Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

1998 | Buch

Security Issues in Mobile Code Systems Kapitel lesen Erstes Kapitel lesen

Mobile Agents and Security

herausgegeben von: Giovanni Vigna

Verlag: Springer Berlin Heidelberg

Buchreihe : Lecture Notes in Computer Science

Enthalten in: Professional Book Archive

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

New paradigms can popularize old technologies. A new \standalone" paradigm, the electronic desktop, popularized the personal computer. A new \connected" paradigm, the web browser, popularized the Internet. Another new paradigm, the mobile agent, may further popularize the Internet by giving people greater access to it with less eort. MobileAgentParadigm The mobile agent paradigm integrates a network of computers in a novel way designed to simplify the development of network applications. To an application developer the computers appear to form an electronic world of places occupied by agents. Each agent or place in the electronic world has the authority of an individual or an organization in the physical world. The authority can be established, for example, cryptographically. A mobile agent can travel from one place to another subject to the des- nation place’s approval. The source and destination places can be in the same computer or in di erent computers. In either case,the agentinitiates the trip by executing a \go" instruction which takes as an argument the name or address of the destination place. The next instruction in the agent’s program is executed in the destination place, rather than in the source place. Thus, in a sense, the mobile agent paradigm reduces networking to a program instruction. A mobile agent can interact programmatically with the places it visits and, if the other agents approve, with the other agents it encounters in those places.

Inhaltsverzeichnis

Frontmatter

Foundations

Security Issues in Mobile Code Systems
Abstract
In mobile code systems, programs or processes travel from host to host in order to accomplish their goals. Such systems violate some of the assumptions that underlie most existing computer security implementations. In order to make these new systems secure, we will have to deal with a number of issues that previous systems have been able to ignore or sidestep. This paper surveys the assumptions that mobile code systems violate (including the identification of programs with persons, and other assumptions that follow from that), the new security issues that arise, and some of the ways that these issues will be addressed.
David M. Chess
Environmental Key Generation Towards Clueless Agents
Abstract
In this paper, we introduce a collection of cryptographic key constructions built from environmental data that are resistant to adversarial analysis and deceit. We expound upon their properties and discuss some possible applications; the primary envisioned use of these constructions is in the creation of mobile agents whose analysis does not reveal their exact purpose.
James Riordan, Bruce Schneier
Language Issues in Mobile Program Security
Abstract
Many programming languages have been developed and implemented for mobile code environments. They are typically quite expressive. But while security is an important aspect of any mobile code technology, it is often treated after the fundamental design is complete, in ad hoc ways. In the end, it is unclear what security guarantees can be made for the system. We argue that mobile programming languages should be designed around certain security properties that hold for all well-formed programs. This requires a better understanding of the relationship between programming language design and security. Appropriate security properties must be identified. Some of these properties and related issues are explored.
Dennis Volpano, Geoffrey Smith
Protecting Mobile Agents Against Malicious Hosts
Abstract
A key element of any mobile code based distributed system are the security mechanisms available to protect (a) the host against potentially hostile actions of a code fragment under execution and (b) the mobile code against tampering attempts by the executing host. Many techniques for the first problem (a) have been developed. The second problem (b) seems to be much harder: It is the general belief that computation privacy for mobile code cannot be provided without tamper resistant hardware. Furthermore it is doubted that an agent can keep a secret (e.g., a secret key to generate digital signatures). There is an error in reasoning in the arguments supporting these beliefs which we are going to point out.
In this paper we describe software-only approaches for providing computation privacy for mobile code in the important case that the mobile code fragment computes an algebraic circuit (a polynomial). We further describe an approach how a mobile agent can digitally sign his output securely.
Tomas Sander, Christian F. Tschudin

