移动Agent在恶意主机中安全问题

在电子商务应用中,移动Agent被用于代表客户搜索某个特定的产品,在这个过程中移动Agent很容易受到恶意主机的攻击.文中在分析了现有对付恶意主机方法上所存在缺陷的基础上,提出了一种基于改进RSA算法的非交互性CEF签名机制,能够在无交互的条件下进行快速加密和安全的签名,使得客户的签名不会被滥用,解决了移动Agent在恶意环境中所遇到的问题,保证了移动Agent的秘密性和完整性.     

使用圆锥曲线的复合服务安全签名方案

为解决使用移动Agent进行服务复合时签名密钥可能在网络传输中或恶意主机上泄漏的安全问题,提出了一个使用圆锥曲线的安全签名方案,并对其正确性和安全性进行了分析和证明。该使用方案签名时不要求移动Agent携带签名密钥,其安全性依赖于圆锥曲线上离散对数问题的难解性和大数因子分解的困难性。     

基于移动Agent的电子商务安全性研究

基于移动Agent的第三代电子商务系统是软件、通信和分布式系统技术的结合,它克服了传统电子商务技术的缺点,有着很好的应用前景。然而,其安全性却是个不容忽视的问题。安全性的缺乏会导致恶意Agent毫无限制地在网络上散布或导致恶意入侵的发生,从而使商务活动陷入混乱状态。保护主机不被恶意Agent入侵,与传统的分布式系统中相对成熟的安全技术,有着相似之处。但保护移动Agent不被恶意攻击还有一些欠缺,基于保护移动Agent不被恶意攻击的主要目的出发,提出了一个信用模型（评价主机信用关系的信誉度）,来解决基于移动Agent技术的电子商务的安全性问题。     

可更新数据的数据完整性保护方法

数据收集是移动Agent的一类重要应用,在多个领域的移动Agent应用系统中涉及到数据收集。由于移动Agent可能受到恶意主机攻击,如何保证收集数据的完整性是一个重要的安全问题。文中在分析移动Agent 数据收集的安全性属性的基础上,提出了一个用于保证移动Agent在潜在恶意主机上访问时保护所收集数据的完整性安全协议。该协议能够实现数据的完整性验证与数据被收集的顺序无关,从而可以随机地访问主机,并且同一主机提交的数据可以自己更新,非常适合数据动态变化的应用系统。     

基于拆分-协作方法的移动Agent安全保护

恶意主机对移动Agent的威胁是移动Agent技术应用的主要障碍之一.对此,提出一种基于拆分-协作的保护移动Agent的方法.根据功能模块将一个移动Agent拆分成多个子Agent协同工作,完成原移动Agent相同的功能.借助信息论中的熵理论,证明了这种拆分使得移动Agent任务的理解难度随拆分数目的增长成正比增长,有助于保护移动Agent的机密性,从而在一定程度上阻止了恶意主机对移动Agent的攻击.最后讨论了效率问题及拆分的副作用.     

限制恶意主机执行时间的安全协议

针对文献提出的使用源主机检测主机执行移动代理时问的安全协议的不足,进行了改进。通过运行在可信主机上的协作Agent,限制移动Agent在主机上的运行时间,设计了一个安全有效的协议,以防止恶意主机对Agent代码和数据的篡改以及拒绝服务攻击。     

一种基于授权管理的移动Agent系统的方案设计

1.引言 移动Agent是一种能够在异构网络中自主地从一台主机迁移到另一台主机,并可与其他Agent或资源交互的智能体.由于Agent的移动性和自主性,Agent系统面临着安全性的挑战.一方面,执行环境可能受到恶意Agent的攻击;另一方面,移动Agent也可能受到恶意服务器的损害.针对面临的安全性挑战,移动Agent系统目前主要研究了以下几种安全技术[1,3]:     

移动Agent系统中的安全性问题研究

首先，在这篇论文中介绍了移动Agent的定义及其应用。然后，分析了存在恶意代理的前提下，如何保护主机；存在恶意主机的前提下，如何保护代理，提出这些问题的解决办法。最后，得出结论，解决移动Agent系统的安全性问题是很困难的。     

