Building Secure Systems using Mobile Agents

The progress in the field of computer networks and Internet is increasing with tremendous volume in recent years. This raises important issue with regards to security. Several solutions emerged in the past which provide security at host or network level. These traditional solutions like antivirus, firewall, spy-ware, and authentication mechanisms provide security to some extends, but they still face the challenge of inherent system flaws, OS bugs and social engineering attacks. Recently, some interesting solution emerged like Intrusion Detection and Prevention systems, but these too have some problems, like detecting and responding in real time, because they mostly require inputs from system administrator. Optimistically, we have succeeded in protecting the hosts to some extent by applying the reactive approach, such as antivirus, firewall and intrusion detection and response systems, But, if we critically analyze this approach, we will reach the conclusion that it has inherent flaws, since the number of penetrations, Internet crime cases, identity and financial data thefts, etc. are rising exponentially in recent years. The main reason is that we are using only reactive approach, i.e. protection system is activated only when some security breach occurs. Secondly, current techniques try to fix the overall huge problem of security using only small remedies (firewall, antivirus and intrusion detection and preventions system) – “point solutions”. Therefore, there is a need to develop a strategy using Mobile Agents in order to operate in reactive and proactive manners, what requires providing security on the principle of defense in depth. So, that ultimate goal of securing a system as a whole can be achieved. System is assumed to be secure if unauthorized access (penetrations) is not possible and system is safe against damages. This strategy will include three aspects: (a) autonomously detect vulnerabilities on different hosts (in a distributed network) before an attacker can exploit (b) protect hosts by detecting attempts of intrusions and responding to them in real time; and finally (c) perform tasks related to security management

EACF: extensible access control framework for cloud environments

The dynamic authorization and continuous monitoring of resource usage in cloud environments is a challenge. Moreover, the extant access control techniques are not well-suited for all types of the cloud-hosted applications predominantly for two reasons. Firstly, these techniques lack in providing features such as generality, extensibility, and flexibility. Secondly, they are static in nature, such that once the user is authorized, they do not evaluate the access request during and after the resource usage. Every application hosted in the cloud has its own requirement of evaluating access request; some applications require request evaluation before assigning resources, while some require continuous monitoring of resource usage along with a dynamic update of attribute values. To address these diverse requirements, we present an Extensible Access Control Framework (EACF) for cloud-based applications, which provides high-level extensibility by incorporating different access control models about the needs of the Cloud service consumers (organizations). A number of access control models are combined in the EACF, which provides reliable authorization service for managing and controlling access to the software as a service-hosted cloud applications.It also helps cloud consumers to provide authorized access to resources (data), as well as contributes to eliminate the need to write customized security code for individual applications. As a case study, three access control models are incorporated into the framework and tested on SaaS-hosted application DSpace to ascertain that the proposed features are functional and working fine