Presentation is loading. Please wait.

Presentation is loading. Please wait.

MagicNET: Security System for Protection of Mobile Agents.

Published byArnold Scott Modified over 8 years ago

Similar presentations

Presentation on theme: "MagicNET: Security System for Protection of Mobile Agents."— Presentation transcript:

1 MagicNET: Security System for Protection of Mobile Agents

2 Presentation Overview 1. Mobile Agents 2. NIST 3. Background 4. Research Problem 5. Solution 6. Conclusion

3 Mobile Agents Mobile agents are self-contained software modules with additional credentials and accumulated data. They roam in a network, moving autonomously from one server to another, performing their designated tasks, and finally, returning eventually to their control station.

4 Security Threats- NIST-1998 There are four kind of threats, as per NIST. –Agent to Platform –Agent to Agent –Platform to Agent –Other to Agent Platform This paper covers ‘Platform to Agent’ Threat. Threats, covered are:

5 Security Threats- NIST-1998 cont… - Unauthorized Access: An unauthorized Mobile Agent Platform shouldn’t be able to access either data or code of an Agent. - Eavesdropping: An unauthorized Mobile Agent Platform shouldn’t be able eavesdrop on sensitive data carried by a Mobile Agent. - Alteration: An unauthorized Mobile Agent Platform shouldn’t be able to alter sensitive data, carried by a Mobile Agent.

6 Traditional Solution Previously, for code Security, code obfuscation and code scrambling techniques were used. For data baggage security, data was encrypted with Agent Owner’s public key.

7 Research Problem.. There is no comprehensive solution that provides security to Mobile Agent’s Code from an untrusted Agent Platform, and provides secrurity from an Unauthorized Mobile Agent Platfrom to the sensitive data carried by a Mobile Agent, in a flexible way.

8 Solution ?? Provides Mobile Agent Code Security using PKCS7 Providing a flexible mechanism to secure Mobile Agents’ data baggage in such a way that multiple authorized platform in the route can view the desired data, but none of the unauthorized can.

9 Standards Used.. XACML(eXtensible Access Control Markup Language): A standard way to handle access control policy definition strategies and security Configurations. SAML ( Security Assertion Markup Language): Based on security assertions transferred, it provides a standardized way to exchange authentication and authorization data.

10 MagicNET System Components MagicNET stands for Mobile Agents Intelligent Community Network, has developed at secLab at DSV Department at KTH. MagicNET provide complete infrastructural and functional component for secure mobile agent research and development. It provide support to build secure & trusted mobile agents, provide agents repository (agents’ store), Mobile Agents Servers (for their runtime execution), Mobile Agent Control Station, Infrastructural servers.

11 Mobile Agent Code Security Mobile Agent code security is achieved using PKCS7 standard. Once an Agent Owner wishes to launch a Mobile Agent in a network, it uses PKCS7 signandEnvelope mechanism : it first signs the Agent and then Envelopes it with Recepient Node’s public keys.

12 Data Baggage Security For the data baggage security, this paper uses KDS (Key Distribution Server), XACML and SAML standards. If a Mobile Agent Platform wishes to secure its data contribution, then it sends a Key generation request to KDS. KDS authenticates the Platform from PDP(Policy Decision Point) and returns a new encryption key, which is then used by the Agent Platform to encrypt its data.

13 Data Baggage Security cont… For the Agent Platform, which wishes to view data of Mobile Agent contributed by a previous Agent Platform in route, then the flow will be somewhat like this : The Agent Platform will send a data decryption key request to KDS, KDS will send an Authorization request to PDP and PDP will check in the policy file, if the Agent Platform has the access or not. Upon positive authorization assertion, KDS sends the desired decryption keys to the Agent Platform and it decrypts the Data.

14 Conclusion and Future work In this paper we have described a comprehensive solution for mobile agents and protection of their baggage. Our solution is based on a protective approach, in which integrity of the mobile agents’ code is preserved along with confidentiality during execution. Our approach also supports confidentiality of mobile agents’ data from unauthorized reading and/or access by agent platforms. Finally, it also supports exchange of confidential mobile agents processing data (baggage) among agent platforms.

15 Questions ???

Download ppt "MagicNET: Security System for Protection of Mobile Agents."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Mobile Agents Mouse House Creative Technologies Mike OBrien.

Mobile Agents Mouse House Creative Technologies Mike OBrien.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Shouting from the Rooftops: Improving Email Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Core Web Service Security Patterns

Core Web Service Security Patterns
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © 2009. Chapter 1, pp 19-28. For educational use only.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Similar presentations

Ads by Google