Security • Client/Server security: • usually adopt the security fortress model • major challenges: • client/server authentication (establishing trust with another side) • data/request confidentiality across insecure channel (by encryption) • already well developed

  12. Mobile Code Security Concerns • Remote evaluation: • fortress model also applicable • challenges: • code sender/receiver authentication • code encryption across the channel • Code on demand: • can also apply the fortress model • challenges: • client: building trust on downloaded code (sandboxing, applet signing) • server: verifying the correct client (authentication)

  13. Mobile Agent Security • More complex/challenging because of: • roaming agents • co-operating agents • security fortress model does not apply well • Two aspects: • host security: • protecting the host against malicious agents • agent security • protecting the agents against malicious host

  14. Host security • Agent Integrity • sandboxing, run-time verification, proof-carrying code • Agent Authentication • digital signatures (analogy: signed applets) • Authorization • access control lists • Allocation (against denial-of-service attack) • market-based mechanism

  15. Agent Security • Example: • An agent roams around the Internet to look for the lowest price of a air ticket; it remembers the lowest price it finds most recently • Data tampering: change of execution state of agents by malicious hosts (“brain-flush” the agent of the lowest price it remembers) • Execution tampering: change of code or execution sequence by malicious hosts (deliberately set the local price as the lowest price, and push the agent to return immediately)

  16. Agent Protection • Some proposed approaches: • Agent tampering detection • range verification, timing information • addition of dummy items and functions • state appraisal functions, cryptographic watermarks • Agent tampering prevention • shared secrets, interlocking of agents • a fault-tolerance approach • execution of encrypted functions • Not very well developed

  17. Security Services, RPC • Sockets: no security services at all! • Sun RPC: • secure RPC services for authentication (man secure_rpc) with four options • Kerberos v5: authentication, per-session key generation • ssleay: free library functions implementing SSLv3, for authentication and encryption • Proposed standard: Generic Security Services Application Program Interface version 2 (GSS-API v.2) (RFC2078)

  18. Security Services, CORBA • CORBA Security Services specification • required implementation of objects Credentials, Principal Authenticator, Security Context, Access Control, etc. • support authentication, authorization, security auditing, etc. • however, existing implementation of the specification is unknown • some vendors add their own security add-on for their ORB product (e.g., SSL pack for Visibroker)

  19. Security Services of MAS • Aglets and Odyssey: • Host protection based on Java security model (sandboxing and signed applets) • No information about agent protection • Voyager: • SSL for communication security • No details available about host and agent security

  20. Conclusion • Mobile agents as a emerging paradigm to substitute/complement client/server • Mobile agent systems being developed worldwide • Security concerns as a blocking factor • Two different views: mobile agents as security challenge / chance

  21. Questions and Answers

  22. The End

More Related