Top

Automated Software Engineering

Published in:

01-05-2024

A security framework for mobile agent systems

Authors: Donies Samet, Farah Barika Ktata, Khaled Ghedira

Published in: Automated Software Engineering | Issue 1/2024

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Security is a very important challenge in mobile agent systems due to the strong dependence of agents on the platform and vice versa. According to recent studies, most current mobile agent platforms suffer from significant limitations in terms of security when they face Denial of Service (DOS) attacks. Current security solutions even provided by the mobile agent platforms or by the literature focus essentially on individual attacks and are mainly based on static models that present a lack of the permissions definition and are not detailed enough to face collaborative DOS attacks executed by multiple agents or users. This paper presents a security framework that adds security defenses to mobile agent platforms. The proposed security framework implements a standard security model described using MA-UML (Mobile Agent-Unified Modeling Language) notations. The framework lets the administrator (of agents’ place) define a precise and fine-grained authorization policy to defend against DOS attacks. The authorization enforcement in the proposed framework is dynamic : the authorization decisions executed by the proposed framework are based upon run-time parameters like the amount of activity of an agent. We implement an experiment on a mobile agent system of e-marketplaces. Given that we focus essentially on the availability criterion, the performance of the proposed framework on a place is evaluated against DOS and DDOS attacks and investigated in terms of duration of execution that is the availability of the place.

previous article Mining crowd sourcing repositories for open innovation in software engineering

next article Can AI serve as a substitute for human subjects in software engineering research?

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

Alami-Kamouri, S., Moukafih, N., Orhanou, G., Elhajji, S.: Mobile agent security based on cryptographic trace and SOS agent mechanisms. J. Commun. 15(3), 221–230 (2020)CrossRef

Alfalayleh, M., Brankovic, L.: An overview of security issues and techniques in mobile agents. In: Communications and Multimedia Security, pp. 59–78. Springer (2005)

Alluhaybi, B., Alrahhal, M.S., Alzahrani, A., Thayananthan, V.: Dummy-based approach for protecting mobile agents against malicious destination machines. IEEE Access 8, 129320–129337 (2020)CrossRef

Alluhaybi, B., Alrahhal, M.S., Alzhrani, A., Thayananthan, V.: A survey: agent-based software technology under the eyes of cyber security, security controls, attacks and challenges. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 10(8) (2019)

Bagga, P., Hans, R., Sharma, V.: A biological immune system (bis) inspired mobile agent platform (map) security architecture. Expert Syst. Appl. 72, 269–282 (2017)CrossRef

Belghiat, A., Kerkouche, E., Chaoui, A., Beldjehem, M.: Mobile agent-based software systems modeling approaches: a comparative study. J. Comput. Inf. Technol. 24(2), 149–163 (2016)CrossRef

Bellifemine, F., Caire, G., Poggi, A., Rimassa, G.: Jade A software framework for developing multi-agent applications lessons learned. Inf. Softw. Technol. 50, 10–21 (2008)CrossRef

Berguig, Y., Laassiri, J., Hanaoui, S., Krit, S.d.: Mobile agent security based on mutual authentication and elliptic curve cryptography. Int J Innov Technol Explor Eng 8 (2019)

Beydoun, G., Low, G., Mouratidis, H., Henderson-Sellers, B.: A security-aware metamodel for multi-agent systems (mas). Inf. Softw. Technol. 51(5), 832–845 (2009)CrossRef

Beydoun, G., Low, G.C., Mouratidis, H., Henderson-Sellers, B.: Modelling mas-specific security features (2007)

Bhamra, G.S., Verma, A., Patel, R.: Intelligent software agent technology: an overview. Int. J. Comput. Appl. 89(2), 19–31 (2014)

Bürkle, A., Hertel, A., Müller, W., Wieser, M.: Evaluating the security of mobile agent platforms. Auton. Agent. Multi-Agent Syst. 18(2), 295–311 (2009)CrossRef

Cao, C., Lu, J.: Path-history-based access control for mobile agents. Int. J. Parallel, Emerg. Distrib. Syst. 21(3), 215–225 (2006)MathSciNetCrossRef

Farmer, W.M., Guttman, J.D., Swarup, V.: Security for mobile agents: Issues and requirements. In: Proceedings of the 19th national information systems security conference, vol. 2, pp. 591–597. Baltimore, Md. (1996)