基于MASS和JavaCard的移动代理安全模型

探讨了移动代理防范恶意主机的攻击问题,提出了一个基于移动代理安全服务器和JavaCard的安全模型。模型中的通信信息进行了签名和加密,可以防止恶意主机窥视和篡改代理的代码和数据,也能防止恶意主机伪造移动代理。安全机制中能进行异常情况处理,较好地了解决恶意对移动代理的攻击问题。模型中JC证书的管理和更新问题需进一步研究。     

移动Agent防范恶意主机攻击的安全措施

移动Agent技术是分布式人工智能与Internet相结合的产物，具有很好的应用前景，但是移动Agent系统的安全性是一个不容忽视的问题， 而在移动Agent系统所涉及到的安全问题中，尤以保护移动Agent不受恶意主机攻击最为复杂和重要。该文总结了到目前为止的各种保护措施,并比较了各自的优点及局限性。     

Secure Web Transaction with Anonymous Mobile Agent over Internet

A major problem of mobile agents is their apparent inability to authenticate transactions in hostile environments. In this paper, a new secure anonymous mobile agent scheme is proposed for the prevention of agent tempering without compromising the mobility or autonomy of the agent. In the scheme, a mobile agent can produce valid signature on website's bid (it means to transact a contact with the web site) on behalf of its customer, without revealing the customer's real private key. In addition, the anonymity of the customer is also achieved when its agent transacts with the websites. Furthermore, the customer who issues a malicious agent or denies the transaction can be identified and detected by Agent Management Center (AMC). Therefore, the scheme is practical in the future electronic commerce over Internet.     

恶意主机上的移动代理安全

在分析了现有对付恶意主机的方法所在存在缺陷的基础上，提出了移动代理安全的解决策略，详细描述了在无交互条件下程序加密方法，最后介绍了恶意主机上安全签名方法。     

Security in the Ajanta mobile agent system

A mobile agent is an object which can autonomously migrate in a distributed system to perform tasks on behalf of its creator. Security issues in regard to the protection of host resources, as well as the agent themselves, raise significant obstacles in practical applications of the agent paradigm. This article describes the security architecture of Ajanta, a Java‐based system for mobile agent programming. This architecture provides mechanisms to protect server resources from malicious agents, agent data from tampering by malicious servers and communication channels during its travel, and protection of name service data and the global namespace. We present here a proxy based mechanism for secure access to server resources by agents. Using Java's class loader model and thread group mechanism, isolated execution domains are created for agents at a server. An agent can contain three kinds of protected objects: read‐only objects whose tampering can be detected, encrypted objects for specific servers, and a secure append‐only log of objects. A generic authentication protocol is used for all client–server interactions when protection is required. Using this mechanism, the security model of Ajanta enforces protection of namespaces, and secure execution of control primitives such as agent recall or abort. Ajanta also supports communication between agents using RMI, which can be controlled if required by the servers' security policies. Copyright © 2001 John Wiley & Sons, Ltd.     

一个采用惟密文验证签字的Mobile Agent新方案

在未来分布式计算机环境中移动代理系统起着极为重要的作用,这种采用异步式通信的软件代理应具有许多优点并可使整个网络的效率提高,因而存在广泛的应用。但是,软件编制的移动代理容易受其运行主机上恶意软件的攻击,保护移动代理不受窜扰成为移动代理能正常运行的关键。而一般的加密及签字技术不能直接适用于移动代理环境,因此,需要开发新的签字加密技术。结合洋葱路由技术,提出了一个采用惟密文数字签名验证的移动代理系统新方案,以增强移动代理的安全可靠性。最后对其做了安全分析。     

Efficient threshold proxy signature protocol for mobile agents

Mobile agents can migrate across different execution environments through the network. One important task of a mobile agent is to act as a proxy signer to sign a digital signature on behalf of the agent owner. As the agent and the remote hosts are not trustworthy, or are probably malicious, there are great challenges for the task. In this paper, we propose an efficient, secure (t,n) threshold proxy signature scheme based on the RSA cryptosystem. The proposed scheme shares the proxy signing key with a simple Lagrange formula. However, it does not reveal any secret information. Owing to its simple algorithm and few parameter requirements, the proposed scheme requires few calculations and few transactions. The proxy signature generation stage and the proxy signature combining stage are completely non-interactive. Furthermore, the size of the partial proxy signing key and that of the partial proxy signature are constant and independent of the number of proxy signers.     

