Mobile agent based knowledge management in education system

This paper looks into delivering a Mobile Agent Based Knowledge Management System in Education System. Firstly the paper looks at reviewing the issues that are occurring in Knowledge Management System. A proposed system structure is made to show how a mobile agent works and is used in education system. XML Metadata with Aglet is used here for faster retrieval of data. A security framework is also presented to look at protecting a distributed network from malicious mobile agents.We also recommended an intelligent search module for the agent to search the required data

A Security Architecute for Mobile Agent Based Creeper

Mobile agents are active objects that can autonomously migrate in a network to perform tasks on behalf of their owners. Though they offer an important new method of performing transactions and information retrieval in networks, mobile agents also raise several security issues related to the protection of host resources as well as the data carried by an agent itself. Mobile agent technology offers a new computing paradigm in which a program, in the form of a software agent, can suspend its execution on a host computer, transfer itself to another agent-enabled host on the network, and resume execution on the new host. Mobile Agent (MA) technology raises significant security concerns and requires a thorough security framework with a wide range of strategies and mechanisms for the protection of both agent platform and mobile agents against possibly malicious reciprocal behavior. The security infrastructure should have the ability to flexibly and dynamically offer different solutions to achieve different qualities of security service depending on application requirements. The protection of mobile agent systems continues to be an active area of research that will enable future applications to utilize this paradigm of computing. Agent systems and mobile applications must balance security requirements with available security mechanisms in order to meet application level security goals.A security solution has been introduced, which protects both the mobile agent itself and the host resources that encrypt the data before passing it to mobile agent and decrypt it on the visited host sides i.e. it transfers the URL to the Mobile Agent System that will pass that encrypted URL to the server where it will be decrypted and used. The methods of Encryption/Decryption used are a Public-key Cipher System and a Symmetric Cipher System that focuses on submitting data to the server securely. The proposed approach solves the problem of malicious host that can harm mobile agent or the information it contain

A framework for the protection of mobile agents against malicious hosts

The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performanceComputingD.Phil

A secure mobile agent system

Hareketli etmen mimarisi istemci-sunucu çalışma modeline karşın dağıtık işlemeye farklı bir yaklaşım sunmaktadır. Kodun hareketliliğine dayanan hareketli etmen sistemlerinde, güvenlik düşünülmesi gereken önemli bir unsurdur; çünkü artık durağan bir yazılım parçası değil, kodunu ve verisini uzak düğümlere taşıyabilen yazılımlar, yani etmenler söz konusudur. Bu türden hareketli yazılımların hem kodunun hem de verisinin izlenme veya değiştirilmesi gibi yeni güvenlik risklerinin ortaya çıkması kaçınılmazdır. Birbirleri ile haberleşebilen etmenlerin mesajlaşmaları sırasında da aynı tehlikeler söz konusudur. Daha da önemlisi, güvenlik riskleri ile karşı karşıya olan sadece etmenler değildir, etmenleri üzerlerinde çalıştıran düğümler de aynı ölçüde risk altındadırlar. Bu yazıda, hareketli etmen sistemlerindeki mevcut güvenlik tehlikelerini ortadan kaldıracak yeni bir mimarinin tasarım ve gerçeklenme ayrıntıları incelenmiştir. Geliştirilen güvenli etmen sistemi, hem etmenlerin güvenlik gereksinimlerine yanıt vermek, hem de kolay kullanımlı ve esnek bir çalışma ortamı sunmak üzere tasarlanmış ve gerçeklenmiştir. Gelişmiş güvenlik özellikleri yanında sistem, değişen güvenlik ihtiyaçlarına kolay ve anında uyum sağlayabilmek için güvenlik politikalarını kullanmaktadır. Güvenlik politikaları, değişen güvenlik ihtiyaçlarına, hızlı ve etmenin yeniden programlanmasını gerektirmeden cevap verebilmeyi sağlar. Sistem ayrıca sadece etmenlerin değil, etmenlere çalışma ortamı sunan düğümlerin güvenliği için de gerekli mekanizmaları sunmaktadır. Geliştirilmiş olan hareketli etmen sistemi, güçlü bir mesajlaşma altyapısı sunmasının yanında, izlenilebilirlik, yönetilebilirlik ve süreklilik için de esnek arayüzler barındırmaktadır. Sistem katmanlı bir mimariye sahiptir ve geliştirilmeye açıktır. Anahtar Kelimeler: Etmen, hareketli etmen sistemleri, hareketli etmen sistemlerinde güvenlik.According to the accepted definition, an agent is a small application with some special features. Being autonomous, capable of adapting itself to its environment, communicating with other agents for coordination or cooperation, intelligence, ability to clone itself and ability to make decisions are the features that can distinguish an agent from ordinary software. Even though mobility, ability to migrate from one host to another host, is not a required feature, agents with this ability have advantages especially in terms of distributed data processing. A mobile agent is not restricted to the node where it is running and can migrate to anywhere on the network of its own accord. While moving from one host to another, not only the agent's executable code is transferred, but also data that the agent has collected or constructed are transferred as well. Thus, the agent can preserve its state even when it is mobile. The execution framework necessary for a mobile agent is provided by a mobile agent system. This framework simply provides the basic agent related tasks and functions such as agent creation, activation, migration, communication, cloning and destruction. The competence and power of a mobile agent system depends on the flexibility of these functions. Even though using mobile agent technologies provides potential benefits to applications, an agent's ability to move introduces significant security risks. Mobile agents are under security threats during their life times. Since the code is mobile, it can be stolen or altered by a third party. The same danger is present for the messages agents send to each other and for the data that determines the agent's state. Furthermore, not only the agents but also hosts are also under many security risks in mobile agent systems. Several mobile agent systems have been proposed and developed up to now. They all have their software agent specific features. Although most of them have enough features for mobile agents to communicate with each other and migrate to remote hosts, agent security related tasks are not available in most of them. Some provide limited security for agents, but do not provide any features to protect hosts. Most of these mobile agent systems leave the security to agent programmer or to the traditional net work security solutions which may be very difficult and inefficient to implement or integrate. The mobile agent system is expected to include all necessary security mechanisms for both agents and computers hosting mobile agents. The scope of this paper is the design and implementation of a new, secure, flexible, highly available and fast mobile agent system (SECMAP). The architecture of the system is especially designed for security purposes, and requirements not only for agent security but also for host security are also provided. Besides ensuring security of both agents and hosts, SECMAP also presents a very flexible agent programming interface. Naturally, these features play an important role on the usability and popularity of the system. SECMAP also presents a policy based management framework to protect system-level resources and agents against unauthorized access, as well. The policy architecture allows for dynamic manipulation of policy content, which results in an adaptive and flexible framework that eliminates the reprogramming of the agents on changing conditions. Logging and monitoring of the basic agent activities are also possible. Availability is very important for the collaborating agents. For this reason, a mobile agent system should be up and running even only one host in the system is active. When necessary the system should be able to transfer the duties of a dead host to another one in the system. SECMAP includes very powerful algorithms to ensure the availability of the overall system. It accomplishes this by assigning special working modes to different agent servers in the system. Another important feature is that the system and agents can be managed and monitored from a browser in the network. All agents present in the system can be monitored from a single window. Any module of the system can also be managed by a browser from remote hosts. SECMAP is worth being used not only for the security features it presents for agents and hosts, but also for its flexibility and powerful agent programming interface. The system has a layered architecture and is open to be improved with more powerful features. Keywords: Agents, Mobile agent systems, Security in mobile agent systems

