A trustworthy mobile agent infrastructure for network management

Despite several advantages inherent in mobile-agent-based approaches to network management as compared to traditional SNMP-based approaches, industry is reluctant to adopt the mobile agent paradigm as a replacement for the existing manager-agent model; the management community requires an evolutionary, rather than a revolutionary, use of mobile agents. Furthermore, security for distributed management is a major concern; agent-based management systems inherit the security risks of mobile agents. We have developed a Java-based mobile agent infrastructure for network management that enables the safe integration of mobile agents with the SNMP protocol. The security of the system has been evaluated under agent to agent-platform and agent to agent attacks and has proved trustworthy in the performance of network management tasks

Cryptography Based Hybrid Security Architecture for Mobile Multi Agents

Distributed Computing is the current area of research. Many researchers are working in area of Distributed Computing and trying to find a solution for the security and other issues. In Distributed Computing the mobile agents are the very important thing. When different mobile agents work in the same environment simultaneously it becomes a very important issue. Mobile agents have automatic, pro-active, and dynamic problem solving behaviors. However, scope of this paper is limited to analyze the existing security approaches for Mobile Multi Agent System. Security issues of mobile agent address the problem of securing and protecting agents from the attack of malicious hosts and other agents as well as securing the host from attack of malicious agents. This paper introduces a new approach of security for agent from other agents. Paper discusses Cryptography Based Hybrid Security Architecture with trust and reputation named CBHSA. It breaks the security of MA in two parts. The first level of security is work on the MA and second level of security is maintained on network. The model CBHSA, its different components and security of MA during movements around the network are discussed in this paper. This paper emphasis on the security of MA’s during migration within the network or outside the network

A Security Model for Mobile Agents using X.509 Proxy Certificates

Mobile agent technology presents an attractive alternative to the client-server paradigm for several network and real-time applications. However, for most applications, the lack of a viable agent security model has limited the adoption of the agent paradigm. This thesis presents a security model for mobile agents based on a security infrastructure for Computational Grids, and specifically, on X.509 Proxy Certificates. Proxy Certificates serve as credentials for Grid applications, and their primary purpose is temporary delegation of authority. Exploiting the similarity between Grid applications and mobile agent applications, this thesis motivates the use of Proxy Certificates as credentials for mobile agents. A new extension for Proxy Certificates is proposed in order to make them suited to mobile agent applications, and mechanisms are presented for agent-to-host authentication, restriction of agent privileges, and secure delegation of authority during spawning of new agents. Finally, the implementation of the proposed security mechanisms as modules within a multi-lingual and modular agent infrastructure, the Distributed Agent Delivery System, is discussed

Mobile agent security and reliability issues in electronic commerce.

