Mobile agent security with the IPEditor development tool and the mobile UNITY language

Many people consider that security is one of the biggest problems for practical use of mobile agents that move around the network and do their tasks. In this paper, we assert that this issue can be effectively managed by using IPEditor, the development support tool of mobile multi-agent applications that we have been released, and Mobile UNITY, a formal specification language of mobile agent applications. IPEditor helps developers to design applications with visual supports of agent behaviors. In our method, we translate an IPEditor model to a Mobile UNITY program that is the formal specification of the agent behaviors. In addition, we describe the security requirements by the Mobile UNITY logic notation. Thus we can verify the security requirements by proving that the mobile UNITY program, therefore the IPEditor model, satisfies the mobile UNITY logic notation. We present an example of an electronic catalog (e-catalog) application and illustrate the effectiveness of our proposal.

[1]  Jean-Jacques Lévy,et al.  A Calculus of Mobile Agents , 1996, CONCUR.

[2]  Akihiko Ohsuga,et al.  Behavior patterns for mobile agent systems from the development process viewpoint , 2001, Proceedings 5th International Symposium on Autonomous Decentralized Systems.

[3]  Akihiko Ohsuga,et al.  Secure and efficient mobile agent application reuse using patterns , 2001, SSR '01.

[4]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[5]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[6]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[7]  Gruia-Catalin Roman,et al.  Reasoning about code mobility with mobile UNITY , 2001, TSEM.

[8]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[9]  Vipin Swarup,et al.  Authentication for Mobile Agents , 1998, Mobile Agents and Security.

[10]  M. Calisti,et al.  FOUNDATION FOR INTELLIGENT PHYSICAL AGENTS , 2000 .

[11]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[12]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[13]  Giovanni Vigna,et al.  Cryptographic Traces for Mobile Agents , 1998, Mobile Agents and Security.

[14]  Jan Vitek,et al.  Seal: A Framework for Secure Mobile Computations , 1998, ICCL Workshop: Internet Programming Languages.

[15]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[16]  John K. Ousterhout,et al.  The Safe-Tcl Security Model , 1998, USENIX Annual Technical Conference.

[17]  Francisco Durán,et al.  Principles of Mobile Maude , 2000, ASA/MA.

[18]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[19]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[20]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[21]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[22]  Akihiko Ohsuga,et al.  Agent system development method based on agent patterns , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[23]  Gruia-Catalin Roman,et al.  Expressing code mobility in mobile UNITY , 1997, ESEC '97/FSE-5.