1 / 8

Vulnerabilities a nd Security in Mobile Agents

Vulnerabilities a nd Security in Mobile Agents. by Joel Dominic, Adam Mcculloch , and James Hunt. CONTENT. Brief overview of mobile agents Malicious Hosts and countermeasures Malicious Agents and countermeasures Encrypted Agents and data. Overview of Mobile Agents.

sun
Download Presentation

Vulnerabilities a nd Security in Mobile Agents

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vulnerabilities and Security in Mobile Agents by Joel Dominic, Adam Mcculloch, and James Hunt

  2. CONTENT • Brief overview of mobile agents • Malicious Hosts and countermeasures • Malicious Agents and countermeasures • Encrypted Agents and data

  3. Overview of Mobile Agents

  4. Malicious Agents Problem: • Rogue Mobile Agent runs malicious code on trusting host Solutions: • Host can scan Mobile Agent for malicious code • Run Mobile Agents in sandbox environment • Allows for very dynamic security controls • Host can be specific in which resources Mobile Agent has access to • This method is popular due to its easy implementation

  5. Malicious Hosts Problem: • Host accepts legitimate mobile agent and then modifies the code (creating a malicious agent) before returning it to the network Solutions: • Sign the mobile agent with a checksum so that any tampering becomes apparent • Limit the servers a mobile agent can travel to so hostile servers injected into the network cannot interfere • “Checkpoint” servers to scan mobile agents for tampering

  6. Encryption • Encrypting the code of a mobile agent could lead to improved security • Running encrypted data through a mobile agent requires either: • The key to be stored in the mobile agent • The key to be stored on the host

  7. Summary • Security threats can come from the mobile agent or the receiving host • Best way to block a malicious mobile agent is to run it in a sandbox environment • Multiple ways to prevent hostile hosts: • Checksums • Limiting hosts for mobile agents • “Checkpoint” Servers • Encryption possible for both data and mobile agents • Would make it safer but more difficult to implement

  8. SOURCES www.objs.com/agent/00-12-05.ppt http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.36.6327&rep=rep1&type=pdf

More Related