Runtime Security Verification for Itinerary-Driven Mobile Agents

We present a new approach to ensure the secure execution of itinerary-driven mobile agents, in which the specification of the navigational behavior of an agent is separated from the specification of its computational behavior. We empower each host with an access control policy so that the host will deny the access from an agent whose itinerary does not conform to the host's access control policy. A host uses model checking algorithms to check if the itinerary of the agent conforms to its access control policy written in mu-calculus, and if so, grant access permission. In order to address the state explosion problem for model checking itineraries, we propose an approach called model generation code. In this approach, instead of verifying the itinerary itself, a host actually checks the conservative models of a mobile agent. If a conservative model does not satisfy the host's access control policy, the mobile agent will provide refined models for further verification. Our preliminary results show that this is a practical and promising approach to ensure the secure execution of mobile agents

[1]  Anand R. Tripathi,et al.  Design of the Ajanta system for mobile agent programming , 2002, J. Syst. Softw..

[2]  R. Sekar,et al.  Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications , 1999, USENIX Security Symposium.

[3]  Shiyong Lu,et al.  A formal framework for agent itinerary specification, security reasoning and logic analysis , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[4]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .

[5]  Chin-Laung Lei,et al.  Efficient Model Checking in Fragments of the Propositional Mu-Calculus (Extended Abstract) , 1986, LICS.

[6]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[7]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[8]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[9]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[10]  C. R. Ramakrishnan,et al.  Model-Carrying Code (MCC): a new paradigm for mobile-code security , 2001, NSPW '01.

[11]  Anoop Gupta,et al.  Using range analysis for software verification , 2006 .

[12]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[13]  Colin Stirling,et al.  Modal Logics and mu-Calculi: An Introduction , 2001, Handbook of Process Algebra.

[14]  Cheng-Zhong Xu,et al.  Naplet: a flexible mobile agent framework for network-centric applications , 2002, Proceedings 16th International Parallel and Distributed Processing Symposium.

[15]  Dexter Kozen,et al.  Results on the Propositional µ-Calculus , 1982, ICALP.

[16]  C. R. Ramakrishnan,et al.  Efficient Model Checking Using Tabled Resolution , 1997, CAV.