MobileTrust: a trust enhanced security architecture for mobile agent systems

While offering many practical benefits for distributed applications, mobile agent systems pose some fundamental security challenges. In this paper, we present a new approach to mobile agent security which helps to address some of these challenges. We present a new technique, which we refer to as trust enhanced security, and apply it to mobile agent-based systems; this new technique advocates a shift in security solutions from security-centric to trust-centric. This extends the traditional security mechanisms by enabling trust decisions through explicit specification and management of security-related trust relationships. The integration of the trust decisions into security decision-making process leads to our trust enhanced security performance. A formal trust model is proposed and is incorporated into the development of a novel trust management architecture—MobileTrust for mobile agent-based applications. We have conducted detailed practical investigations to evaluate and validate the emergent properties of the trust enhanced security technique. We present and discuss the key results in this paper.

[1]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[2]  Wayne A. Jansen,et al.  Mobile Agent Security , 1999 .

[3]  Jon Ølnes,et al.  Mobile Agent Security - Issues and Directions , 1999, IS&N.

[4]  Wayne A. Jansen,et al.  Countermeasures for mobile agent security , 2000, Comput. Commun..

[5]  H. J. Arnold Introduction to the Practice of Statistics , 1990 .

[6]  Rolf Haenni,et al.  A Trust Evaluation Method Based on Logic and Probability Theory , 2008, IFIPTM.

[7]  Vladimiro Sassone,et al.  A Bayesian Model for Event-based Trust , 2022 .

[8]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[9]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[10]  Audun Jøsang,et al.  A Logic for Uncertain Probabilities , 2001, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[11]  Thomas Beth,et al.  Trust-Based Navigation in Distribution Systems , 1994, Comput. Syst..

[12]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[13]  S Hailes,et al.  Using Recommendations for Managing Trust in Distributed Systems , 1997 .

[14]  Paul Resnick,et al.  Reputation Systems: Facilitating Trust in Internet Interactions , 2000 .

[15]  Anand R. Tripathi,et al.  Security in the Ajanta mobile agent system , 2001, Softw. Pract. Exp..

[16]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[17]  Bruce Christianson,et al.  Why Isn't Trust Transitive? , 1996, Security Protocols Workshop.

[18]  W. A. Jansen,et al.  MOBILE AGENTS AND SECURITY , 1999 .

[19]  Lars Rasmusson,et al.  Simulated social control for secure Internet commerce , 1996, NSPW '96.

[20]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[21]  Luc Moreau,et al.  Trust Relationships in a Mobile Agent System , 2001, Mobile Agents.

[22]  Robert S. Gray,et al.  Agent Tcl: a Exible and Secure Mobile-agent System , 1996 .

[23]  Vijay Varadharajan,et al.  Modelling and Evaluating Trust Relationships in Mobile Agents Based Systems , 2003, ACNS.

[24]  Vijay Varadharajan Security enhanced mobile agents , 2000, CCS.

[25]  Audun Jøsang,et al.  A Subjective Metric of Authentication , 1998, ESORICS.

[26]  Vijay Varadharajan,et al.  Trust Enhanced Security - A New Philosophy for Secure Collaboration of Mobile Agents , 2006, 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[27]  Levente Buttyán,et al.  On the Problem of Trust in Mobile Agent Systems , 1998, NDSS.

[28]  R. V. Mises,et al.  Mathematical Theory of Probability and Statistics , 1966 .

[29]  Paul Resnick,et al.  Reputation systems , 2000, CACM.

[30]  Morris Sloman,et al.  Specifying and Analysing Trust for Internet Applications , 2002, I3E.

[31]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[32]  Yuh-Jong Hu Some thoughts on agent trust and delegation , 2001, AGENTS '01.

[33]  Danny B. Lange,et al.  Seven good reasons for mobile agents , 1999, CACM.

[34]  Munindar P. Singh,et al.  A Social Mechanism of Reputation Management in Electronic Communities , 2000, CIA.

[35]  Vijay Varadharajan,et al.  Trust enhanced security for mobile agents , 2005, Seventh IEEE International Conference on E-Commerce Technology (CEC'05).

[36]  A. Abdul-Rahman,et al.  Relying on trust to find reliable information , 1999 .

[37]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .

[38]  Francis H. Raven Automatic Control Engineering , 1961 .

[39]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[40]  Sverker Jansson,et al.  Simulated Social Control for Secure Internet Commerce ( position paper ) , 1996 .

[41]  Munindar P. Singh,et al.  Distributed Reputation Management for Electronic Commerce , 2002, Comput. Intell..

[42]  David Lindley,et al.  Introduction to the Practice of Statistics , 1990, The Mathematical Gazette.

[43]  J. C. Byington,et al.  Mobile agents and security , 1998, IEEE Commun. Mag..

[44]  Vijay Varadharajan,et al.  Maximizing Utility of Mobile Agent Based E-Commerce Applications with Trust Enhanced Security , 2005, TrustBus.

[45]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[46]  Vijay Varadharajan,et al.  A Hybrid Trust Model for Enhancing Security in Distributed Systems , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).