41,223 research outputs found
A trustworthy mobile agent infrastructure for network management
Despite several advantages inherent in mobile-agent-based approaches to network management as compared to traditional SNMP-based approaches, industry is reluctant to adopt the mobile agent paradigm as a replacement for the existing manager-agent model; the management community requires an evolutionary, rather than a revolutionary, use of mobile agents. Furthermore, security for distributed management is a major concern; agent-based management systems inherit the security risks of mobile agents. We have developed a Java-based mobile agent infrastructure for network management that enables the safe integration of mobile agents with the SNMP protocol. The security of the system has been evaluated under agent to agent-platform and agent to agent attacks and has proved trustworthy in the performance of network management tasks
Preventing Supply Chain Vulnerabilities in Java with a Fine-Grained Permission Manager
Integrating third-party packages accelerates modern software engineering, but
introduces the risk of software supply chain vulnerabilities. Vulnerabilities
in applications' dependencies are being exploited worldwide. Often, these
exploits leverage features that are present in a package, yet unneeded by an
application. Unfortunately, the current generation of permission managers, such
as SELinux, Docker containers, and the Java Security Manager, are too
coarse-grained to usefully support engineers and operators in mitigating these
vulnerabilities. Current approaches offer permissions only at the application's
granularity, lumping legitimate operations made by safe packages with
illegitimate operations made by exploited packages. This strategy does not
reflect modern engineering practice. we need a permission manager capable of
distinguishing between actions taken by different packages in an application's
supply chain.
In this paper, we describe Next-JSM, the first fine-grained ("supply chain
aware") permission manager for Java applications. Next-JSM supports permission
management at package-level granularity. Next-JSM faces three key challenges:
operating on existing JVMs and without access to application or package source
code, minimizing performance overhead in applications with many packages, and
helping operators manage finer-grained permissions. We show that these
challenges can be addressed through bytecode rewriting; appropriate data
structures and algorithms; and an expressive permission notation plus automated
tooling to establish default permission. In our evaluation, we report that
Next-JSM mitigates 11 of the 12 package vulnerabilities we evaluated and incurs
an average 2.72% overhead on the Dacapobench benchmark. Qualitatively, we argue
that Next-JSM addresses the shortcomings of the (recently deprecated) Java
Security Manager (JSM).Comment: 15 pages, 5 figures, 5 table
Next-Generation EU DataGrid Data Management Services
We describe the architecture and initial implementation of the
next-generation of Grid Data Management Middleware in the EU DataGrid (EDG)
project.
The new architecture stems out of our experience and the users requirements
gathered during the two years of running our initial set of Grid Data
Management Services. All of our new services are based on the Web Service
technology paradigm, very much in line with the emerging Open Grid Services
Architecture (OGSA). We have modularized our components and invested a great
amount of effort towards a secure, extensible and robust service, starting from
the design but also using a streamlined build and testing framework.
Our service components are: Replica Location Service, Replica Metadata
Service, Replica Optimization Service, Replica Subscription and high-level
replica management. The service security infrastructure is fully GSI-enabled,
hence compatible with the existing Globus Toolkit 2-based services; moreover,
it allows for fine-grained authorization mechanisms that can be adjusted
depending on the service semantics.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics
(CHEP03), La Jolla,Ca, USA, March 2003 8 pages, LaTeX, the file contains all
LaTeX sources - figures are in the directory "figures
A Lightweight and Flexible Mobile Agent Platform Tailored to Management Applications
Mobile Agents (MAs) represent a distributed computing technology that
promises to address the scalability problems of centralized network management.
A critical issue that will affect the wider adoption of MA paradigm in
management applications is the development of MA Platforms (MAPs) expressly
oriented to distributed management. However, most of available platforms impose
considerable burden on network and system resources and also lack of essential
functionality. In this paper, we discuss the design considerations and
implementation details of a complete MAP research prototype that sufficiently
addresses all the aforementioned issues. Our MAP has been implemented in Java
and tailored for network and systems management applications.Comment: 7 pages, 5 figures; Proceedings of the 2006 Conference on Mobile
Computing and Wireless Communications (MCWC'2006
Quire: Lightweight Provenance for Smart Phone Operating Systems
Smartphone apps often run with full privileges to access the network and
sensitive local resources, making it difficult for remote systems to have any
trust in the provenance of network connections they receive. Even within the
phone, different apps with different privileges can communicate with one
another, allowing one app to trick another into improperly exercising its
privileges (a Confused Deputy attack). In Quire, we engineered two new security
mechanisms into Android to address these issues. First, we track the call chain
of IPCs, allowing an app the choice of operating with the diminished privileges
of its callers or to act explicitly on its own behalf. Second, a lightweight
signature scheme allows any app to create a signed statement that can be
verified anywhere inside the phone. Both of these mechanisms are reflected in
network RPCs, allowing remote systems visibility into the state of the phone
when an RPC is made. We demonstrate the usefulness of Quire with two example
applications. We built an advertising service, running distinctly from the app
which wants to display ads, which can validate clicks passed to it from its
host. We also built a payment service, allowing an app to issue a request which
the payment service validates with the user. An app cannot not forge a payment
request by directly connecting to the remote server, nor can the local payment
service tamper with the request
Remote attestation mechanism for embedded devices based on physical unclonable functions
Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices-especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire-depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance. © 2013 The authors and IOS Press. All rights reserved
- …