Advertisement

Macro-level Attention to Mobile Agent Security: Introducing the Mobile Agent Secure Hub Infrastructure Concept

  • Michelangelo Giansiracusa
  • Selwyn Russell
  • Andrew Clark
  • Volker Roth
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3269)

Abstract

The autonomous capabilities of Internet mobile agents are one of their great attractions, yet leave them at the mercy of ill-intending agent platforms. We have devised an infrastructural strategy that allows mobile agent users to delegate responsibility to a trusted third party for the safe management of mobile agents they deploy onto the Internet. Our infrastructural approach is based on a Mobile Agent Secure Hub (MASH) which is capable of providing a large number of security services for agent users and their deployed Internet mobile agents. For instance, the MASH can gather statistics on the track record of agent platforms in providing safe and reliable execution of agents. These publishable statistics act as a deterrent against maliciously behaving agent platforms, as some agent users would be hesitant to send their agents to platforms with unsound track records.

Keywords

Mobile agent protection Trusted Third Party Mobile Agent Secure Hub macro-level issues anonymity accountability reputation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Claessens, J., Preneel, B., Vandewalle, J.: (How) can mobile agents do secure electronic transactions on untrusted hosts? - A survey of the security issues and current solutions (2003) ACM TOIT (February 2003)Google Scholar
  2. 2.
    Hohl, F.: An Approach to Solve the Problem of Malicious Hosts. Technical Report 1997/03, Universitat Stuttgart (1997)Google Scholar
  3. 3.
    Jansen, W.: Countermeasures for Mobile Agent Security. Computer Communications, Special Issue on Advanced Security Techniques for Network Protection (2000)Google Scholar
  4. 4.
    Jansen, W., Karygiannis, T.: Mobile Agent Security. NIST Technical Report. Technical Report, National Institute of Standards and Technology (1999)Google Scholar
  5. 5.
    Posegga, J., Karjoth, G.: Mobile Agents and Telcos’ Nightmares. Annales des Telecomunication, Special issue on communications security (2000)Google Scholar
  6. 6.
    Chan, A.H., Lyu, M.R.: The mobile code paradigm and its security issues (1999), http://www.cse.cuhk.edu.hk/~lyu/student/mphil/anthony/gm99.fall.ppt
  7. 7.
    Farmer, W.M., Guttman, J.D., Swarup, V.: Security for Mobile Agents: Issues and Requirements. In: Presented at the 1996 National Information Systems Security Conference, Baltimore, MD, USA (1996), http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper033/SWARUP96.PDF
  8. 8.
    Hohl, F.: Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 92–113. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    Wilhelm, U.: Cryptographically Protected Objects. Technical report, Ecole Polytechnique Federale de Lausanne, Switzerland (1997)Google Scholar
  10. 10.
    Wilhelm, U.G., Staamann, S., Buttyán, L.: Introducing trusted third parties to the mobile agent paradigm. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 471–491. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    NAI Labs: Secure Execution Environments: Self-Protecting Mobile Agents (2002), http://www.pgp.com/research/nailabs/secure-execution/self-protecting.asp
  12. 12.
    Riordan, J., Schneier, B.: Environmental Key Generation towards Clueless Agents. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 15–24. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Sander, T., Tschudin, C.F.: Protecting Mobile Agents Against Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security, Heidelberg, Germany. LNCS, pp. 44–60. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    Roth, V.: Mutual Protection of Co-operating Agents. In: Secure Internet Programming, pp. 275–285 (1999)Google Scholar
  15. 15.
    Fischmeister, S.: Building Secure Mobile Agents: The Supervisor-Worker Framework. Master’s thesis, Technical University of Vienna (2000)Google Scholar
  16. 16.
    Hohl, F.: A framework to protect mobile agents by using reference states. In: International Conference on Distributed Computing Systems, pp. 410–417 (2000)Google Scholar
  17. 17.
    Giansiracusa, M., Russell, S., Clark, A.: Clever Use of Trusted Third Parties for Mobile Agent Security. In: Applied Cryptography and Network Security – Technical Track, pp. 398–407. ICISA Press (2004)Google Scholar
  18. 18.
    Roth, V.: On the robustness of some cryptographic protocols for mobile agent protection. In: Picco, G.P. (ed.) MA 2001. LNCS, vol. 2240, p. 1. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Roth, V.: Empowering mobile software agents. In: Suri, N. (ed.) MA 2002. LNCS, vol. 2535, pp. 47–63. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Roth, V., Jalali-Sohi, M.: Concepts and architecture of a security-centric mobile agent server. In: Fifth International Symposium on Autonomous Decentralized Systems (ISADS 2001), pp. 435–442. IEEE Computer Society, Los Alamitos (2001)CrossRefGoogle Scholar
  21. 21.
    Giansiracusa, M., Russell, S., Clark, A., Hynd, J.: A Step Closer to a Secure Internet Mobile Agent Community, Submitted to The Fifth Asia-Pacific Industrial Engineering and Management Systems Conference (APIEMS 2004) (2004)Google Scholar
  22. 22.
    Hohl, F.: A Protocol to Detect Malicious Hosts Attacks by Using Reference States. Technical report, Universität Stuttgart, Fakultät Informatik (1999)Google Scholar
  23. 23.
    Farmer, W.M., Guttman, J.D., Swarup, V.: Security for Mobile Agents: Authentication and State Appraisal. In: Proceedings of the Fourth European Symposium on Research in Computer Security, Rome, Italy, pp. 118–130 (1996)Google Scholar
  24. 24.
    Giansiracusa, M., Russell, S., Clark, A., Hynd, J.: MASHIn Reputation Ratings as a Deterrent Against Poor Behaviour. To be submitted to The 3rd Workshop on the Internet, Telecommunications and Signal Processing (WITSP 2004) (2004)Google Scholar
  25. 25.
    Tan, H.K., Moreau, L.: Trust Relationships in a Mobile Agent System. In: Picco, G.P. (ed.) MA 2001. LNCS, vol. 2240, pp. 15–30. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Rasmusson, L., Jansson, S.: Simulated social control for secure Internet commerce, pp. 18–26 (1996)Google Scholar
  27. 27.
    Mandry, T., Pernul, G., Röhm, A.W.: Mobile agents on electronic markets – opportunities, risks and agent protection. In: Klein, S., Gricar, J., Pucihar, A. (eds.) 12th Bled Electronic Commerce Conference, Moderna Organizacija (1999)Google Scholar
  28. 28.
    Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic Security for Mobile Code. In: Proc. IEEE Symposium on Security and Privacy, IEEE, Los Alamitos (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Michelangelo Giansiracusa
    • 1
  • Selwyn Russell
    • 1
  • Andrew Clark
    • 1
  • Volker Roth
    • 2
  1. 1.Information Security Research CentreQueensland University of TechnologyBrisbaneAustralia
  2. 2.Dept. Security TechnologyFrauhofer Institute for Computer GraphicsDarmstadtGermany

Personalised recommendations