Secure e-transactions using mobile agents with agent broker

This paper presents an e-transactions protocol using mobile agents. However, when mobile agents travel to a number of servers for searching optimal purchase for the underlying customer, the mobile codes should be protected. We integrate a secure signature algorithm with the e-transaction algorithm to maintain the security. In addition, an agent broker is involved in the algorithm that will help to reduce the communications among the mobile agents, the customer, and the servers. We have presented security and privacy analysis for the proposed protocol

A secure mobile agent system

Hareketli etmen mimarisi istemci-sunucu çalışma modeline karşın dağıtık işlemeye farklı bir yaklaşım sunmaktadır. Kodun hareketliliğine dayanan hareketli etmen sistemlerinde, güvenlik düşünülmesi gereken önemli bir unsurdur; çünkü artık durağan bir yazılım parçası değil, kodunu ve verisini uzak düğümlere taşıyabilen yazılımlar, yani etmenler söz konusudur. Bu türden hareketli yazılımların hem kodunun hem de verisinin izlenme veya değiştirilmesi gibi yeni güvenlik risklerinin ortaya çıkması kaçınılmazdır. Birbirleri ile haberleşebilen etmenlerin mesajlaşmaları sırasında da aynı tehlikeler söz konusudur. Daha da önemlisi, güvenlik riskleri ile karşı karşıya olan sadece etmenler değildir, etmenleri üzerlerinde çalıştıran düğümler de aynı ölçüde risk altındadırlar. Bu yazıda, hareketli etmen sistemlerindeki mevcut güvenlik tehlikelerini ortadan kaldıracak yeni bir mimarinin tasarım ve gerçeklenme ayrıntıları incelenmiştir. Geliştirilen güvenli etmen sistemi, hem etmenlerin güvenlik gereksinimlerine yanıt vermek, hem de kolay kullanımlı ve esnek bir çalışma ortamı sunmak üzere tasarlanmış ve gerçeklenmiştir. Gelişmiş güvenlik özellikleri yanında sistem, değişen güvenlik ihtiyaçlarına kolay ve anında uyum sağlayabilmek için güvenlik politikalarını kullanmaktadır. Güvenlik politikaları, değişen güvenlik ihtiyaçlarına, hızlı ve etmenin yeniden programlanmasını gerektirmeden cevap verebilmeyi sağlar. Sistem ayrıca sadece etmenlerin değil, etmenlere çalışma ortamı sunan düğümlerin güvenliği için de gerekli mekanizmaları sunmaktadır. Geliştirilmiş olan hareketli etmen sistemi, güçlü bir mesajlaşma altyapısı sunmasının yanında, izlenilebilirlik, yönetilebilirlik ve süreklilik için de esnek arayüzler barındırmaktadır. Sistem katmanlı bir mimariye sahiptir ve geliştirilmeye açıktır. Anahtar Kelimeler: Etmen, hareketli etmen sistemleri, hareketli etmen sistemlerinde güvenlik.According to the accepted definition, an agent is a small application with some special features. Being autonomous, capable of adapting itself to its environment, communicating with other agents for coordination or cooperation, intelligence, ability to clone itself and ability to make decisions are the features that can distinguish an agent from ordinary software. Even though mobility, ability to migrate from one host to another host, is not a required feature, agents with this ability have advantages especially in terms of distributed data processing. A mobile agent is not restricted to the node where it is running and can migrate to anywhere on the network of its own accord. While moving from one host to another, not only the agent's executable code is transferred, but also data that the agent has collected or constructed are transferred as well. Thus, the agent can preserve its state even when it is mobile. The execution framework necessary for a mobile agent is provided by a mobile agent system. This framework simply provides the basic agent related tasks and functions such as agent creation, activation, migration, communication, cloning and destruction. The competence and power of a mobile agent system depends on the flexibility of these functions. Even though using mobile agent technologies provides potential benefits to applications, an agent's ability to move introduces significant security risks. Mobile agents are under security threats during their life times. Since the code is mobile, it can be stolen or altered by a third party. The same danger is present for the messages agents send to each other and for the data that determines the agent's state. Furthermore, not only the agents but also hosts are also under many security risks in mobile agent systems. Several mobile agent systems have been proposed and developed up to now. They all have their software agent specific features. Although most of them have enough features for mobile agents to communicate with each other and migrate to remote hosts, agent security related tasks are not available in most of them. Some provide limited security for agents, but do not provide any features to protect hosts. Most of these mobile agent systems leave the security to agent programmer or to the traditional net work security solutions which may be very difficult and inefficient to implement or integrate. The mobile agent system is expected to include all necessary security mechanisms for both agents and computers hosting mobile agents. The scope of this paper is the design and implementation of a new, secure, flexible, highly available and fast mobile agent system (SECMAP). The architecture of the system is especially designed for security purposes, and requirements not only for agent security but also for host security are also provided. Besides ensuring security of both agents and hosts, SECMAP also presents a very flexible agent programming interface. Naturally, these features play an important role on the usability and popularity of the system. SECMAP also presents a policy based management framework to protect system-level resources and agents against unauthorized access, as well. The policy architecture allows for dynamic manipulation of policy content, which results in an adaptive and flexible framework that eliminates the reprogramming of the agents on changing conditions. Logging and monitoring of the basic agent activities are also possible. Availability is very important for the collaborating agents. For this reason, a mobile agent system should be up and running even only one host in the system is active. When necessary the system should be able to transfer the duties of a dead host to another one in the system. SECMAP includes very powerful algorithms to ensure the availability of the overall system. It accomplishes this by assigning special working modes to different agent servers in the system. Another important feature is that the system and agents can be managed and monitored from a browser in the network. All agents present in the system can be monitored from a single window. Any module of the system can also be managed by a browser from remote hosts. SECMAP is worth being used not only for the security features it presents for agents and hosts, but also for its flexibility and powerful agent programming interface. The system has a layered architecture and is open to be improved with more powerful features. Keywords: Agents, Mobile agent systems, Security in mobile agent systems