Feng, Y., Hori, Y., Sakurai, K.: A behavior-based online engine for detecting distributed cyber-attacks. In: International Workshop on Information Security Applications, pp. 79–89. Springer (2016)

Group, O., et al.: " unified modeling language", object management group. http://www.uml.org (2001)

Hachicha, H., Loukil, A., Ghedira, K.: Ma-uml: a conceptual approach for mobile agents’ modelling. Int. J. Agent-Oriented Softw. Eng. 3(2/3), 277–305 (2009)CrossRef

Hachicha, H., Samet, D., Ghedira, K.: A conceptual approach to place security in systems of mobile agents. In: German Conference on Multiagent System Technologies, pp. 154–170. Springer (2015)

Hanaoui, S., Berguig, Y., Laassiri, J.: On the security communication and migration in mobile agent systems. In: International Conference on Advanced Intelligent Systems for Sustainable Development, pp. 302–313. Springer (2018)

JADEBoard: Jade security guide (2005). https://jade.tilab.com/doc/tutorials/JADE_Security.pdf

Jansen, W., Karygiannis, T.: Nist special publication 800-19–mobile agent security, national institute of standards and technology. http://csrc.ncsl.nist.gov/mobilesecurity/Publications/sp800-19.pdf (2000)

Kori, G.S., Kakkasageri, M.S.: Agent driven resource scheduling in wireless sensor networks: fuzzy approach. Int. J. Inf. Technol. 14(1), 345–358 (2022)

Linna, F., Jun, L.: A free-roaming mobile agent security protocol against colluded truncation attack. In: 2010 2nd International Conference on Education Technology and Computer, vol. 5, pp. V5–261. IEEE (2010)

Loulou, M., Jmaiel, M., Kacem, A.H., Mosbah, M.: A conceptual model for secure mobile agent systems. In: 2006 International conference on computational intelligence and security, vol. 1, pp. 524–527. IEEE (2006)

Ma, L., Tsai, J.J.: Formal modeling and analysis of a secure mobile-agent system. IEEE Trans. Syst., Man, Cybern.-Part A: Syst. Humans 38(1), 180–196 (2007)

Marikkannu, P., Jovin, A.: A secure mobile agent system against tailgating attacks. J. Comput. Sci. 7(4), 488 (2011)CrossRef

Marikkannu, P., Murugesan, R., Purusothaman, T.: Afdb security protocol against colluded truncation attack in free roaming mobile agent environment. In: 2011 International conference on recent trends in information technology (ICRTIT), pp. 240–244. IEEE (2011)

Mishra, P.K., Singh, R., Yadav, V.: Incorporating novel hierarchical secure model for performance and reliability evaluation in mobile agent system. Int. J. Commun. Netw. Distrib. Syst. 22(3), 294–312 (2019)

Mohamed, A.T.: Generate sub-agent mechanism to protect mobile agent privacy. In: 2012 IEEE symposium on computers & informatics (ISCI), pp. 86–91. IEEE (2012)

Montanari, R., Stefanelli, C., Dulay, N.: Flexible security policies for mobile agent systems. Microprocess. Microsyst. 25(2), 93–99 (2001)CrossRef

Mouratidis, H., Giorgini, P., Manson, G.: Modelling secure multiagent systems. In: Proceedings of the second international joint conference on Autonomous agents and multiagent systems, pp. 859–866. ACM (2003)

Nasr, M.M.: A proposed paradigm for tracing the effect of security threats in various mobile agent systems. In: 2015 5th national symposium on information technology: towards new smart world (NSITNSW), pp. 1–8. IEEE (2015)

van’t Noordende, G.J., Brazier, F.M., Tanenbaum, A.S.: Security in a mobile agent system. In: IEEE First symposium on multi-agent security and survivability, 2004, pp. 35–45. IEEE (2004)

Ordille, J.J.: When agents roam, who can you trust? In: Proceedings of COM’96. first annual conference on emerging technologies and applications in communications, pp. 188–191. IEEE (1996)

Rekik, M., Kallel, S., Loulou, M., Kacem, A.H.: Modeling secure mobile agent systems. In: KES International Symposium on Agent and Multi-Agent Systems: Technologies and Applications, pp. 330–339. Springer (2012)

