Securing dynamic itineraries for mobile agent applications

In this paper we present a novel mechanism for the protection of dynamic itineraries for mobile agent applications. Itineraries that are decided as the agent goes are essential in complex applications based on mobile agents, but no approach has been presented until now to protect them. We have conceived a cryptographic scheme for shielding dynamic itineraries from tampering, impersonation and disclosure. By using trust strategically, our scheme provides a balanced trade-off between flexibility and security. Our protection scheme has been thought always bearing in mind a feasible implementation, and thus facilitates the development of applications that make use of it. An example application based on a real healthcare scenario is also presented to show its operation

A framework for the protection of mobile agents against malicious hosts

The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performanceComputingD.Phil

A secure protocol based on a sedentary agent for mobile agent environments

The main challenge when deploying mobile agent environments pertains to security issues concerning mobile agents and their executive platform. This paper proposes a secure protocol which protects mobile agents against attacks from malicious hosts in these environments. Protection is based on the perfect cooperation of a sedentary agent running inside a trusted third host. Results show that the protocol detects several attacks, such as denial of service, incorrect execution and re-execution of the mobile agent code. Results also indicate that the traffic generated and run time are barely affected

Architectural components for the efficient design of mobile agent systems

Over the past eighteen months, there has been a renewed interest in mobile agent technology due to the continued exponential growth of Internet applications, the establishment of open standards for these applications, as well as the semantic web developments. However, the lack of a standardised programming model addressing all aspects of mobile agent systems prevents widespread deployment of the potentially useful technology. The architectural requirements dealing with all aspects of a mobile agent system are not clearly stipulated. As a result, the commercially available mobile agent systems and mobile agent tool kits address different mobile agent issues, and little reuse of available technologies and architectures takes place. The purpose of this paper is to describe an architectural model that identifies the components representing the essential aspects of a mobile agent system. Due to the intensive nature of development, implementation and testing of this model, we describe preliminary work. However, in the meanwhile, there are benefits associated with this preliminary model, namely that it provides a clear understanding of the architectural issues of mobile agent computing, giving novice researchers and practitioners who enters the field for the first time a foundation for making sensible decisions when researching, designing and developing mobile agents. The model is also significant in that it provides a benchmark for researchers and developers to measure the capabilities of mobile agents created by commercially available tool kits.Mobile Agent Systems, Software architecture modelSchool of Computin

Security in mobile agent systems: an approach to protect mobile agents from malicious host attacks

