A Security Architecture for Mobile Agent Based Applications

This paper describes a security architecture for mobile agent based systems. It defines the notion of a security-enhanced agent and outlines security management components in agent platform bases and considers secure migration of agents from one base to another. The security enhanced agent carries a passport that contains its security credentials and some related security code. Then we describe how authentication, integrity and confidentiality, and access control are achieved using the agent's passport and the security infrastructure in the agent bases. We then discuss the application of the security model in roaming mobile agents and consider the types of access control policies that can be specified using the security enhanced agents and the policy base in the agent platforms. Finally we describe the security infrastructure that implements the proposed security services and outline the development of a secure agent based application using the proposed architecture.     

一个基于Java的Mobile Agent安全体系结构模型

与早期分布式计算的范例比较Mobile Agent变得日益流行,但是阻碍其广泛应用的主要原因是与移动代码相伴而来的安全问题.这就要求Mobile agent系统提供一种机制,来完成对服务器资源的访问控制以及保证通信的安全性,并对Mobile Agent自身的进行保护.文章提出了一个基于Java的安全体系结构模型,该模型通过创建资源代理来实现安全策略,为基于Java的Mobile Agent系统提供了一个统一的安全服务接口.     

一种基于Proxy-agents的移动Agent安全模型

移动agent技术是分布式人工智能和Internet相结合的产物，具有很好的应用前景，但安全问题阻碍了其广泛应用。本文提出一种基于proxy-agents的mobile agent安全模型，并就模型中的安全认证机制进行了讨论。     

一个安全的移动代理数据保护方案

移动代理数据安全是移动代理系统面临的主要安全问题之一。基于ElGamal公钥体制,提出了一个安全的移动代理数据保护方案。对其分析的结果表明,该协议不仅满足所有的安全要求,而且可以使得同一移动代理多次经过同一主机,弥补了当前方案的不足。     

Security in the Ajanta mobile agent system

A mobile agent is an object which can autonomously migrate in a distributed system to perform tasks on behalf of its creator. Security issues in regard to the protection of host resources, as well as the agent themselves, raise significant obstacles in practical applications of the agent paradigm. This article describes the security architecture of Ajanta, a Java‐based system for mobile agent programming. This architecture provides mechanisms to protect server resources from malicious agents, agent data from tampering by malicious servers and communication channels during its travel, and protection of name service data and the global namespace. We present here a proxy based mechanism for secure access to server resources by agents. Using Java's class loader model and thread group mechanism, isolated execution domains are created for agents at a server. An agent can contain three kinds of protected objects: read‐only objects whose tampering can be detected, encrypted objects for specific servers, and a secure append‐only log of objects. A generic authentication protocol is used for all client–server interactions when protection is required. Using this mechanism, the security model of Ajanta enforces protection of namespaces, and secure execution of control primitives such as agent recall or abort. Ajanta also supports communication between agents using RMI, which can be controlled if required by the servers' security policies. Copyright © 2001 John Wiley & Sons, Ltd.     

基于移动Agent的安全电子拍卖系统的构建

随着电子商务技术的日益发展，移动Agent技术可以用来进行市场调查，商品买卖及离线拍卖等。事实证明只有当用移动Agent构建的系统的安全性得到确切的保证后，才能被大众用户所接受。该文提出了一个基于移动Agent的电子拍卖协议，并以此协议构建了一个实际的系统。系统中采用了主从结构，在认证过程中要求Agent向拍卖服务器出示许可证等方法来保证系统的安全性。最后，对协议设计的正确性和效率进行了详尽的分析。     

Mole – Concepts of a mobile agent system

Due to its salient properties, mobile agent technology has received a rapidly growing attention over the last few years. Many developments of mobile agent systems are under way in both academic and industrial environments. In addition, there are already various efforts to standardize mobile agent facilities and architectures. Mole is the first mobile agent system that has been developed in the Java language. The first version was finished in 1995, and since then Mole has been constantly improved. Mole provides a stable environment for the development and usage of mobile agents in the area of distributed applications. In this paper we describe the basic concepts of a mobile agent system, i.e., mobility, communication and security, discuss different implementation techniques, present the decisions made in Mole and give an overview of the system services implemented in Mole.     

