90 likes | 227 Views
Vulnerabilities a nd Security in Mobile Agents. by Joel Dominic, Adam Mcculloch , and James Hunt. CONTENT. Brief overview of mobile agents Malicious Hosts and countermeasures Malicious Agents and countermeasures Encrypted Agents and data. Overview of Mobile Agents.
E N D
Vulnerabilities and Security in Mobile Agents by Joel Dominic, Adam Mcculloch, and James Hunt
CONTENT • Brief overview of mobile agents • Malicious Hosts and countermeasures • Malicious Agents and countermeasures • Encrypted Agents and data
Malicious Agents Problem: • Rogue Mobile Agent runs malicious code on trusting host Solutions: • Host can scan Mobile Agent for malicious code • Run Mobile Agents in sandbox environment • Allows for very dynamic security controls • Host can be specific in which resources Mobile Agent has access to • This method is popular due to its easy implementation
Malicious Hosts Problem: • Host accepts legitimate mobile agent and then modifies the code (creating a malicious agent) before returning it to the network Solutions: • Sign the mobile agent with a checksum so that any tampering becomes apparent • Limit the servers a mobile agent can travel to so hostile servers injected into the network cannot interfere • “Checkpoint” servers to scan mobile agents for tampering
Encryption • Encrypting the code of a mobile agent could lead to improved security • Running encrypted data through a mobile agent requires either: • The key to be stored in the mobile agent • The key to be stored on the host
Summary • Security threats can come from the mobile agent or the receiving host • Best way to block a malicious mobile agent is to run it in a sandbox environment • Multiple ways to prevent hostile hosts: • Checksums • Limiting hosts for mobile agents • “Checkpoint” Servers • Encryption possible for both data and mobile agents • Would make it safer but more difficult to implement
SOURCES www.objs.com/agent/00-12-05.ppt http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.36.6327&rep=rep1&type=pdf