An Architecture for Authorization and Delegation in Distributed Object-Oriented Agent Systems

Public key infrastructures and authentication protocols, in the sense they are currently known, have been publicly studied since 1978 [23]. In this work I demonstrate how I, together with the research group I have had the privilege to direct, have further developed these concepts in the Object-Oriented field. In our research, we have implemented a public key based system that allows distributed agents to securely co-operate in an insecure network. In this thesis, I focus on the following four interrelated aspects. First, I define a concrete secure software architecture for distributed software agents. Second, I describe our implementation of an Object-Oriented protocol framework for cryptographic protocols. Third, I show how an authorization based Public Key Infrastructure can be used to manage the security of Java based, Object-Oriented software Agents. And finally, I describe how this infrastructure can be extended to support distributed, secure agent execution and permission delegation. In the work as a whole, my goal has been an open, extensible security architecture that allows distributed software agents to co-operate securely. In this context, security1 mainly means two things. First, the agents must be able to trust in the underlying computing machinery, and also trust in each other. Second, the agents must be able to delegate rights among themselves, and to create secure connections between any two communicating agents. The distributed secure software architecture can be considered a high level framework where the protocol framework and the Public Key Infrastructure (PKI) plug in. It defines the security related subsystems for typical Object-Oriented execution environments, focusing on distribution and thereby cryptographic means of implementing security. The Object-Oriented protocol framework provides a supportive base, on top of which various cryptographic protocols can be built. In this sense, cryptographic protocols include both session encryption protocols used to protect actual data traffic between communicating parties and key management and authentication protocols, used to create secure channels used for the actual data transfer. The Public Key Infrastructure (PKI) is needed to provide sufficient trust relationships and an initial security context to the communicating parties so that the authentication and key management protocols can be operated. In this work, my sole focus has been on an authorization based (as opposed to identity based) PKI. In practical terms, this means that the secure channels created within such an authorization framework automatically get strong relationship semantics, providing the communicating parties explicit information about the level and form of trust mediated. Finally, the architecture with its protocol and PKI components makes it possible to create Object-Oriented software agents, distribute them into the network, and let them collaborate in a secure way. In our system, agents are represented as collections (JAR packages) of Java classes. The agent code may be loaded into a trusted Java Virtual Machine, where it is run. The running agents are able to create and evaluate trust relationships between each other, allowing dynamic delegation and creation of secure communication channels. 1 Security per se is, naturally, a much larger concept. However, for the purposes of this study, I have concentrated on these two aspects of security in defining the presented security architecture.

[1]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[2]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[3]  Ralph Johnson,et al.  A framework for network protocol software , 1995, OOPSLA.

[4]  Tuomas Aura,et al.  On the structure of delegation networks , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[5]  B. Clifford Neuman,et al.  Proxy-based authorization and accounting for distributed systems , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[6]  P. V. McMahon SESAME V2 public key and authorisation extensions to Kerberos , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[7]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[8]  THE ROAD TO NETWORK SECURITY OR THE VALUE OF SMALL COBBLESTONES , 1994 .

[9]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[10]  Charles R. Landau Security in a secure capability-based system , 1989, OPSR.

[11]  Douglas C. Schmidt,et al.  Using design patterns to develop reusable object-oriented communication software , 1995, CACM.

[12]  Tuomas Aura,et al.  Comparison of Graph-search Algorithms for Authorization Veriication in Delegation Networks , 1997 .

[13]  Kenneth P. Birman,et al.  The ISIS project: real experience with a fault tolerant programming system , 1990, EW 4.

[14]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[15]  Pekka Nikander,et al.  Storing and Retrieving Internet Certificates , 1998 .

[16]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[17]  David W. Chadwick,et al.  Merging and extending the PGP and PEM trust models-the ICE-TEL trust model , 1997, IEEE Netw..

[18]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.

[19]  David Garlan,et al.  A formal basis for architectural connection , 1997, TSEM.

[20]  Bertrand Meyer The Next Software Breakthrough , 1997, Computer.

[21]  Chris Mitchell,et al.  Security defects in CCITT recommendation X.509: the directory authentication framework , 1990, CCRV.

[22]  Levente Buttyán,et al.  On the Problem of Trust in Mobile Agent Systems , 1998, NDSS.

[23]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[24]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[25]  Morrie Gasser,et al.  The Digital Distributed System Security Architecture , 1989 .

[26]  Li Gong,et al.  Implementing Protection Domains in the JavaTM Development Kit 1.2 , 1998, NDSS.

[27]  Pekka Nikander,et al.  Certifying Trust , 1998, Public Key Cryptography.

[28]  Colin Boyd,et al.  Development of authentication protocols: some misconceptions and a new approach , 1994, Proceedings The Computer Security Foundations Workshop VII.

[29]  R. E. Johnson,et al.  The Conduit: A Communication Abstraction in C++ , 1990, C++ Conference.

[30]  Jeannette M. Wing,et al.  Specification matching of software components , 1995, TSEM.

[31]  Ross J. Anderson,et al.  Robustness Principles for Public Key Protocols , 1995, CRYPTO.

[32]  Larry L. Peterson,et al.  The x-Kernel: An Architecture for Implementing Network Protocols , 1991, IEEE Trans. Software Eng..

[33]  Carl M. Ellison Cybercash Establishing Identity Without Certification Authorities , 1996 .

[34]  P. Nikander,et al.  Adding SPKI Certificates to JDK 1.2 , 1998 .

[35]  J. Doug Tygar,et al.  A Model for Secure Protocols and Their Compositions , 1996, IEEE Trans. Software Eng..

[36]  Rachid Guerraoui,et al.  Using the Strategy Design Pattern to Compose Reliable Distributed Protocols , 1997, COOTS.

[37]  Pekka Nikander,et al.  A Java Beans Component Architecture for Cryptographic Protocols , 1998, USENIX Security Symposium.

[38]  Gustavus J. Simmons,et al.  Cryptanalysis and protocol failures , 1994, CACM.

[39]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[40]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[41]  Ross J. Anderson,et al.  Programming Satan's Computer , 1995, Computer Science Today.

[42]  Pekka Nikander,et al.  Distributed Policy Management for JDK 1.2 , 1999, NDSS.

[43]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[44]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[45]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[46]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[47]  Doug Lea,et al.  Practical delegation for secure distributed object environments , 1998, Distributed Syst. Eng..

[48]  Ralph E. Johnson,et al.  Patterns Generate Architectures , 1994, ECOOP.