07Sp_SECB408_01&51_P7 - Mobile Agent Security Based on...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Mobile Agent Security Based on NIST Special Publication 800-19 – Mobile Agent Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Overview Provide an overview of the range of threats facing the designers of agent platforms and the developers of agent based applications. Identify generic security objectives, and a range of measures for countering the identified threats and fulfilling these security objectives.
Background image of page 2
Security Threats Threats to security generally fall into three main classes: disclosure of information Denial of service corruption of information We use the components of an agent system to categorize the threats as a way to identify the possible source and target of an attack. Many of the threats that are discussed have counterparts in conventional client-server systems. Mobile agents simply offer a greater opportunity for abuse and misuse, broadening the scale of threats significantly.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Agent Model 1. Agent: comprised of the code and state information needed to carry out some computation. Mobility allows an agent to move, or hop, among agent platforms. 1. Agent platform: provides the computational environment in which an agent operates.
Background image of page 4
Threat Categories 1. Agent attacking an agent platform 2. Agent platform attacking an agent 3. Agent attacking another agent on the agent platform 4. Other entities attacking the agent system.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Agent-to-platform Agents exploit security weaknesses of an agent platform or launch attacks against an agent platform. This set of threats include: Masquerading Denial of service Unauthorized access
Background image of page 6
Agent-to-platform Masquerading When an unauthorized agent claims the identity of another agent it is said to be masquerading. The masquerading agent may pose as an authorized agent in an effort to gain access to services and resources to which it is not entitled. The masquerading agent may also pose as another unauthorized agent in an effort to shift the blame for any actions for which it does not want to be held accountable. A masquerading agent may damage the trust the legitimate agent has established in an agent community and its associated reputation.
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Agent-to-platform DOS Mobile agents can launch denial of service attacks by consuming an excessive amount of the agent platform's computing resources. These denial of service attacks can be launched intentionally by running attack scripts to exploit system vulnerabilities, or unintentionally through programming errors. Practices proposed to help reduce these risks include: Program testing Configuration management Design reviews Independent testing Other software engineering practices
Background image of page 8
Agent-to-platform DOS The mobile computing paradigm, however, requires an agent platform to accept and execute an agent whose code may have been developed outside its organization and has not been subject to any a priori review. A rogue agent may carry malicious code that is designed to
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/26/2010 for the course SECB 408 taught by Professor Wassimelhaj during the Spring '07 term at United Arab Emirates University.

Page1 / 28

07Sp_SECB408_01&51_P7 - Mobile Agent Security Based on...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online