MagicNET: Security System for Protection of Mobile Agents.

Slides:

Advertisements

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Advertisements

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Mobile Agents Mouse House Creative Technologies Mike OBrien.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

NRL Security Architecture: A Web Services-Based Solution

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Core Web Service Security Patterns

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

Cloud Usability Framework

Web services security I

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

MagicNET: Security Architecture for Discovery and Adoption of Mobile Agents Presented By Mr. Muhammad Awais Shibli.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

HPCC 2015, August , New York, USA Wei Chang c Joint work with Qin Liu a, Guojun Wang b, and Jie Wu c a. Hunan University, P. R. China b. Central.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

MagicNET: Security Architecture for Creation, Classification, and Validation of Trusted Mobile Agents Presented By Mr. Muhammad Awais Shibli.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

8/30/2010CS 686 Definition of Security/Privacy EJ Jung CS 686 Special Topics in CS Privacy and Security.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.

Lecture 24 Wireless Network Security

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Web Services Security Patterns Alex Mackman CM Group Ltd

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Chapter 40 Network Security (Access Control, Encryption, Firewalls)

Institute for Visualization and Perception Research 1 © Copyright 1999 Haim Levkowitz Java-based mobile agents.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

Adding Distributed Trust Management to Shibboleth Srinivasan Iyer Sai Chaitanya.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

MagicNET: XACML Authorization Policies for Mobile Agents Mr. Awais Shibli.

A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano.

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University

Presented by: Saurav Kumar Bengani

Adding Distributed Trust Management to Shibboleth

Chapter 29: Program Security

Presentation transcript:

MagicNET: Security System for Protection of Mobile Agents

Presentation Overview 1. Mobile Agents 2. NIST 3. Background 4. Research Problem 5. Solution 6. Conclusion

Mobile Agents Mobile agents are self-contained software modules with additional credentials and accumulated data. They roam in a network, moving autonomously from one server to another, performing their designated tasks, and finally, returning eventually to their control station.

Security Threats- NIST-1998 There are four kind of threats, as per NIST. –Agent to Platform –Agent to Agent –Platform to Agent –Other to Agent Platform This paper covers ‘Platform to Agent’ Threat. Threats, covered are:

Security Threats- NIST-1998 cont… - Unauthorized Access: An unauthorized Mobile Agent Platform shouldn’t be able to access either data or code of an Agent. - Eavesdropping: An unauthorized Mobile Agent Platform shouldn’t be able eavesdrop on sensitive data carried by a Mobile Agent. - Alteration: An unauthorized Mobile Agent Platform shouldn’t be able to alter sensitive data, carried by a Mobile Agent.

Traditional Solution Previously, for code Security, code obfuscation and code scrambling techniques were used. For data baggage security, data was encrypted with Agent Owner’s public key.

Research Problem.. There is no comprehensive solution that provides security to Mobile Agent’s Code from an untrusted Agent Platform, and provides secrurity from an Unauthorized Mobile Agent Platfrom to the sensitive data carried by a Mobile Agent, in a flexible way.

Solution ?? Provides Mobile Agent Code Security using PKCS7 Providing a flexible mechanism to secure Mobile Agents’ data baggage in such a way that multiple authorized platform in the route can view the desired data, but none of the unauthorized can.

Standards Used.. XACML(eXtensible Access Control Markup Language): A standard way to handle access control policy definition strategies and security Configurations. SAML ( Security Assertion Markup Language): Based on security assertions transferred, it provides a standardized way to exchange authentication and authorization data.

MagicNET System Components MagicNET stands for Mobile Agents Intelligent Community Network, has developed at secLab at DSV Department at KTH. MagicNET provide complete infrastructural and functional component for secure mobile agent research and development. It provide support to build secure & trusted mobile agents, provide agents repository (agents’ store), Mobile Agents Servers (for their runtime execution), Mobile Agent Control Station, Infrastructural servers.

Mobile Agent Code Security Mobile Agent code security is achieved using PKCS7 standard. Once an Agent Owner wishes to launch a Mobile Agent in a network, it uses PKCS7 signandEnvelope mechanism : it first signs the Agent and then Envelopes it with Recepient Node’s public keys.

Data Baggage Security For the data baggage security, this paper uses KDS (Key Distribution Server), XACML and SAML standards. If a Mobile Agent Platform wishes to secure its data contribution, then it sends a Key generation request to KDS. KDS authenticates the Platform from PDP(Policy Decision Point) and returns a new encryption key, which is then used by the Agent Platform to encrypt its data.

Data Baggage Security cont… For the Agent Platform, which wishes to view data of Mobile Agent contributed by a previous Agent Platform in route, then the flow will be somewhat like this : The Agent Platform will send a data decryption key request to KDS, KDS will send an Authorization request to PDP and PDP will check in the policy file, if the Agent Platform has the access or not. Upon positive authorization assertion, KDS sends the desired decryption keys to the Agent Platform and it decrypts the Data.

Conclusion and Future work In this paper we have described a comprehensive solution for mobile agents and protection of their baggage. Our solution is based on a protective approach, in which integrity of the mobile agents’ code is preserved along with confidentiality during execution. Our approach also supports confidentiality of mobile agents’ data from unauthorized reading and/or access by agent platforms. Finally, it also supports exchange of confidential mobile agents processing data (baggage) among agent platforms.

Questions ???