基于移动Agent的电子商务安全研究

随着Agent技术的不断发展,移动Agent系统安全已经成为其进一步发展的主要制约之一,它包括移动Agent的安全和主机平台的安全两个方面。介绍了移动Agent技术所带来的安全隐患、提出了一种适用于电子商务环境下的安全体系结构。它能有效保护运行环境的安全和用户Agent商业数据的安全性和保密性。     

J-SEAL2—A Secure High-Performance Mobile Agent System

Even though the advantages of mobile agents for distributed electronic commerce applications have been highlighted in numerous research works, mobile agent applications are not in widespread use today. For the success of mobile agent applications, secure, portable, and efficient execution platforms for mobile agents are crucial. However, popular mobile agent systems do not meet the high security requirements of electronic commerce applications, are not portable, or cause high overhead. Currently, the majority of mobile agent platforms is based on Java. These systems simply rely on the security model of Java, although it is not suited to protect agents and service components from each other.In contrast, J-SEAL2 is a mobile agent system designed to meet the high security, portability, and performance requirements of large-scale electronic commerce applications. J-SEAL2 extends the Java environment with a model of strong protection domains. The core of the system is a micro-kernel fulfilling the same functions as a traditional operating system kernel: protection, communication, domain termination, and resource control. For portability reasons, J-SEAL2 is implemented in pure Java. This paper focuses on the design of the new communication model in J-SEAL2, which allows convenient, efficient, and mediated communication in a hierarchy of strong protection domains.     

基于TrustZone的可信移动终端云服务安全接入方案

可信云架构为云计算用户提供了安全可信的云服务执行环境,保护了用户私有数据的计算与存储安全. 然而在移动云计算高速发展的今天, 仍然没有移动终端接入可信云服务的安全解决方案. 针对上述问题, 提出了一种可信移动终端云服务安全接入方案, 方案充分考虑了移动云计算应用背景, 利用ARM TrustZone硬件隔离技术构建可信移动终端, 保护云服务客户端及安全敏感操作在移动终端的安全执行, 结合物理不可克隆函数技术, 给出了移动终端密钥与敏感数据管理机制. 在此基础之上, 借鉴可信计算技术思想, 设计了云服务安全接入协议, 协议兼容可信云架构, 提供云服务端与移动客户端间的端到端认证. 分析了方案具备的6种安全属性, 给出了基于方案的移动云存储应用实例, 实现了方案的原型系统. 实验结果表明, 可信移动终端TCB较小, 方案具有良好的可扩展性和安全可控性, 整体运行效率较高.     

基于智能Agent的网络安全监控系统的研究

提出了一种称为IA－NSM（网络安全监控的智能Agent)的全新方案，它基于智能Agent技术，用于监控和管理Intranet环境下内部结点。IA－NSM是在传统的网络环境中集成了一个灵活的多Agent系统，从而加强了对受控结点非法行为的防范能力，介绍了基于智能Agent技术的网络安全监控系统的应用背景，系统功能，Agent分类和系统模型以及安全策略的制定原则。     

A secure migration process for mobile agents

This article describes a decentralized secure migration process of mobile agents between Mobile‐C agencies. Mobile‐C is an IEEE Foundation for Intelligent Physical Agents (FIPA) standard compliant multi‐agent platform for supporting C/C++ mobile and stationary agents. Mobile‐C is specially designed for mechatronic and factory automation systems where malicious agents may cause physical damage to machinery and personnel. As a mobile agent migrates from one agency to another in an open network, the security concern of mobile agent systems should not be neglected. Security breaches can be minimized considerably if an agency only accepts mobile agents from agencies known and trusted by the system administrator. In Mobile‐C, a strong authentication process is used by sender and receiver agencies to authenticate each other before agent migration. The security framework also aims to guarantee the integrity and confidentiality of the mobile agent while it is in transit. This assures that all agents within an agency framework were introduced to that framework under the supervision and permission of a trusted administrator. The Mobile‐C Security protocol is inspired from the Secure Shell (SSH) protocol, which avoids a single point of failure since it does not rely on a singular remote third party for the security process. In this protocol, both agencies must authenticate each other using public key authentication, before a secure migration process. After successful authentication, an encrypted mobile agent is transferred and its integrity is verified by the receiver agency. This article describes the Mobile‐C secure migration process and presents a comparison study with the SSH protocol. The performance analysis of the secure migration process is performed by comparing the turnaround time of mobile agent with and without security options in a homogeneous environment. Copyright © 2010 John Wiley & Sons, Ltd.     

