Framework for Securing Mobile Software Agents

Information systems are growing in size and complexity making it infeasible for human administrators to manage them. The aim of this work is to study ways of securing and using mobile software agents to deter attackers, protect information systems, detect intrusions, automatically respond to the intrusions and attacks, and to produce recovery services to systems after attacks. Current systems provide intrusion detection, prevention, protection, response, and recovery services but most of these services are manual and the reaction time is usually from a number of hours to days depending on the complexity of the systems. There are efforts of using mobile software agents to provide these services automatically, thereby reducing reaction time, but the technology is not widely accepted due to security issues of mobile agents. In this work, we have created a framework for securing mobile software agents in information systems. Communication security between platforms, protection of the baggage carried by agents, and protection of agents are provided. The framework has five components: deterrence, protection, detection, response and recovery sub-systems. The framework has been partially implemented and has an interface for administrators, monitored systems, NIST vulnerability database, patches‘ database, sensors, and Secure Mobile agents Run-Time System. This framework provides security for mobile agents at different levels and this increases trust in agents‘ technology. The response time, after intrusions are detected, is shortened. The framework helps systems to adapt by improving the performance of new generations of agents.QC 2011060