Security for Mobile Agents : Issues and Challenges

Mobile Agent (MA) technology raises significant security concerns and requires a thorough security framework with a wide range of strategies and mechanisms for the protection of both agent platform and mobile agents against possibly malicious reciprocal behavior. The security infrastructure should have the ability to flexibly and dynamically offer different solutions to achieve different qualities of security service depending on application requirements. The chapter presents the security threats that typically arise in MA applications and describes the proposed currently available countermeasures to protect both nodes and mobile agents. In addition, the chapter surveys the state-of-the-art research activities about integrated security supports in MA systems and identifies open research issues and on-going research work. 1 Security: a Missing Link for Mobile Agents Acceptance The convergence of the Internet with wireless communications have raised new challenges in the support of user and terminal mobility, in facing heterogeneity, and in adapting to the dynamic changes in the network infrastructure [1]. The new scenario seems a suitable application area for computing paradigms that exploit the notion of code mobility, defined as the capability to dynamically change the binding between software components and their location of execution [2]. As mobile networks gain widespread acceptance and ubiquitous environments start to emerge, the ability to change the locations where applications can execute becomes an increasingly important requirement. For example, we can think to heterogeneous and resource-limited portable devices that can benefit from the possibility to download on-demand device-specific software components and discard them when no longer needed.

[1]  R. Chadha,et al.  Guest editorial - policy-based networking , 2002, IEEE Netw..

[2]  Paolo Bellavista,et al.  Java for On-line Distributed Monitoring of Heterogeneous Systems and Services , 2002, Comput. J..

[3]  N. Asokan,et al.  Protecting the computation results of free-roaming agents , 2005, Personal Technologies.

[4]  Wayne Jansen,et al.  A Privilege Management Scheme for Mobile Agent Systems , 2002, Adaptive Agents and Multi-Agent Systems.

[5]  William E. Johnston,et al.  Anchor Toolkit - a secure mobile agent system , 1999 .

[6]  David Wong,et al.  Concordia: An Infrastructure for Collaborating Mobile Agents , 1997, Mobile Agents.

[7]  Rolf Oppliger Security issues related to mobile code and agent-based systems , 1999, Comput. Commun..

[8]  Jon Howell,et al.  A Formal Semantics for SPKI , 2000, ESORICS.

[9]  Jeffrey M. Bradshaw,et al.  Path-Based Security for Mobile Agents , 2002, SEMAS.

[10]  Giovanni Vigna,et al.  Cryptographic Traces for Mobile Agents , 1998, Mobile Agents and Security.

[11]  Gene Tsudik,et al.  Itinerant Agents for Mobile Computing , 1995, IEEE Communications Surveys & Tutorials.

[12]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[13]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[14]  Joan Borrell,et al.  Implementation of Secure Architectures for Mobile Agents in MARISM-A , 2002, MATA.

[15]  Jeffrey M. Bradshaw,et al.  Agents for the masses , 1999, IEEE Intell. Syst..

[16]  Paolo Bellavista,et al.  Mobile Agent Middlewares for Context-Aware Applications , 2004, Mobile Computing Handbook.

[17]  Mario Baldi,et al.  Evaluating the tradeoffs of mobile code design paradigms in network management applications , 1998, Proceedings of the 20th International Conference on Software Engineering.

[18]  R.H. Glitho,et al.  Applicability of Mobile Agents to Telecommunications , 2002, IEEE Network.

[19]  Israel Ben-Shaul,et al.  Dynamic configuration of access control for mobile components in FarGo , 2001, Concurr. Comput. Pract. Exp..

[20]  Levente Buttyán,et al.  Introducing Trusted Third Parties to the Mobile Agent Paradigm , 2001, Secure Internet Programming.

[21]  George Cybenko,et al.  D'Agents: Security in a Multiple-Language, Mobile-Agent System , 1998, Mobile Agents and Security.

[22]  John Linn,et al.  Attribute certification: an enabling technology for delegation and role-based controls in distributed environments , 1999, RBAC '99.

[23]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[24]  Emil C. Lupu,et al.  Ponder: realising enterprise viewpoint concepts , 2000, Proceedings Fourth International Enterprise Distributed Objects Computing Conference. EDOC2000.

[25]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[26]  John Zachary Protecting Mobile Code in the Wild , 2003, IEEE Internet Comput..

[27]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .

[28]  Anand R. Tripathi,et al.  Mobile agent programming in Ajanta , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems (Cat. No.99CB37003).

[29]  Paolo Bellavista,et al.  COSMOS: A Context-Centric Access Control Middleware for Mobile Environments , 2003, MATA.

[30]  Wayne A. Jansen,et al.  Countermeasures for mobile agent security , 2000, Comput. Commun..

[31]  Ahmed Karmouch,et al.  Mobile software agents: an overview , 1998, IEEE Commun. Mag..

[32]  N. Negroponte Agents: from direct manipulation to delegation , 1997 .

[33]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[34]  Gian Pietro Picco,et al.  Understanding code mobility , 1998, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[35]  Warwick Ford,et al.  Secure electronic commerce , 1997 .

[36]  Jeffrey M. Bradshaw,et al.  NOMADS: toward a strong and safe mobile agent system , 2000, AGENTS '00.

[37]  William M. Farmer,et al.  Security for Mobile Agents: Authentication and State Appraisal , 1996, ESORICS.

[38]  Li Gong,et al.  Java security: present and near future , 1997, IEEE Micro.

[39]  Antonio Corradi,et al.  Mobile Agents Integrity for Electronic Commerce Applications , 1999, Inf. Syst..

[40]  Bennet S. Yee A Sanctuary for Mobile Agents , 2001, Secure Internet Programming.

[41]  Bruce Schneier,et al.  Environmental Key Generation Towards Clueless Agents , 1998, Mobile Agents and Security.

[42]  W. A. Jansen,et al.  MOBILE AGENTS AND SECURITY , 1999 .

[43]  Fred B. Schneider,et al.  Towards Fault-Tolerant and Secure Agentry , 1997, WDAG.

[44]  Andrew S. Patrick,et al.  Building Trustworthy Software Agents , 2002, IEEE Internet Comput..

[45]  Cesare Stefanelli,et al.  Flexible security policies for mobile agent systems , 2001, Microprocess. Microsystems.

[46]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[47]  Jeffrey M. Bradshaw,et al.  Taking Back Cyberspace , 2003, Computer.

[48]  Vijay Varadharajan,et al.  Authorization in enterprise-wide distributed system: a practical design and application , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[49]  Niranjan Suri,et al.  State Capture and Resource Control for Java: The Design and Implementation of the Aroma Virtual Machine , 2001, Java Virtual Machine Research and Technology Symposium.

[50]  R. S. Ramakrishna,et al.  A design of a protocol for detecting an agent clone in mobile agent systems and its correctness proof , 1999, PODC '99.

[51]  Jeffrey M. Bradshaw,et al.  Terraforming Cyberspace , 2001, Computer.