一种基于Jini技术的移动Agent模型

移动Agent被普遍认为是一种有潜力的网络分布式计算技术,但至今仍没得到广泛的应用,主要是因为移动A-gent中尚存在一些主要问题,如环境灵活性、通信、代码迁移、安全等。针对这些问题,提出了一种基于Jini技术的移动Agent模型。通过将Jini中的查找、发现、租约、远程事件、对象存储等概念和服务加入到移动Agent中,创建了一个包含两种网络中间件(代理基站和代理站点)的动态分布式移动Agent模型,该模型提供了一种新的查找、通信、安全和容错方案以提高移动代理的健壮性、安全性和代理间的交互性。同时对该模型中关键技术的实现机制作了分析。     

为移动代理构造一个安全运行虚环境

移动代理在其执行和迁移过程中涉及到的安全问题就是保护主机不受恶意代理的攻击,其中一个重要方面就是将由程序员的编程错误而造成的危险降到最低。这主要是通过代理程序设计语言来保证的。将代理程序限制在某个安全环境内执行－即为代理程序构造一个安全的运行虚环境为实现代理的安全性提供了基础。提出了一个有效地构造安全运行虚环境的算法。     

嵌入式系统的安全启动机制研究与实现

针对目前移动智能平台系统面临的安全威胁,利用可信计算技术解决嵌入式系统的安全问题,是一种可行且高效的安全解决方案。在不改变现有移动设备硬件架构的前提下,提出了一种嵌入式平台系统的安全启动机制,将安全TF卡作为外置可信平台模块,构建了一条从Bootloader到上层应用程序的完整的信任链,该信任链的起点保护在安全TF卡的安全区域内,启动过程中各个组件的度量标准值由安全TF卡中的密钥签名存放。描述了该机制的实现过程,并对其安全性、效率进行了详细的分析测试。实验结果显示,该机制能够抵御针对嵌入式平台的多种攻击,有效保护嵌入式系统安全。     

Integrity protection for Code-on-Demand mobile agents in e-commerce

The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent's perspective, mobile agent integrity should be protected against attacks from malicious hosts and other agents. In this paper, we present Code-on-Demand (CoD) mobile agents and a corresponding agent integrity protection scheme. Compared to the traditional assumption that mobile agents consist of invariant code parts, we propose the use of dynamically upgradeable agent code, in which new agent function modules can be added and redundant ones can be deleted at runtime. This approach will reduce the weight of agent programs, equip mobile agents with more flexibility, enhance code privacy and help the recoverability of agents after attack. In order to meet the security challenges for agent integrity protection, we propose agent code change authorization protocols and a double integrity verification scheme. Finally, we discuss the Java implementation of CoD mobile agents and integrity protection.     

M-TREE: A high efficiency security architecture for protecting integrity and privacy of software

Secure processor architectures enable new sets of applications such as commercial grid computing, software copy protection and secure mobile agents by providing secure computing environments that are immune to both physical and software attacks. Despite a number of secure processor designs have been proposed, they typically made trade-offs between security and efficiency. This article proposes a new secure processor architecture called M-TREE, which offers a significant performance gain while without compromising security. The M-TREE architecture uses a novel hierarchical Message Authentication Code Tree (MACTree) for protecting applications’ integrity at a minimal performance overhead. M-TREE also introduces a new one-time-pad class encryption mechanism that accelerates security computation over the existing block cipher-based schemes with high security guarantee. Based on the results of our performance simulations the performance overhead of the M-TREE integrity check mechanism is as small as 14% in the worst case, a substantial improvement over the 60% slowdown reported by previously proposed techniques. Meanwhile, the overhead of M-TREE encryption scheme is approximately 30%, compared to 50% of using block cipher encryption. In overall, our M-TREE architecture can provide a tamper-resistant and tamper-evident computing environment with low-performance impact, thereby offering a transparent and practical security computing platform.     

一个具有高安全性的移动Agent系统模板结构

在分析现有的移动Agent系统的特点以及MASIF(mobile agent system interoperability facility)规范的基础上,给出了一个具有高安全性的移动Agent系统Jamogents及其模板结构,描述了其工作流程,并在重载Java类java.lang.SecurityManager的基础上实现了一种用于加密和数字签名的算法RIM(RSA+IDEA+MD5).     

移动Agent安全措施与实现

移动Agent的应用日益广泛,移动Agent系统的安全问题突出,如何解决移动Agent安全问题是非常关键的。本文提出了基于密码学和计算机网络安全的移动Agent的安全措施,同时给出了实现的方法,并提出可以采用的其他新型的安全措施。这些措施的核心问题是既要保证移动Agent通信的安全和移动Agent执行环境的安全,同时又要保证移动Agent能够应用的更为广泛。     

基于移动代理、关键主机隐藏技术的IDS体系结构

本文介绍了一种安全灵活的入侵检测系统体系结构，通过运用关键主机隐藏技术，使关键主机对于主动探测，被动监听均不可见，提高了系统自身的安全性，同时，通过引入移动代理，限制入侵检测系统各部分之间的通信等机制，增强本体系结构对于拒绝服务攻击的抵抗力，系统通过使用智能移动代理在网络节点上收集处理信息，提高了入侵检检测系统的灵活性，减少了网络负载。