Samet, D., Ktata, F.B., Ghedira, K.: Security and trust on mobile agent platforms: A survey. In: Jezic, G., Kusek, M., Chen-Burger, Y.H.J., Howlett, R.J., Jain, L.C. (eds.) Agent and multi-agent systems: technology and applications, pp. 42–52. Springer International Publishing, Cham (2017)

Samet, D., Ktata, F.B., Ghedira, K.: Securing mobile agents, stationary agents and places in mobile agents systems. In: KES International symposium on agent and multi-agent systems: technologies and applications, pp. 97–109. Springer (2018)

Samet, D., Ktata, F.B., Ghedira, K.: A comparative study of trust and reputation models in mobile agent systems. In: Agents and multi-agent systems: technologies and applications 2020, pp. 71–82. Springer (2020)

Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)CrossRef

Saxena, A., Soh, B.: Authenticating mobile agent platforms using signature chaining without trusted third parties. In: 2005 IEEE international conference on e-technology, e-commerce and e-service, pp. 282–285. IEEE (2005)

Schäfer, G.: Sabotageangriffe auf kommunikationsinfrastrukturen: Angriffstechniken und abwehrmaßnahmen. Praxis der Informationsverarbeitung und Kommunikation 28(3), 130–139 (2005)CrossRef

Srivastava, S., Nandi, G.: Protection of mobile agent and its itinerary from malicious host. In: 2011 2nd International conference on computer and communication Technology (ICCCT-2011), pp. 405–411. IEEE (2011)

Srivastava, S., Nandi, G.: Fragmentation based encryption approach for self protected mobile agent. J. King Saud Univer.-Comput. Inform. Sci. 26(1), 131–142 (2014)

Tsiligiridis, T.A.: Security for mobile agents: privileges and state appraisal mechanism. Neural Parallel Scient. Comput. 12(2), 153–162 (2004)

Venkatesan, S., Baskaran, R., Chellappan, C., Vaish, A., Dhavachelvan, P.: Artificial immune system based mobile agent platform protection. Comput. Stand. Interf. 35(4), 365–373 (2013)CrossRef

Venkatesan, S., Chellappan, C.: Protection of mobile agent platform through attack identification scanner (ais) by malicious identification police (mip). In: 2008 First international conference on emerging trends in engineering and technology, pp. 1228–1231. IEEE (2008)

Venkatesan, S., Chellappan, C., Vengattaraman, T., Dhavachelvan, P., Vaish, A.: Advanced mobile agent security models for code integrity and malicious availability check. J. Netw. Comput. Appl. 33(6), 661–671 (2010)CrossRef

Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: ACM SIGOPS Operating Systems Review, vol. 27, pp. 203–216. ACM (1994)

Xiao, L., Peet, A., Lewis, P., Dashmapatra, S., Saez, C., Croitoru, M., Vicente, J., Gonzalez-Velez, H., i Ariet, M.L.: An adaptive security model for multi-agent systems and application to a clinical trials environment. In: 31st Annual international computer software and applications conference (COMPSAC 2007), vol. 2, pp. 261–268. IEEE (2007)

Yousefi, S., Karimipour, H., Derakhshan, F.: Data aggregation mechanisms on the internet of things: a systematic literature review. Intern. Things 15, 100427 (2021)CrossRef

Zrari, C., Hachicha, H., Ghedira, K.: Agent’s security during communication in mobile agents system. Procedia Comput. Sci. 60, 17–26 (2015)CrossRef

lnowski, A.P.Z.: JADE-PKI 1.0 Manual (2012). https://jade.tilab.com/doc/tutorials/PKI_Guide.pdf

Title: A security framework for mobile agent systems
Authors: Donies Samet
Farah Barika Ktata
Khaled Ghedira
Publication date: 01-05-2024
Publisher: Springer US
Published in: Automated Software Engineering / Issue 1/2024
Print ISSN: 0928-8910
Electronic ISSN: 1573-7535
DOI: https://doi.org/10.1007/s10515-023-00408-7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2024

PTSSBench: a performance evaluation platform in support of automated parameter tuning of software systems

DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring

Enhancing embedded systems development with TS

Coevolutionary scheduling of dynamic software project considering the new skill learning

Test-suite-guided discovery of least privilege for cloud infrastructure as code

Large language models for qualitative research in software engineering: exploring opportunities and challenges

Premium Partner