DynamiTE:A 21st-Century Framework for Concurrent Component-Based Design

The free ride for software developers is over. In the past, computer programs have increased in performance simply by running on new hardware with ever increasing clock speeds. Now, however, this line of development has reached its end and chip designers are producing new processors, not with faster clocks, but with more cores. To take advantage of the speed increases offered by these new products, applications need to be redesigned with parallel processing firmly in mind. The problem is that mainstream designs are still inherently sequential. Concurrency tends to be an afterthought that may be useful to gain a performance boost, not an essential part of the design process. The current vogue for object-oriented designs tends to also have the side-effect of making them heavily data-oriented which doesn't scale well; each shared element of data has to be protected from simultaneous access, resulting in operations becoming sequential again. In addition, the usual methods for protecting data tend to be very low-level and error-prone. In this thesis, we introduce a new design method whereby applications are constructed from small sequential tasks connected by intercommunication primitives. Our approach is based on a two-stage process; first, the individual tasks are created as independent entities and tested with appropriate inputs, then secondly, the communication infrastructure between them is developed. We provide support for the latter via the DynamiTE framework, which allows the interactions to be defined using the terms of a process calculus. Depending on the developer's background, they can treat this as just another API, as a design pattern or as an algebraic expression which can be property checked for issues such as deadlocks. Either way, the communication layer can be developed, tested and evaluated separately from the tasks once it is known how the tasks will interface with one another. To supplement DynamiTE, we define our own process calculus, Nomadic Time, using a carefully chosen novel selection of constructs. Among the features of the calculus are the ability to perform communication both locally (one-to-one) and globally (one-to-many), and the flexibility to change the location of tasks during execution. Security is paramount to the design of Nomadic Time and migratory operations can be limited in two ways; by simple enumeration of possibilities or by the optional typing of constructs to allow restriction on a task-by-task basis. While it can't eradicate all the problems inherent in designing concurrent applications, DynamiTE can make things easier by reducing the dependency on shared resources and enhancing the reusability of concurrent components

A framework for the protection of mobile agents against malicious hosts

The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performanceComputingD.Phil

Design and implementation of a secure wide-area object middleware

Tanenbaum, A.S. [Promotor]Crispo, C.B. [Copromotor