Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park.

Slides:



Advertisements
Similar presentations
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Advertisements

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.
Chapter 19: Network Management Business Data Communications, 5e.
KAIS T The Vision of Autonomic Computing Jeffrey O. Kephart, David M Chess IBM Watson research Center IEEE Computer, Jan 발표자 : 이승학.
Software Quality Assurance Plan
Risk Aware Decision Framework for Trusted Mobile Interactions September 2005 Daniele Quercia and Stephen Hailes CS department University College London.
8.2 Discretionary Access Control Models Weiling Li.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Security Controls – What Works
Information Security Policies and Standards
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
Stephen S. Yau CSE , Fall Security Strategies.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Engineering Security Requirement
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
Management of Source Code Integrity Presented by O/o the Accountant General (A&E), Jammu and Kashmir.
Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.
Using Windows Firewall and Windows Defender
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
1 System Models. 2 Outline Introduction Architectural models Fundamental models Guideline.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
A Survivability Validation Framework for OASIS Program Technologies.
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
DSN 2002 June page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.
1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
CEN5011, Fall CEN5011 Software Engineering Dr. Yi Deng ECS359, (305)
MAFTIA Expression of Interest for DEFINE and DESIRE presented by Robert Stroud, University of Newcastle upon Tyne.
23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.
Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.
Initiatives for FP6 A few thoughts on flip chart about: Open Infrastructures Paulo E. Veríssimo LaSIGe-FCUL, Univ. Lisboa
Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli.
Intrusion Tolerant Architectures
Software Engineering (CSI 321)
Security Engineering.
Frequently asked questions about software engineering
The Vision of Autonomic Computing
Web Information Systems Engineering (WISE)
WS Standards – WS-* Specifications
Security in SDR & cognitive radio
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park LTC Paul Walczak U.S. Army Research Lab (301) DSN 290

Outline Our definitions... Why ARL is pursuing agent technology INFOSURV perspective Agent system survivability/security Insight for resolving security concerns Agent-based security/survivability

Mobile code is a program that traverses a network during its lifetime and executes at the destination machine(s). IMPACT: software agent is a program that can : –specify what services it provides –specify required input from customers – specify service customers and use terms/conditions – specify the when and how it uses services from other agents – understand specifications provided by other agents A mobile software agent is a program that can specify its services, service inputs and conditions, accepted customers, and can negotiate services provided by other agents, while executing on target hosts across a network.

Global Perspective / Impetus As processes become increasingly distributed, yet interdependent, mobile code will play an increasingly important role in coordinating and controlling events that lead to desired outcomes.

Warfare Systems Control of disparate systems and devices Data manipulation Composed Trustworthiness –Security (policy, IDR, prevent agents)* –Reliability –Performance

Survivability [An overarching requirement: /|\ a collection of / | \ emergent properties] / | \ Security Reliability Performance [Major subrequirements ] /|\ /|\ /|\ / | \ / | \ / | \ [Subtended Inte- Conf- Avail FT Fail RT NRT Avail requirements: grity id'ity * |\ modes /\ /|\ * FT=fault tolerance /| |\ |\ | \ /| \/ /|\ RT=real-time / | | \ | \ | \ / | Prior- / | \ NRT=non-real-time] / # | \ | \ # ities / MLI No MLS Dis- MLA \ No / [More detailed / change | cret- | \ change / requirements] / /| | ion- | \ / / / | | ary | * Unified * / / | | | | availability X Sys Data X X requirements /| |\ [X = Shared components of MLX!!] / | | \ [* = Reconvergence of availability] / | | \ [# = Reconvergence of data integrity] Hierarchy of Survivability Requirements

Survivability Relationships Implicit in Mobile Software Systems Survivability of the Host Protection for hosts from foreign code Protection of hosts from malicious agents Survivability of the Agent Protection of agents from malicious hosts Protection against malicious agentization Protection of agents from other agents Agent privacy Survivability of the Network Agent termination Protection of a group of hosts from malicious agents Agent based countermeasures to security risks

Violated Security Assumptions Identity Assumption Identifiable and generally trusted sources “do no harm” - use with the intent of accomplishing authorized results one security domain corresponding to each user administrative boundaries program runs entirely on one machine *CHESS *Chess, David M., "Security in Mobile Code Systems" in G. Vigna (Ed.) Mobile Agents and Security Vigna, Giovanni (Editor) Springer, 1998.

Challenges for Mobile Code Security Determining originator of incoming code deciding trustworthiness of code’s originator deciding how much to trust originator if it foreign protecting systems x-scale against malicious programs preventing uncontrolled replication of mobile code objects protecting mobile programs themselves Authentication in mobile code systems *CHESS *Chess, David M., "Security in Mobile Code Systems" in G. Vigna (Ed.) Mobile Agents and Security Vigna, Giovanni (Editor) Springer, 1998.

Meeting Security Challenges for Mobile Code Systems controls to prevent unanticipated effects repeated re-authentication, validation revocation or cache deletion as needed *Neumann *Neumann, Peter G., "Practical Architectures for Survivable Systems and Networks," Army Research Lab Contract DAKF11-97-C0200, 1999.

Requisite Agent System Security Services Authentication of agents Network security services to ensure agent communications Agent Privacy *IMPACT *Data-Security in Heterogeneous Agent Systems, VS et al, 14 Feb 1998

Current Agent-based Approaches for IA Vulnerability Assessment (ARL) Intrusion Detection (many) Active, Intelligent Networks (NSA, DARPA, Telcordia...)

Conclusion composable architectures configuration management middleware practical education DC Agent SIG

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.