Chan, Hing-wing.Thesis (M.Phil.)--Chinese University of Hong Kong, 2000.Includes bibliographical references (leaves 76-79).Abstracts in English and Chinese.Abstract --- p.iAbstract (Chinese) --- p.iiAcknowledgements --- p.iiiContents --- p.ivList of Figures --- p.viiList of Tables --- p.viiiChapter Chapter 1. --- Introduction --- p.1Chapter 1.1. --- Mobile Agents and the Problems --- p.1Chapter 1.2. --- Approach --- p.3Chapter 1.3. --- Contributions --- p.3Chapter 1.4. --- Organization of This Thesis --- p.4Chapter Chapter 2. --- The Mobile Code Paradigm --- p.6Chapter 2.1. --- Mobile Code: an Alternative to Client/Servers --- p.6Chapter 2.1.1. --- Classification of Mobile Codes --- p.8Chapter 2.1.2. --- Applications of Mobile Code Paradigms --- p.10Chapter 2.1.3. --- Supporting Implementation Technologies --- p.11Chapter 2.2. --- The Problems of Mobile Code --- p.13Chapter 2.2.1. --- Security Issues in Distributed Systems --- p.13Chapter 2.2.2. --- Security Concerns of Mobile Code Paradigms --- p.15Chapter 2.2.2.1. --- Security Attacks --- p.15Chapter 2.2.2.2. --- Security Mechanisms --- p.17Chapter 2.2.2.3. --- A Security Comparison between Paradigms --- p.20Chapter 2.2.3. --- Security Features of Implementation Technologies --- p.20Chapter 2.2.3.1. --- Security Services of Message-based Technology --- p.21Chapter 2.2.3.2. --- Security Services of Object-based Technology --- p.21Chapter 2.2.3.3. --- Security Services of Mobile Technology --- p.22Chapter 2.2.3.4. --- A Comparison of Technologies on Security Services --- p.22Chapter 2.3. --- Chapter Summary --- p.23Chapter Chapter 3. --- "Mobile Agents, Its Security and Reliability Issues" --- p.24Chapter 3.1. --- Advantages and Applications of Mobile Agents --- p.24Chapter 3.2. --- Security Concerns of Mobile Agents --- p.26Chapter 3.2.1. --- Host Security --- p.27Chapter 3.2.2. --- Agent Security --- p.27Chapter 3.3. --- Techniques to Protect Mobile Agents --- p.29Chapter 3.3.1. --- Protected Agent States --- p.29Chapter 3.3.2. --- Mobile Cryptography --- p.30Chapter 3.4. --- Reliability Concerns of Mobile Agents --- p.31Chapter Chapter 4. --- Security and Reliability Modeling for Mobile Agents --- p.32Chapter 4.1. --- Attack Model and Scenarios --- p.33Chapter 4.2. --- General Security Models --- p.34Chapter 4.2.1. --- Security and Reliability --- p.34Chapter 4.2.2. --- Deriving Security Models --- p.36Chapter 4.2.3. --- The Time-to-Effort Function --- p.38Chapter 4.3. --- A Security Model for Mobile Agents --- p.40Chapter 4.4. --- Discussion of the Proposed Model --- p.43Chapter 4.5. --- A Reliability Model for Mobile Agents --- p.43Chapter Chapter 5. --- The Concordia Mobile Agent Platform --- p.46Chapter 5.1. --- Overview --- p.46Chapter 5.2. --- Special Features --- p.47Chapter Chapter 6. --- SIAS: A Shopping Information Agent System --- p.49Chapter 6.1. --- What the System Does --- p.49Chapter 6.2. --- System Design --- p.50Chapter 6.2.1. --- Object Description --- p.50Chapter 6.2.2. --- Flow Description --- p.52Chapter 6.3. --- Implementation --- p.53Chapter 6.3.1. --- Choice of Programming Language --- p.53Chapter 6.3.2. --- Choice of Mobile Agent Platform --- p.53Chapter 6.3.3. --- Other Implementation Details --- p.54Chapter 6.4. --- Snapshots --- p.54Chapter 6.5. --- Security Design of SIAS --- p.57Chapter 6.5.1. --- Security Problems of SIAS --- p.58Chapter 6.5.2. --- Our Solutions to the Problems --- p.60Chapter 6.5.3. --- Evaluation of the Secure SIAS --- p.64Chapter 6.5.3.1. --- Security Analysis --- p.64Chapter 6.5.3.2. --- Performance Vs Query Size --- p.65Chapter 6.5.3.3. --- Performance Vs Number of Hosts --- p.67Chapter 6.6. --- Reliability Design of SIAS --- p.69Chapter 6.6.1. --- Reliability Problems of SIAS --- p.69Chapter 6.6.2. --- Our Solutions to the Problems --- p.70Chapter 6.6.3. --- Evaluation of the Reliable SIAS --- p.71Chapter Chapter 7. --- Conclusions and Future Work --- p.73Bibliography --- p.7

Evolution of network computing paradigms: applications of mobile agents in wired and wireless networks

The World Wide Web (or Web for short) is the largest client-server computing system commonly available, which is used through its widely accepted universal client (the Web browser) that uses a standard communication protocol known as the HyperText Transfer Protocol (HTTP) to display information described in the HyperText Markup Language (HTML). The current Web computing model allows the execution of server-side applications such as Servlets and client-side applications such as Applets. However, it offers limited support for another model of network computing where users would be able to use remote, and perhaps more powerful, machines for their computing needs. The client-server model enables anyone with a Web-enabled device ranging from desktop computers to cellular telephones, to retrieve information from the Web. In today's information society, however, users are overwhelmed by the information with which they are confronted on a daily basis. For subscribers of mobile wireless data services, this may present a problem. Wireless handheld devices, such as cellular telephones are connected via wireless networks that suffer from low bandwidth and have a greater tendency for network errors. In addition, wireless connections can be lost or degraded by mobility. Therefore, there a need for entities that act on behalf of users to simplify the tasks of discovering and managing network computing resources. It has been said that software agents are a solution in search of a problem. Mobile agents, however, are inherently distributed in nature, and therefore they represent a natural view of a distributed system. They provide an ideal mechanism for implementing complex systems, and they are well suited for applications that are communicationscentric such as Web-based network computing. Another attractive area of mobile agents is processing data over unreliable networks (such as wireless networks). In such an environment, the low reliability network can be used to transfer agents rather than a chunk. of data. The agent can travel to the nodes of the network, collect or process information without the risk of network disconnection, then return home. The publications of this doctorate by published works report on research undertaken in the area of distributed systems with emphasis on network computing paradigms, Web-based distributed computing, and the applications of mobile agents in Web-based distributed computing and wireless computing. The contributions of this collection of related papers can be summarized in four points. First, I have shown how to extend the Web to include computing resources; to illustrate the feasibility of my approach I have constructed a proof of concept implementation. Second, a mobile agent-based approach to Web-based distributed computing, that harness the power of the Web as a computing resource, has been proposed and a system has been prototyped. This, however, means that users will be able to use remote machines to execute their code, but this introduces a security risk. I need to make sure that malicious users cannot harm the remote system. For this, a security policy design pattern for mobile Java code has been developed. Third, a mediator-based approach to wireless client/server computing has been proposed and guidelines for implementing it have been published. This approach allows access to Internet services and distributed object systems from resource-constraint handheld wireless devices such as cellular telephones. Fourth and finally, a mobile agent-based approach to the Wireless Internet has been designed and implemented. In this approach, remote mobile agents can be accessed and used from wireless handheld devices. Handheld wireless devices will benefit greatly from this approach since it overcomes wireless network limitations such as low bandwidth and disconnection, and enhances the functionality of services by being able to operate without constant user input

Unified architecture of mobile ad hoc network security (MANS) system

In this dissertation, a unified architecture of Mobile Ad-hoc Network Security (MANS) system is proposed, under which IDS agent, authentication, recovery policy and other policies can be defined formally and explicitly, and are enforced by a uniform architecture. A new authentication model for high-value transactions in cluster-based MANET is also designed in MANS system. This model is motivated by previous works but try to use their beauties and avoid their shortcomings, by using threshold sharing of the certificate signing key within each cluster to distribute the certificate services, and using certificate chain and certificate repository to achieve better scalability, less overhead and better security performance. An Intrusion Detection System is installed in every node, which is responsible for colleting local data from its host node and neighbor nodes within its communication range, pro-processing raw data and periodically broadcasting to its neighborhood, classifying normal or abnormal based on pro-processed data from its host node and neighbor nodes. Security recovery policy in ad hoc networks is the procedure of making a global decision according to messages received from distributed IDS and restore to operational health the whole system if any user or host that conducts the inappropriate, incorrect, or anomalous activities that threaten the connectivity or reliability of the networks and the authenticity of the data traffic in the networks. Finally, quantitative risk assessment model is proposed to numerically evaluate MANS security

Towards a Framework for Developing Mobile Agents for Managing Distributed Information Resources

Distributed information management tools allow users to author, disseminate, discover and manage information within large-scale networked environments, such as the Internet. Agent technology provides the flexibility and scalability necessary to develop such distributed information management applications. We present a layered organisation that is shared by the specific applications that we build. Within this organisation we describe an architecture where mobile agents can move across distributed environments, integrate with local resources and other mobile agents, and communicate their results back to the user

Towards trusted volunteer grid environments

Intensive experiences show and confirm that grid environments can be considered as the most promising way to solve several kinds of problems relating either to cooperative work especially where involved collaborators are dispersed geographically or to some very greedy applications which require enough power of computing or/and storage. Such environments can be classified into two categories; first, dedicated grids where the federated computers are solely devoted to a specific work through its end. Second, Volunteer grids where federated computers are not completely devoted to a specific work but instead they can be randomly and intermittently used, at the same time, for any other purpose or they can be connected or disconnected at will by their owners without any prior notification. Each category of grids includes surely several advantages and disadvantages; nevertheless, we think that volunteer grids are very promising and more convenient especially to build a general multipurpose distributed scalable environment. Unfortunately, the big challenge of such environments is, however, security and trust. Indeed, owing to the fact that every federated computer in such an environment can randomly be used at the same time by several users or can be disconnected suddenly, several security problems will automatically arise. In this paper, we propose a novel solution based on identity federation, agent technology and the dynamic enforcement of access control policies that lead to the design and implementation of trusted volunteer grid environments.Comment: 9 Pages, IJCNC Journal 201