Download presentation
Presentation is loading. Please wait.
Published byMelvyn Merritt Modified over 9 years ago
1
1 Security and Agent Based Computing Environment Presented by: Feng Zhang, Markus Kaiser, Hien Nguyen, and Shu Wang
2
2 Outline Motivation. Objectives. System architecture. Implementation. Empirical results. Related work. Conclusion and Future work.
3
3 Motivation Addressing the security threats in agent computing paradigm is a challenging problem. Our ongoing work of multi-agent distributed goal satisfaction project (MADGS) currently is not employing any security mechanism: Unauthorized access: Unauthorized access: No control over the agent communication, migration, resource allocation Denial of services: No control over who can create agents and use resources Disclosure of information: No protection over the communication among agents.
4
4 Objectives Address security issues in MADGS by two models: Use role-based security approach through JINI. Implement role-based security inside MADGS. Empirically evaluate these two models based on their performances, integrity, and scalability.
5
5 Objectives (cont.) Allow any MADGS agents to access JINI resources such as university database. Research: Literature search of agent security, replication.
6
6 Overview of the current MADGS system Carolina server AgentManager ResourceManager PlanHandler agent Prodigy AgentTool Agent Environment Tool for creation & deployment agents Planning tool
7
7 Architecture of combining JINI Security Service with MADGS JINI Lookup Role-Based Privileges Security Registration Authorization List UniversityDB JINI Security Client MADGSJiniClient AgentManagerResourceAgent PlanHandlerAgent Carolina Server Prodigy AgentTool SecurityHandler
8
8 Architecture of combining JINI Security Service with MADGS
9
9 Architecture of building a security component in MADGS AgentManager ResourceAgent PlanHandlerAgent Carolina Agent Server Prodigy AgentTool SecurityHandler MADGS Security Client SecurityManager
10
10 Architecture of building a security component in MADGS
11
11 Implementation of using JINI Security Service JINI Security Service MADGSJiniClient JINI Security Client Integration between MADGSJiniClient and SecurityHandler
12
12 Implementation of using JINI Security Service +checkPrivileges() +createRole() +deleteRole() +createClient() +deleteClient() +Grant(Revoke)_UR_Client() +Grant(Revoke)_UR_Resource() …….. JINI Security Service Role Management +createRole() +deleteRole() Client Management +createClient() +deleteClient() AuthRoleToClient +Grant_UR_Client() +Revoke_UR_Client() ResourceManagement +appendResource() +deleteResource() GrantRevokeRSM +Grant_UR_Resource() +Revoke_UR_Resource()
13
13 Implementation of MADGSJiniClient MADGSJiniClient Capability:long +accessJiniResource( role,resc,inObj,outObj ) +checkResourceRequest() +createResource() +deleteResource() +findResource() -locateLookup() +discovered() +discarded() JINI Security Service +checkPrivileges() +createRole() +deleteRole() +createClient() +deleteClient() +appendResource() +deleteResource() +Grant_UR_Client() +Grant_UR_Resource() +Revoke_UR_Client() +Revoke_UR_Resource() 0..* 1
14
14 Implementation of JINI Security Client Builds a more organized, easy to use graphical user interface compared to the existing one Includes: Role management, client management, resource management panels Client and resource authorization panels
15
15 Implementation of JINI Security Client Role management panel
16
16 Implementation of JINI Security Client
17
17 Integration between MADGSJiniClient and SecurityHandler in MADGS Add some translation code in MADGSJiniClient to retrieve information from JINI SS. Each Carolina server is considered as a client of JINI environment. JINI Security Service must keep each server’s information in the client table ahead of time.
18
18 Implementation of a security component in MADGS MADGS Security Manager SecurityHandler MADGS Security Client Making changes in Agent Manager and Message Manager
19
19 Implementation of MADGS Security Manager Role +roleId +roleDescription Resource +resourceId +serviceId Agent +agentId +agentName Privilege +resourceId +serviceId +methodId +privilegeId … Security Manager +getResourceList(..) +getServiceList(..) +createRole(..) +deleteRole(..) +getRoleById(..) +grantPrivilege(..) +revokePrivilege(..) +getRolePrivilege(..) +getAgentList(…) +grantRoleToAgent(..) +revokeRoleFromAgent(…) ……. *1*1 *1*1 *1*1 *1*1
20
20 Implementation of SecurityHandler in MADGS Is a common interface for SecurityManager, AgentManager, MessageManager and MADGSJiniClient Contains a set of public methods of SecurityManager Each method in SecurityHandler will direct the call to the corresponding method in SecurityManager and MADGSJiniClient.