Security in mobile agent systems: an approach to protect mobile agents from malicious host attacks

Mobile agents are autonomous programs that roam the Internet from machine to machine under their own control on behalf of their users to perform specific pre-defined tasks. In addition to that, a mobile agent can suspend its execution at any point; transfer itself to another machine then resume execution at the new machine without any loss of state. Such a mobile model can perform many possible types of operations, and might carry critical data that has to be protected from possible attacks. The issue of agent security and specially agent protection from host attacks has been a hot topic and no fully comprehensive solution has been found so far. In this thesis, we examine the possible security attacks that hosts and agents suffer from. These attacks can take one of four possible forms: Attacks from host to host, from agents to hosts, from agents to agents (peer to peer) and finally from hosts to agents. Our main concern in this thesis is these attacks from a malicious host on an agent. These attacks can take many forms including rerouting, spying out code, spying out data, spying out control flow, manipulation of code, manipulation of data, manipulation of control flow, incorrect execution of code, masquerading and denial of execution. In an attempt to solve the problem of malicious host attacks on agents, many partial solutions were proposed. These solutions ranged across simple legal protection, hardware solutions, partitioning, replication and voting, components, self-authentication, and migration history. Other solutions also included using audit logs, read-only state, append only logs, encrypted algorithms, digital signatures, partial result authentication codes, and code mess-up, limited life time of code and data as well as time limited black box security. In this thesis, we present a three-tier solution. This solution is a combination of code mess up, encryption and time out. Choosing code mess-up as part of the solution was due to the several strengths of this method that is based on obfuscating the features of the code so that any attacker will find it very difficult to understand the original code. A new algorithm iii was developed in this thesis to implement code mess-up that uses the concept of variable disguising by altering the values of strings and numerical values. Several encryption algorithms were studied to choose the best algorithm to use in the development of the proposed solution. The algorithms studied included DES, LUCIFER, MADRYGA, NEWDES, FEAL, REDOC, LOKI, KHUFU & KHAFRE, IDEA and finally MMB. The algorithm used was the DES algorithm due to several important factors including its key length. Not any language can be used to implement mobile agents. Candidate languages should possess the portability characteristic and should be safe and secure enough to guarantee a protection for the mobile agent. In addition to that the language should be efficient in order to minimize the implementation overhead and the overhead of providing safety and security. Languages used to implement mobile agents include Java, Limbo, Telescript, and Safe TCL. The Java language was chosen as the programming language for this thesis due to its high security, platform independence, and multithreading. This is in addition to several powerful features that characterize the Java language as will be mentioned later on. Implementing a mobile agent requires the assistance of a mobile agent system that helps in launching the agent from one host to another. There are many existing agent launching systems like Telescript, Aglets, Tacoma, Agent TCL and Concordia. Concordia was chosen to be the implementation tool used to launch our mobile agent. It is a software framework for developing, running and administering mobile agents, and it proved to be very efficient, and effective. The results of our proposed solutions showed the strength of the proposed model in terms of fully protecting the mobile agent from possible malicious host attacks. The model could have several points of enhancements. These enhancements include changing the code mess-up algorithm to a more powerful one, using a different encryption technique, and implementing an agent re-charge mechanism to recharge the agent after it is timeout