Mobile agents are autonomous programs that roam the Internet from machine to machine under their own control on behalf of their users to perform specific pre-defined tasks. In addition to that, a mobile agent can suspend its execution at any point; transfer itself to another machine then resume execution at the new machine without any loss of state. Such a mobile model can perform many possible types of operations, and might carry critical data that has to be protected from possible attacks. The issue of agent security and specially agent protection from host attacks has been a hot topic and no fully comprehensive solution has been found so far. In this thesis, we examine the possible security attacks that hosts and agents suffer from. These attacks can take one of four possible forms: Attacks from host to host, from agents to hosts, from agents to agents (peer to peer) and finally from hosts to agents. Our main concern in this thesis is these attacks from a malicious host on an agent. These attacks can take many forms including rerouting, spying out code, spying out data, spying out control flow, manipulation of code, manipulation of data, manipulation of control flow, incorrect execution of code, masquerading and denial of execution. In an attempt to solve the problem of malicious host attacks on agents, many partial solutions were proposed. These solutions ranged across simple legal protection, hardware solutions, partitioning, replication and voting, components, self-authentication, and migration history. Other solutions also included using audit logs, read-only state, append only logs, encrypted algorithms, digital signatures, partial result authentication codes, and code mess-up, limited life time of code and data as well as time limited black box security. In this thesis, we present a three-tier solution. This solution is a combination of code mess up, encryption and time out. Choosing code mess-up as part of the solution was due to the several strengths of this method that is based on obfuscating the features of the code so that any attacker will find it very difficult to understand the original code. A new algorithm iii was developed in this thesis to implement code mess-up that uses the concept of variable disguising by altering the values of strings and numerical values. Several encryption algorithms were studied to choose the best algorithm to use in the development of the proposed solution. The algorithms studied included DES, LUCIFER, MADRYGA, NEWDES, FEAL, REDOC, LOKI, KHUFU & KHAFRE, IDEA and finally MMB. The algorithm used was the DES algorithm due to several important factors including its key length. Not any language can be used to implement mobile agents. Candidate languages should possess the portability characteristic and should be safe and secure enough to guarantee a protection for the mobile agent. In addition to that the language should be efficient in order to minimize the implementation overhead and the overhead of providing safety and security. Languages used to implement mobile agents include Java, Limbo, Telescript, and Safe TCL. The Java language was chosen as the programming language for this thesis due to its high security, platform independence, and multithreading. This is in addition to several powerful features that characterize the Java language as will be mentioned later on. Implementing a mobile agent requires the assistance of a mobile agent system that helps in launching the agent from one host to another. There are many existing agent launching systems like Telescript, Aglets, Tacoma, Agent TCL and Concordia. Concordia was chosen to be the implementation tool used to launch our mobile agent. It is a software framework for developing, running and administering mobile agents, and it proved to be very efficient, and effective. The results of our proposed solutions showed the strength of the proposed model in terms of fully protecting the mobile agent from possible malicious host attacks. The model could have several points of enhancements. These enhancements include changing the code mess-up algorithm to a more powerful one, using a different encryption technique, and implementing an agent re-charge mechanism to recharge the agent after it is timeout

Mobile-agent based multi-constraint one-to-many bilateral e-Negotiation framework

The thesis proposes a multi-constraint one-to-many bilateral e-Trade negotiation framework. It deploys mobile agents in negotiation, considers trading competition between vendors and search space, efficiently manages the risk of losing top utility offers that expire before the negotiation deadline, accurately evaluates offers, and truly maintains the security of negotiation data

Multi-agent based architecture for digital libraries

Digital Libraries (DL) generally contain a collection of independently maintained data sets, in different formats, which may be queried by geographically dispersed users. The general problem of managing such large digital data archives is particularly challenging when the system must cope with data which is processed on demand. This dissertation proposes a Multi-Agent System (MAS) architecture for the utilisation of an active DL that provides computing services in addition to data-retrieval services, so that users can initiate computing jobs on remote supercomputers for processing, mining, and filtering of the data in the library. The system architecture is based on a collaborative set of agents, where each agent undertakes a pre-defined role, and is responsible for offering a particular type of service. The integration of services is based on a user defined query which can range in complexity from simple queries, to specialised algorithms which are transmitted to image processing archives as mobile agents. The proposed architecture enables new information sources and services to be integrated into the system dynamically, supports autonomous and dynamic on-demand data processing based on collaboration between agents, capable of handling a large number of concurrent users. Focus is based on the management of mobile agents which roam through the servers that constitute the DL to serve user queries. A new load balancing scheme is proposed for managing agent load among the available servers, based on the system state information and predictions about lifetime of agent tasks and server status. The system architecture is further extended by defining a gateway to provide interoperability with other heterogeneous agent-based systems. Interoperability in this sense enables agents from different types of platforms to communicate between themselves and use services provided by other systems. The novelty of the proposed gateway approach lies in the ability to adapt an existing legacy system for use with the agent-based approach (and one that adheres to FIPA standards). A prototype has been developed as a proof-of-concept to outline the principles and ideas involved, with reference to the Synthetic Aperture Radar Atlas (SARA) DL composed of multi-spectral remote-sensing imagery of the Earth. Although, the work presented in this dissertation has been evaluated in the context of SARA DL, the proposed techniques suggest useful guidelines that may be employed by other active archival systems