220 likes | 399 Views
Mobile Agents and Security. Presented by: Chan Hing Wing, Anthony March 29, 1999 Room 1027, SHB, CUHK. Introduction. Problem of the Client/Server Paradigm Mobile Code Paradigms and Technologies Security Issues in Distributed Systems Security Concerns for Mobile Code Paradigms
E N D
Mobile Agents and Security Presented by: Chan Hing Wing, Anthony March 29, 1999 Room 1027, SHB, CUHK
Introduction • Problem of the Client/Server Paradigm • Mobile Code Paradigms and Technologies • Security Issues in Distributed Systems • Security Concerns for Mobile Code Paradigms • Security Services of Mobile Code Technologies
The Client/Server Paradigm • Client/Server Paradigm • conventional design paradigm (i.e., example or pattern, Webster) of distributed applications • two processes (client and server) running on two different hosts; communicate by message exchange • Example: a simple network file server • handle only one file per client request (I.e., no mput / mget) • file listing service also provided • How to delete all files starting with “f”?
Problems, Client/Server • The only way: • list all files on server • figure out files starting with “f” • delete files one by one • Problems: • large number of exchanged messages (2n+2 messages for deleting n files) • requirement of user-computer interactivity • Solution: • upgrade the server and client (to provide mdelete) • inflexible: how about next time I want mput/mget? • any other solution?
The Mobile Code Paradigm • It would be great if I could send a self-executing code fragment (instead of a single instruction) to the server side, that decides which file to delete for me dynamically! • Advantages • reduced network traffic (only code sending, and perhaps an acknowledgement) • no need for user-computer interactivity
Mobile Code Paradigm (MCP) • Common examples of mobile code: • rsh in Unix (remote evaluation) • SQL queries (remote evaluation) • downloading Java applets (code on demand) • Other possible applications (mobile agent): • mobile computing • electronic commerce, etc.
MCP Classification • know-how: the code to be executed • resources: input/output of code • processor: abstract machine that carries out holds the state of computation
Mobile Agents • Mobile Agents: • The most interesting form of mobile code; one form of “Intelligent Agents”, which is a hot topic in the AI field • Mobility: programs can move across different machines and platforms, and run on different host machines • Agency: programs act autonomously for the their users / owners • Agents can move with different execution states, therefore, they can co-operate to perform complex tasks
Supporting Technologies • Client/Server: Sockets / RPC / CORBA • Remote evaluation: rsh, SQL, etc. • Code on demand: Java applets • Mobile Agents? • Many Mobile Agent Systems (MAS) being developed, e.g., Aglets from IBM, Odyssey from General Magic, and Objectspace’s Voyager (ORB) • OMG is drafting the Mobile Agent System Interoperability Facility (MASIF) to allow for cross-MAS agents under CORBA
Security Issues in Distributed Systems • General system security requirements: • integrity • authenticity • confidentiality • availability, for both code and data • Widely adopted security model: • each particular “computing base” forms a “security fortress”, everything (code, data, users, computers) in the same fortress are trusted
Client/Server Security • Client/Server security: • usually adopt the security fortress model • major challenges: • client/server authentication (establishing trust with another side) • data/request confidentiality across insecure channel (by encryption) • already well developed
Mobile Code Security Concerns • Remote evaluation: • fortress model also applicable • challenges: • code sender/receiver authentication • code encryption across the channel • Code on demand: • can also apply the fortress model • challenges: • client: building trust on downloaded code (sandboxing, applet signing) • server: verifying the correct client (authentication)
Mobile Agent Security • More complex/challenging because of: • roaming agents • co-operating agents • security fortress model does not apply well • Two aspects: • host security: • protecting the host against malicious agents • agent security • protecting the agents against malicious host
Host security • Agent Integrity • sandboxing, run-time verification, proof-carrying code • Agent Authentication • digital signatures (analogy: signed applets) • Authorization • access control lists • Allocation (against denial-of-service attack) • market-based mechanism
Agent Security • Example: • An agent roams around the Internet to look for the lowest price of a air ticket; it remembers the lowest price it finds most recently • Data tampering: change of execution state of agents by malicious hosts (“brain-flush” the agent of the lowest price it remembers) • Execution tampering: change of code or execution sequence by malicious hosts (deliberately set the local price as the lowest price, and push the agent to return immediately)
Agent Protection • Some proposed approaches: • Agent tampering detection • range verification, timing information • addition of dummy items and functions • state appraisal functions, cryptographic watermarks • Agent tampering prevention • shared secrets, interlocking of agents • a fault-tolerance approach • execution of encrypted functions • Not very well developed
Security Services, RPC • Sockets: no security services at all! • Sun RPC: • secure RPC services for authentication (man secure_rpc) with four options • Kerberos v5: authentication, per-session key generation • ssleay: free library functions implementing SSLv3, for authentication and encryption • Proposed standard: Generic Security Services Application Program Interface version 2 (GSS-API v.2) (RFC2078)
Security Services, CORBA • CORBA Security Services specification • required implementation of objects Credentials, Principal Authenticator, Security Context, Access Control, etc. • support authentication, authorization, security auditing, etc. • however, existing implementation of the specification is unknown • some vendors add their own security add-on for their ORB product (e.g., SSL pack for Visibroker)
Security Services of MAS • Aglets and Odyssey: • Host protection based on Java security model (sandboxing and signed applets) • No information about agent protection • Voyager: • SSL for communication security • No details available about host and agent security
Conclusion • Mobile agents as a emerging paradigm to substitute/complement client/server • Mobile agent systems being developed worldwide • Security concerns as a blocking factor • Two different views: mobile agents as security challenge / chance