Security Mechanisms

Safe, Untrusted Agents Using Proof-Carrying Code
Abstract
Proof-Carrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program code provided by another system is safe to install and execute without requiring interpretation or run-time checking. PCC has applications in any computing system in which the safe, efficient, and dynamic installation of code is needed. The key idea is to attach to the code an easily-checkable proof that its execution does not violate the safety policy of the receiving system. This paper describes the design and a typical implementation of Proof-Carrying Code, where the language used for specifying the safety properties is first-order predicate logic. Examples of safety properties described in this paper are memory safety and compliance with data access policies, resource usage bounds, and data abstraction boundaries.
George C. Necula, Peter Lee
Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts
Abstract
In this paper, an approach to partially solve one of the most difficult aspects of security of mobile agents systems is presented, the problem of malicious hosts. This problem consists in the possibility of attacks against a mobile agent by the party that maintains an agent system node, a host. The idea to solve this problem is to create a blackbox out of an original agent. A blackbox is an agent that performs the same work as the original agent, but is of a different structure. This difference allows to assume a certain agent protection time interval, during which it is impossible for an attacker to discover relevant data or to manipulate the execution of the agent. After that time interval the agent and some associated data get invalid and the agent cannot migrate or interact anymore, which prevents the exploitation of attacks after the protection interval.
Fritz Hohl
Authentication for Mobile Agents
Abstract
In mobile agent systems, program code together with some process state can autonomously migrate to new hosts. Despite its many practical benefits, mobile agent technology results in significant new security threats from malicious agents and hosts. In this paper, we propose a security architecture to achieve three goals: certification that a server has the authority to execute an agent on behalf of its sender; flexible selection of privileges, so that an agent arriving at a server may be given the privileges necessary to carry out the task for which it has come to the server; and state appraisal, to ensure that an agent has not become malicious as a consequence of alterations to its state. The architecture models the trust relations between the principals of mobile agent systems and includes authentication and authorization mechanisms.
Shimshon Berkovits, Joshua D. Guttman, Vipin Swarup
Cryptographic Traces for Mobile Agents
Abstract
Mobile code systems are technologies that allow applications to move their code, and possibly the corresponding state, among the nodes of a wide-area network. Code mobility is a flexible and powerful mechanism that can be exploited to build distributed applications in an Internet scale. At the same time, the ability to move code to and from remote hosts introduces serious security issues. These issues include authentication of the parties involved and protection of the hosts from malicious code. However, the most difficult task is to protect mobile code against attacks coming from hosts. This paper presents a mechanism based on execution tracing and cryptography that allows one to detect attacks against code, state, and execution flow of mobile software components.
Giovanni Vigna

Mobile Code Systems

D’Agents: Security in a Multiple-Language, Mobile-Agent System
Abstract
Mobile-agent systems must address three security issues: protecting an individual machine, protecting a group of machines, and protecting an agent. In this chapter, we discuss these three issues in the context of D’Agents, a mobile-agent system whose agents can be written in Tcl, Java and Scheme. (D’Agents was formerly known as Agent Tcl.) First we discuss mechanisms existing in D’Agents for protecting an individual machine: (1) cryptographic authentication of the agent’s owner, (2) resource managers that make policy decisions based on the owner’s identity, and (3) secure execution environments for each language that enforce the decisions of the resource managers. Then we discuss our planned market-based approach for protecting machine groups. Finally we consider several (partial) solutions for protecting an agent from a malicious machine.
Robert S. Gray, David Kotz, George Cybenko, Daniela Rus
A Security Model for Aglets
Abstract
Aglets are Java-based mobile agents developed at IBM’s Tokyo Research Laboratory. This article describes a security model for the aglets development environment that supports flexible architectural definition of security policies.
Günter Karjoth, Danny B. Lange, Mitsuru Oshima
Signing, Sealing, and Guarding Java™ Objects
Abstract
Many secure applications are emerging using the Java™ language and running on the Java platform. In dealing with Java security issues, especially when building secure mobile agents on the Java plat-form, we inevitably depend on the underlying object orientation, such as data encapsulation and type safety.
In this paper, we describe three new constructs for signing, sealing (encrypting), and guarding Java objects. These constructs enrich the existing Java security APIs so that a wide range of security-aware applications can be significantly easier to build.
Li Gong, Roland Schemers

Active Content and Security

The Safe-Tcl Security Model
Abstract
Safe-Tcl is a mechanism for controlling the execution of programs written in the Tcl scripting language. It allows untrusted scripts (applets) to be executed while preventing damage to the environment or leakage of private information. Safe-Tcl uses a padded cell approach: each applet is isolated in a safe interpreter where it cannot interact directly with the rest of the application. The execution environment of the safe interpreter is controlled by trusted scripts running in a master interpreter. Safe-Tcl provides an alias mechanism that allows applets to request services from the master interpreter in a controlled fashion. Safe-Tcl allows a variety of security policies to be implemented within a single application, and it supports both policies that authenticate incoming scripts and those that do not.
John K. Ousterhout, Jacob Y. Levy, Brent B. Welch
Web Browsers and Security
Abstract
Today the World Wide Web is considered to be a platform for building distributed applications. This evolution is made possible by browsers with processing capabilities and by programming languages that allow web designers to embed real programs into HTML documents. Downloading and executing code from anywhere on the Internet brings security problems along with it. A systematic and thorough analysis of security flaws in the browsers and related technology is necessary to reach a sufficient level of confidence. This paper presents some preliminary results of ongoing research that has the final goal of developing properties for secure browsers and procedures for secure browsing. The research started by investigating features provided by the standard environment. The paper describes some experimental attacks that have been carried out by exploiting features of Java and JavaScript executed by Netscape Navigator and Microsoft Explorer browsers.
Flavio De Paoli, Andre L. Dos Santos, Richard A. Kemmerer
Backmatter
Metadaten
Titel
Mobile Agents and Security
herausgegeben von
Giovanni Vigna
Copyright-Jahr
1998
Verlag
Springer Berlin Heidelberg
Electronic ISBN
978-3-540-68671-2
Print ISBN
978-3-540-64792-8
DOI
https://doi.org/10.1007/3-540-68671-1