Mobile Agent Security Using Reference Monitor Based Security Framework

In distributed systems and in open systems such as the Internet, often mobile code has to run on unknown and potentially hostile hosts. Mobile code, such as a mobile agent is vulnerable when executing on remote hosts. The mobile agent may be subjected to various attacks such as tampering, inspection, and replay attack by a malicious host. Much research has been done to provide solutions for various security problems, such as authentication of mobile agent and hosts, integrity and confidentiality of the data carried by the mobile agent. Many of such proposed solutions in literature are not suitable for open systems whereby the mobile code arrives and executes on a host which is not known and trusted by the mobile agent owner. In this paper, we propose the adoption of the reference monitor by hosts in an open system for providing trust and security for mobile code execution. A secure protocol for the distribution of the reference monitor entity is described as well as a novel approach to assess the authenticity and integrity of the reference monitor running on the destination agent platform before any mobile agent migrates to that destination. This reference monitor entity on the remote host may provide several security services such as authentication, integrity and confidentiality of the agent's code and/or data. KeywordsSecurity; Mobile agents; Reference monitor, Trust

[1]  T. T. K. Patil,et al.  Distributed Intrusion Detection System using mobile agent in LAN Environment , 2013 .

[2]  Sergio Loureiro Mobile code protection with Smartcards , 2000 .

[3]  Vijay Varadharajan,et al.  Trust Enhanced Security - A New Philosophy for Secure Collaboration of Mobile Agents , 2006, 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[4]  Richard R. Brooks,et al.  Mobile code paradigms and security issues , 2004, IEEE Internet Computing.

[5]  Danny B. Lange,et al.  Seven good reasons for mobile agents , 1999, CACM.

[6]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[7]  Rohit Kumar Verma,et al.  Significance of Mobile Agent in Wireless Sensor Network , 2013 .

[8]  Cynthia E. Irvine The Reference Monitor Concept as a Unifying Principle in Computer Security Education , 1999 .

[9]  Jose L. Muñoz,et al.  A protocol for detecting malicious hosts based on limiting the execution time of mobile agents , 2003, Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003.

[10]  Wayne Jansen,et al.  NIST Special Publication 800-19 – Mobile Agent Security , 2000 .

[11]  Levente Buttyán,et al.  On the Problem of Trust in Mobile Agent Systems , 1998, NDSS.

[12]  Christian Damsgaard Jensen,et al.  The Importance of Trust in Computer Security , 2014, IFIPTM.

[13]  Vijay Varadharajan,et al.  MobileTrust: a trust enhanced security architecture for mobile agent systems , 2010, International Journal of Information Security.

[14]  Vimal Upadhyay,et al.  A Security Approach for Mobile Agent Based Crawler , 2012 .

[15]  W. W. Godfrey,et al.  On a Mobile Agent Framework for an Internet of Things , 2013, 2013 International Conference on Communication Systems and Network Technologies.

[16]  Steven B. Lipner,et al.  Trusted Computer System Evaluation Criteria ( Orange Book ) December , 2001 .

[17]  Jim Alves-Foss,et al.  The use of encrypted functions for mobile agent security , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[18]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[19]  Qiang Tong,et al.  A Security Technology for Mobile Agent System Improved by Trusted Computing Platform , 2009, 2009 Ninth International Conference on Hybrid Intelligent Systems.

[20]  Ayman El-Sayed,et al.  Mobile Agent Based New Framework for Improving Big Data Analysis , 2013, 2013 International Conference on Cloud Computing and Big Data.

[21]  Vijay Varadharajan,et al.  Security and trust enhanced mobile agent based system design , 2005, Third International Conference on Information Technology and Applications (ICITA'05).

[22]  Masayuki Higashino,et al.  Management of Streaming Multimedia Content Using Mobile Agent Technology on Pure P2P-based Distributed E-learning System , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[23]  Christian F. Tschudin,et al.  Towards mobile cryptography , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[24]  Sandhya Armoogum,et al.  Obfuscation Techniques for Mobile Agent code confidentiality , 2011 .