移动agent系统安全问题的动态信任计算模型

在移动云计算中,数据存储和数据处理是在云端以远程方式进行的,因而信任是移动云计算安全中一个非常重要的因素.针对移动云计算环境中移动agent系统安全和信任管理问题,借鉴人类信任机制(human trust mechanism,HTM),研究主观信任形成、信任传播与信任进化规律,提出主观信任动态管理算法(MASTM);基...     

一种基于强信任关系的移动安全认证协议

建立强信任关系来实现对移动代理的安全认证方法,是保护移动代理平台在网格环境中免受恶意代理攻击的主要手段。由于网格的异构性以及虚拟组织之间没有信任传递关系,导致移动代理在跨虚拟组织迁移时,存在安全漏洞,所以结合基于D—S理论的资源信任度函数提出动态规划方案是符合网格结构需求的。该方法在移动代理进行迁移时,由移动代理与其所在的网格虚拟组织中的信任调度模块协同工作,完成移动代理的迁移任务,保护了移动代理不遭到恶意平台的攻击。     

Advanced mobile agent security models for code integrity and malicious availability check

Mobile agent technology is an emerging paradigm in distributed computing environment and it holds a potential status in the relevant research field due to its unique capabilities like flexibility, dynamic customization and robust interaction in unreliable networks. But the limited security perspectives and shortfalls of the mobile agent environments degrade its usage in a variety of application domains. Even though some of the protection models are available for protecting the environments, they are not efficient in handling the security issues. To make the mobile agent environment secure, this paper proposed advanced models to improve the efficiency of the existing Malicious Identification Police model for scanning the incoming agent to detect the malicious activities and to overcome the availability of vulnerabilities in the existing Root Canal algorithm for code integrity checks. The MIP model is extended with the policy to differentiate the agent owners in the distributed environment and the Root Canal algorithm is improved as eXtended Root Canal algorithm. The experimental results of the advanced models show that though these mechanisms take more time complexity than the existing malicious identification police model and Root Canal model, these models are efficient in protecting the agent code integrity and scanning the agent for malicious activities. Also the new models possess less time complexity compared to the other related existing models in the secure mobile agent environment.     

一个基于“承诺”机制的代理交互安全模型

安全问题一直是基于移动代理计算应用中的一个关键问题．一个基于“承诺”机制的代理交互安全模型主要从理论上针对代理在交互过程中的欺骗行为的防止而提出的．在检测机制有限的环境中，代理的非法性不能得到很好的确定，因此需要新的机制来控制代理的恶意行为．“承诺”机制是指在代理的交互过程中，要求代理提供一定数量的利益保证，利用该利益保证值可以实现对代理恶意行为的抑制．通过证明合理的利益保证值的存在性，从理论上证明了承诺机制的可行性。     

Protecting mobile-agent data collection against blocking attacks

Full-scale adoption of mobile agent technology in untrustworthy network environment, such as Internet, has been delayed due to several security complexities. The protection of mobile agents against the attacks of malicious hosts is considered a very challenging security problem. It has inspired lot of research interest, but very few measures exist to counter blocking attack where a host with malicious intentions refuses to transmit a mobile agent to the next host. It becomes an important requirement for the agent owner to rescue the data collected by the agent under custody and redeem a loss. In this paper, we present two schemes that rescue the offering results from a malicious host's blocking attack, and make a comparison of their performance from several aspects. Our approach has two new features that previous protocols lack. It allows the proper handling of time-sensitive offers and supports the gradual decision-making execution.