Secure migration of WebAssembly-based mobile agents between secure enclaves

Cryptography and security protocols are today commonly used to protect data at-rest and in-transit. In contrast, protecting data in-use has seen only limited adoption. Secure data transfer methods employed today rarely provide guarantees regarding the trustworthiness of the software and hardware at the communication endpoints. The field of study that addresses these issues is called Trusted or Confidential Computing and relies on the use of hardware-based techniques. These techniques aim to isolate critical data and its processing from the rest of the system. More specifically, it investigates the use of hardware isolated Secure Execution Environments (SEEs) where applications cannot be tampered with during operation. Over the past few decades, several implementations of SEEs have been introduced, each based on a different hardware architecture. However, lately, the trend is to move towards architecture-independent SEEs. As part of this, Huawei research project is developing a secure enclave framework that enables secure execution and migration of applications (mobile agents), regardless of the underlying architecture. This thesis contributes to the development of the framework by participating in the design and implementation of a secure migration scheme for the mobile agents. The goal is a scheme wherein it is possible to transfer the mobile agent without compromising the security guarantees provided by SEEs. Further, the thesis also provides performance measurements of the migration scheme implemented in a proof of concept of the framework

Preemptive mobile code protection using spy agents

This thesis introduces 'spy agents' as a new security paradigm for evaluating trust in remote hosts in mobile code scenarios. In this security paradigm, a spy agent, i.e. a mobile agent which circulates amongst a number of remote hosts, can employ a variety of techniques in order to both appear 'normal' and suggest to a malicious host that it can 'misuse' the agent's data or code without being held accountable. A framework for the operation and deployment of such spy agents is described. Subsequently, a number of aspects of the operation of such agents within this framework are analysed in greater detail. The set of spy agent routes needs to be constructed in a manner that enables hosts to be identified from a set of detectable agent-specific outcomes. The construction of route sets that both reduce the probability of spy agent detection and support identification of the origin of a malicious act is analysed in the context of combinatorial group testing theory. Solutions to the route set design problem are proposed. A number of spy agent application scenarios are introduced and analysed, including: a) the implementation of a mobile code email honeypot system for identifying email privacy infringers, b) the design of sets of agent routes that enable malicious host detection even when hosts collude, and c) the evaluation of the credibility of host classification results in the presence of inconsistent host behaviour. Spy agents can be used in a wide range of applications, and it appears that each application creates challenging new research problems, notably in the design of appropriate agent route sets

A trust based approach to mobile multi-agent systems.

This thesis undertakes to provide an architecture and understanding of the incorporation of trust into the paradigm of mobile multi-agent systems. Trust deliberation is a soft security approach to the problem of mobile agent security whereby an agent is protected from the malicious behaviour of others within the system. Using a trust approach capitalises on observing malicious behaviour rather than preventing it. We adopt an architectural approach to trust such than we do not provide a model in itself, numerous mathematical models for the calculation of trust based on a history of observations already exist. Rather we look to provide the framework enabling such models to be utilised by mobile agents. As trust is subjective we envisage a system whereby individual agents will use different trust models or different weighting mechanisms. Three architectures are provided. Centralised whereby the platform itself provides all of the services needed by an agent to make observations and calculate trust. Decentralised in which each individual agent is responsible for making observations, communicating trust and the calculation of its own trust in others. A hybrid architecture such that trust mechanisms are provided by the platform and additionally are embedded within the agents themselves. As an optimisation of the architectures proposed in this thesis, we introduce the notion of trust communities. A community is used as a means to represent the trust information in categorisations dependant upon various properties. Optimisation occurs in two ways; firstly with subjective communities and secondly with system communities. A customised implementation framework of the architectures is introduced in the form of our TEMPLE (Trust Enabled Mobile-agent PLatform Environment) and stands as the underpinning of a case-study implementation in order to provide empirical evidence in the form of scenario test-bed data as to the effectiveness of each architecture. The case study chosen for use in a trust based system is that of a fish market' as given the number of interactions, entities, and migration of agents involved in the system thus, providing substantial output data based upon the trust decisions made by agents. Hence, a good indicator of the effectiveness of equipping agents with trust ability using our architectures