Security Modeling and Evaluation for Mobile Agents

1
Security Modeling and Evaluation for Mobile Agents

• Anthony Chan and Michael Lyu
• The Chinese University of Hong Kong

2
Classification of Mobile Code
Know-how the code to execute Resources
input/output for code execution Processor
abstract machine that holds the state of
computation
Ghezzi and Vignas classification of mobile code
paradigms
3
Attack model of malicious hosts against mobile
agents
Model proposed by Fritz Hohl

• Attacks scenarios that can be described
• spy out and modify the whole data part of an
  agent
• spy out and modify the code part of an agent
• manipulate the code execution sequence of an
  agent
• manipulate the execution environment of an agent

Environment
Read/manipulate
Malicious Host
(Other agents)
Read/manipulate properties control execution
System call
Agent
4
Mobile agent application

• Advantages of developing the application using
  mobile agents over conventional client/server
• reduced network traffic for client client
  (handheld PC) needs to handle only two network
  transmissions (agent sending and receiving)
• non-interactivity of client client can be
  plugged to network, send agent, disconnect from
  network then after a while reconnect at another
  physical location, and receive agent

5
Mobile Agent SecurityA Closer Look

• Two facets of mobile agent security
• host security
• protect hosts from malicious agents (code/data)
• similar to remote evaluation and code on demand
  approaches
• agent security
• protect agents from malicious hosts
• a relatively new area in security research

6
Possible solutions

• An open research question
• Two cases
• closed network malicious hosts are identifiable
• agent integrity checking
• encrypted transmission
• time limiting techniques
• open network malicious hosts are not identifiable

7
Open network

• Encryption
• need to hide the code (algorithm) and data of
  agents so that any malicious hosts would not be
  able to tamper
• one possible way would be mobile cryptography
  using probabilistic encryption
• Time-limiting techniques
• limit the time for an agent to survive
• security modeling

8
Security Modeling
Agent
Host 1
Host 2
Host n

• Assume
• the time to breach the agent on host i is
  inversely exponential to the number of
  instructions carried out by host i
• the number of instructions carried out by a host
  is directly proportional to time

9
Security modeling

• Let an agent stays at host i for time Ti,
• P(breach at host i)
• 1 - exp(-?iTi), ?i is a constant
• Then the agent security, i.e., probability of no
  breach at all host,

We may use this to measure the time we allow an
agent to stay on a host, so that the agent is
still safe up to a certain probability