07Sp_SECB408_01&51_P7 - Mobile Agent Security Based...

Info icon This preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Mobile Agent Security Based on NIST Special Publication 800-19 – Mobile Agent Security
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Overview Provide an overview of the range of threats facing the designers of agent platforms and the developers of agent based applications. Identify generic security objectives, and a range of measures for countering the identified threats and fulfilling these security objectives.
Image of page 2
Security Threats Threats to security generally fall into three main classes: disclosure of information Denial of service corruption of information We use the components of an agent system to categorize the threats as a way to identify the possible source and target of an attack. Many of the threats that are discussed have counterparts in conventional client-server systems. Mobile agents simply offer a greater opportunity for abuse and misuse, broadening the scale of threats significantly.
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Agent Model 1. Agent: comprised of the code and state information needed to carry out some computation. Mobility allows an agent to move, or hop, among agent platforms. 1. Agent platform: provides the computational environment in which an agent operates.
Image of page 4
Threat Categories 1. Agent attacking an agent platform 2. Agent platform attacking an agent 3. Agent attacking another agent on the agent platform 4. Other entities attacking the agent system.
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Agent-to-platform Agents exploit security weaknesses of an agent platform or launch attacks against an agent platform. This set of threats include: Masquerading Denial of service Unauthorized access
Image of page 6
Agent-to-platform Masquerading When an unauthorized agent claims the identity of another agent it is said to be masquerading. The masquerading agent may pose as an authorized agent in an effort to gain access to services and resources to which it is not entitled. The masquerading agent may also pose as another unauthorized agent in an effort to shift the blame for any actions for which it does not want to be held accountable. A masquerading agent may damage the trust the legitimate agent has established in an agent community and its associated reputation.
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Agent-to-platform DOS Mobile agents can launch denial of service attacks by consuming an excessive amount of the agent platform's computing resources. These denial of service attacks can be launched intentionally by running attack scripts to exploit system vulnerabilities, or unintentionally through programming errors. Practices proposed to help reduce these risks include: Program testing Configuration management Design reviews Independent testing Other software engineering practices
Image of page 8
Agent-to-platform DOS The mobile computing paradigm, however, requires an agent platform to accept and execute an agent whose code may have been developed outside its organization and has not been subject to any a priori review.
Image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern