Security Modeling and Evaluation for Mobile Agents Anthony Chan and Michael Lyu The Chinese University of Hong Kong.

Slides:

Advertisements

Similar presentations

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

Advertisements

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

A Fast Data Protection Technique for Mobile Agents to Avoid Attacks in Malicious Hosts Jesús Arturo Pérez Díaz Darío Álvarez Gutiérrez Department of Informatics.

Denial of Service in Sensor Networks Szymon Olesiak.

Mobile Agents Integrity in E-commerce Applications Antonio Corradi, Rebecca Montanari {acorradi, University of Bologna - Italy.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

Software Certification and Attestation Rajat Moona Director General, C-DAC.

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler

LYU9905 Security in Mobile Agent E- Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor : LYU Rung Tsong Michael.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

LYU9905 Security in Mobile Agent E-Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor :LYU Rung Tsong Michael.

Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (

LYU9905 Security in Mobile Agent E-Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor :LYU Rung Tsong Michael Date :

The Mobile Code Paradigm and Its Security Issues Anthony Chan September 13, 1999.

1 Making Services Fault Tolerant Pat Chan, Michael R. Lyu Department of Computer Science and Engineering The Chinese University of Hong Kong Miroslaw Malek.

A Progressive Fault Tolerant Mechanism in Mobile Agent Systems Michael R. Lyu and Tsz Yeung Wong July 27, 2003 SCI Conference Computer Science Department.

Client-Server Computing in Mobile Environments

Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.

Towards Mobile Cryptography Authors: Tomas Sander Christian F. Tschudin Presented: Xiang Lin.

Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.

CH2 System models.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Active Monitoring in GRID environments using Mobile Agent technology Orazio Tomarchio Andrea Calvagna Dipartimento di Ingegneria Informatica e delle Telecomunicazioni.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

1999 Final Year Projects Prof. Michael R. Lyu. Lyu9901: TravelNet Design a Web-based travel manager to reserve airplane tickets and hotel. A distributed.

Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.

ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

MOBILE AGENTS What is a software agent ? Definition of an Agent (End-User point of view): An agent is a program that assists people and acts on their behalf.

Presented by Mohammed F. Mokbel Security and Privacy on the Internet { } Instructor: Dr. Aggarwal Fall /4/2007.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

ISADS'03 Message Logging and Recovery in Wireless CORBA Using Access Bridge Michael R. Lyu The Chinese Univ. of Hong Kong

A Distributive Server Alberto Pareja-Lecaros. Introduction Uses of distributive computing - High powered applications - Ever-expanding server so there’s.

Understanding Code Mobility A Fuggetta, G P Picco and G Vigna Presenter Samip Bararia.

Mobile Agent Migration Problem Yingyue Xu. Energy efficiency requirement of sensor networks Mobile agent computing paradigm Data fusion, distributed processing.

Architecture Models. Readings r Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 m Note: All figures from this book.

Wireless communications and mobile computing conference, p.p , July 2011.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

Computer Science Topical Paper Presentation #17 Terrance Wright Supervisor-Worker P a t t e r n S u p e r v i s o r - W o r k e r – P a g e 1.

Introduction to Active Network Technology Bernhard Plattner Computer Engineering and Networks Laboratory ETH Zurich, Switzerland.

Information protection Lecture 2. Cryptographic systems We have a source of information and one for keys. The last one sent using a very safe communication.

Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000.

© Chinese University, CSE Dept. Distributed Systems / Distributed Systems Topic 1: Characterization of Distributed & Mobile Systems Dr. Michael R.

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

Institute for Visualization and Perception Research 1 © Copyright 1999 Haim Levkowitz Java-based mobile agents.

Invitation to Computer Science 5 th Edition Chapter 8 Information Security.

McLean HIGHER COMPUTER NETWORKING Lesson 12 Network Security Requirements Description of computer and network security requirements (confidentiality,

Introduction Contain two or more CPU share common memory and peripherals. Provide greater system throughput. Multiple processor executing simultaneous.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Secure Execution of Computations in Untrusted Hosts S. H. K. Narayanan 1, M.T. Kandemir 1, R.R. Brooks 2 and I. Kolcu 3 1 Embedded Mobile Computing Center.

ECE Prof. John A. Copeland fax Office: GCATT Bldg.

Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

Port Knocking Benjamin DiYanni.

Quantum Cryptography Arjun Vinod S3 EC Roll No:17.

Anupam Das , Nikita Borisov

Quantum Cryptography Alok.T.J EC 11.

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.

Chapter 3 - Public-Key Cryptography & Authentication

The Hacking Suite For Governmental Interception

Presentation transcript:

Security Modeling and Evaluation for Mobile Agents Anthony Chan and Michael Lyu The Chinese University of Hong Kong

Classification of Mobile Code Ghezzi and Vigna’s classification of mobile code paradigms Know-how: the code to execute Resources: input/output for code execution Processor: abstract machine that holds the state of computation

Attack model of malicious hosts against mobile agents (Other agents) Environment Malicious Host Agent System call Read/manipulate properties; control execution Read/manipulate Model proposed by Fritz Hohl: Attacks scenarios that can be described: spy out and modify the whole data part of an agent spy out and modify the code part of an agent manipulate the code execution sequence of an agent manipulate the execution environment of an agent

Mobile agent application zAdvantages of developing the application using mobile agents over conventional client/server: yreduced network traffic for client: client (handheld PC) needs to handle only two network transmissions (agent sending and receiving) ynon-interactivity of client: client can be plugged to network, send agent, disconnect from network; then after a while reconnect at another physical location, and receive agent

Mobile Agent Security: A Closer Look zTwo facets of mobile agent security: yhost security xprotect hosts from malicious agents (code/data) xsimilar to remote evaluation and code on demand approaches yagent security xprotect agents from malicious hosts xa relatively new area in security research

Possible solutions zAn open research question zTwo cases: yclosed network: malicious hosts are identifiable xagent integrity checking xencrypted transmission xtime limiting techniques yopen network: malicious hosts are not identifiable

Open network zEncryption yneed to hide the code (algorithm) and data of agents so that any malicious hosts would not be able to tamper yone possible way would be “mobile cryptography” using probabilistic encryption zTime-limiting techniques ylimit the time for an agent to survive ysecurity modeling

Security Modeling Agent Host 1Host 2Host n … Assume: the time to breach the agent on host i is inversely exponential to the number of instructions carried out by host i the number of instructions carried out by a host is directly proportional to time

Security modeling Let an agent stays at host i for time T i, P(breach at host i) = 1 - exp(- i T i ), i is a constant Then the agent security, i.e., probability of no breach at all host, We may use this to measure the time we allow an agent to stay on a host, so that the agent is still safe up to a certain probability