21
21 Implementation of MADGS Security Client Usability criteria Easy to use, comprehensible, well-organized, iterative design. Includes Role services Authorization services Agent services Option to switch to use JINI Security Service or no security.
22
22 Implementation of MADGS Security Client
23
23 Implementation of MADGS Security Client Grant privileges to a role in MADGS Security Client
24
24 Using MADGS Security Manager to control agent migration in MADGS
25
25 Access JINI resources from any MADGS agents Chooses university database as the JINI resource in this implementation. Builds a tool to access this resource (JINI University Database tool). Creates a MADGS agent to use this tool to access the university database from MADGS.
26
26 Implementation JINI University Database tool
27
27 Allow MADGS agents to use JINI UDB Each Carolina server is considered as a client in JINI environment. Each Carolina client will be granted a set of roles which is the union of all of the roles assigned to all agents operating on it. Information of agents’ roles are kept in the agent directory and maintained by Security Manager in MADGS.
28
28 A MADGS agent access JINI university database resource
29
29 Objectives of empirical evaluation To make sure the security enforcement is working properly. To explore the effects of security on the main functions of MADGS such as agent communication or migration. To look at the performance issues of using JINI Security Service
30
30 Empirical evaluation setting Carolina server was installed on four machines (Lisa, Markus, Hien and Greg). JINI Lookup Service and JINI Security service was install on Lisa machine “Stress” agent was created on every machine to monitor the communication process among agents. Measurement of communication time between Sender agent with (without GUI) sends messages to Echo agent with(without GUI). Communication time = receiving time – sending time Using asynchronous communication
31
31 Deployment diagram of empirical evaluation
32
32 Stress agent
33
33 Empirical evaluation results
34
34 Empirical evaluation results
35
35 Empirical evaluation results
36
36 Empirical evaluation results
37
37 Empirical evaluation results
38
38 Related work Research done in agent security Mobile agent system built with security Replication methods.
39
39 Related work in agent security Protecting agent platforms Security threats: masquerading, denial of service and unauthorized service. Approaches: software-based fault isolation, safe code interpretation, signed code, proof carrying code, state appraisal, path history, role-based access. Protecting agents Security threats: spy agent’s communication, invoke agent’s public methods without permissions. Malicious platforms can intercept, update agent’s states Approaches: environmental key generation, computing with encrypted function, record mutual itinerary with and without replication, tracing execution, role-based access
40
40 Existing mobile agents system with security Telescript: protecting agent platforms only by issuing a permit for each agent. Concordia protecting agent platforms: using statistically specified access control lists based on user identities. protecting agents: using encryption control Ajanta: protecting agent platforms: based on concept of proxy interposition protecting agents: by encryption.
41
41 Overview on replication approaches Active replication client sends its request to all replicas and takes the first incoming result Passive replication client sends its request to only one main server. This replica will execute the operation and copy the results to other existing replicas. Semi active replication, semi passive replication combine of active and passive replication
42
42Summary Incorporated the security using role-based approach into a multiagent distributed goal satisfaction system. Experienced with using JINI Security Service and implements an separated security component in MADGS. Did empirical evaluation to see how the security affects the operation of a mobile agent system, which method (JINI or not JINI) is appropriate with MADGS. Opened many interesting research issues from the implementation and evaluation of the project.
43
43 Future work Look at negative privileges as well as positive privileges Look at combination of an encryption technique with role information to protect role information from being spied and changed. Replication of security database: high level: using JINI low level: using local database on Carolina server
44
44 Future work Provide a tool for a security officer to analyze the role hierarchy. Allow any JINI client to access some resource in MADGS. Test with an working scenario in the context of distributed planning.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.