1 / 11

COMPSCI 725 Presentation

trisha
Télécharger la présentation

COMPSCI 725 Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. D’Agents: Security in a multiple-language, mobile-agent systemRobert S. Gary, David Kotz, George Cybenko, Daniela RusDartmouth College, Hanover, New Hampshire, USApublished in 1998Presented by Haiying Tan May, 2002 COMPSCI 725 Presentation

  2. Outline • Introduction • D’Agents • Application • Security Architecture • Authentication • Example • Conclusion

  3. Introduction Application Machine B Machine A • Mobile agent --- a program which • Represents a user in a heterogeneous network • Moves autonomously from machine to machine • Functions on behalf of the user • Security in mobile-agent system • -Protect the machine -Protect other agents • -Protect the agent -Protect a group of machines

  4. D‘Agents • A mobile-agent system (formerly named Agent Tcl) developed by Dartmouth College, its agents can be written in Tcl, Java & Scheme. • It provides simple communication facilities, and effective security. • It reduces migration to a single instruction. • The core system has four levels. D’Agents Architecture

  5. Application: Information retrieval Machine 1 ... 2. Send child agents and collect partial results 3. Return merged and filtered results Machine n GUI on home machine Dynamically selected proxy site http://agent.cs.dartmouth.edu/

  6. D‘Agents Security Architecture Incoming agent Agent server 1. Verify digital signature 2. Accept or reject agent 3. Record owner’s identity 4. Start up interpreter 5. Resume agent execution 6. Agent tries to access a resource 7. Ask resource manager for permission 8. Manager responds with grant/deny

  7. Authentication (I) • Task involved in protecting the machine. • Agents & messages can be encrypted to avoid interception, and digitally signed to reliably identify their owner. • Two kinds of agents distinguished. • Owned agent, owner could be authenticated and is on the server’s list of authorized user. • Anonymous agent, owner could not be authenticated or is not on the server’s list of authorized users. • PGP, Pretty Good Privacy • External encryption tool for digital signatures and encryption. • PGP uses RSA, public key cryptography for authentication, and the IDEA algorithm for encryption. • An agent chooses whether to use encryption and signatures when it migrates or sends a message.

  8. Authentication (II) Knows S1 E1 agent_jump Machine A agent_jump S2 E2 F Yes Knows If trusts Knows Machine B agent_begin S0 Home E0 Knows Fig. Encryption for the begin, jump command

  9. Authentication (III) S2 S1 OR E2 E1 F Yes/no Fig. Encryption for the send command Machine A Machine B • Weaknesses of this authentication scheme • Most serious problem: Multi-hop authentication problem. • PGP is extremely slow. • Cannot generate session keys for ongoing communication. • No automatic distribution mechanism for the public keys.

  10. Example Agent agent = new Agent (); // create the agent agent.setSignatures (true); // turn on digital signatures agent.begin ("localhost",timeout);// register with the agent system agent.jump (engineSite,timeout); //migrate to the search engine site // interact with the search engine Message queryMessage = new Message (0, query); AgentId engineAgent = new AgentId (engineSite, "search-engine"); agent.send (engineAgent, queryMessage, timeout); ReceivedMessage resultsMessage = agent.receive (timeout); …… //Return home String homeMachine = agent.getHomeId().getMachine(); agent.jump (homeMachine); Information retrieval agent implemented in java

  11. Conclusion • D’Agents is a simple but powerful mobile- agent system • An academic system with full source available. • Good support for migration. • It protects machines from malicious agents with straightforward security model. ? Questions • What are the advantages of D’Agents authentication scheme, if using this, which kinds of threats are under control?

More Related