1 security and agent based computing environment presented by: feng zhang, markus kaiser, hien...
TRANSCRIPT
1
Security and Agent Based Security and Agent Based Computing EnvironmentComputing Environment
Presented by: Feng Zhang, Markus Kaiser,
Hien Nguyen, and Shu Wang
2
OutlineOutline
Motivation. Motivation. Objectives.Objectives. System architecture. System architecture. Implementation.Implementation. Empirical results.Empirical results. Related work.Related work. Conclusion and Future work.Conclusion and Future work.
3
MotivationMotivation
Addressing the security threats in agent Addressing the security threats in agent computing paradigm is a challenging problem.computing paradigm is a challenging problem.
Our ongoing work of multi-agent distributed goal Our ongoing work of multi-agent distributed goal satisfaction project (MADGS) currently is not satisfaction project (MADGS) currently is not employing any security mechanism:employing any security mechanism: Unauthorized access:Unauthorized access: No control over the agent
communication, migration, resource allocation
Denial of services: Denial of services: No control over who can create No control over who can create agents and use resourcesagents and use resources
Disclosure of information: Disclosure of information: No protection over the No protection over the communication among agents.communication among agents.
4
ObjectivesObjectives
Address security issues in MADGS by two Address security issues in MADGS by two models:models: Use role-based security approach through Use role-based security approach through
JINI.JINI. Implement role-based security inside Implement role-based security inside
MADGS.MADGS. Empirically evaluate these two models based Empirically evaluate these two models based
on their performances, integrity, and on their performances, integrity, and scalability.scalability.
5
Objectives (cont.)Objectives (cont.)
Allow any MADGS agents to access JINI Allow any MADGS agents to access JINI resources such as university database.resources such as university database.
Research:Research: Literature search of agent security, Literature search of agent security,
replication.replication.
6
Overview of the current MADGS systemOverview of the current MADGS system
Carolina server
AgentManager
ResourceManager
PlanHandler agent
Prodigy
AgentTool
Agent Environment
Tool for creation & deployment
agents
Planning tool
7
Architecture of combining JINI Security Architecture of combining JINI Security Service with MADGSService with MADGS
JINILookup
Role-Based Privileges
Security Registration
Authorization List
UniversityDB
JINI Security Client
MADGSJiniClient
AgentManager ResourceAgent
PlanHandlerAgent
Carolina Server
Prodigy
AgentTool
SecurityHandler
8
Architecture of combining JINI Security Architecture of combining JINI Security Service with MADGSService with MADGS
9
Architecture of building a security Architecture of building a security component in MADGScomponent in MADGS
AgentManager ResourceAgent
PlanHandlerAgent
Carolina Agent Server
Prodigy
AgentTool
SecurityHandler
MADGS Security Client
SecurityManager
10
Architecture of building a security Architecture of building a security component in MADGScomponent in MADGS
11
Implementation of using JINI Security Implementation of using JINI Security ServiceService
JINI Security ServiceJINI Security Service MADGSJiniClientMADGSJiniClient JINI Security ClientJINI Security Client Integration between MADGSJiniClient and Integration between MADGSJiniClient and
SecurityHandlerSecurityHandler
12
Implementation of using JINI Security Implementation of using JINI Security ServiceService
+checkPrivileges()+createRole()+deleteRole()+createClient()+deleteClient()+Grant(Revoke)_UR_Client()+Grant(Revoke)_UR_Resource()……..
JINI Security ServiceRole Management
+createRole()+deleteRole()
Client Management+createClient()+deleteClient()
AuthRoleToClient+Grant_UR_Client()
+Revoke_UR_Client()
ResourceManagement+appendResource()+deleteResource()
GrantRevokeRSM+Grant_UR_Resource()+Revoke_UR_Resource()
13
Implementation of MADGSJiniClientImplementation of MADGSJiniClient
MADGSJiniClient Capability:long+accessJiniResource(role,resc,inObj,outObj)+checkResourceRequest()+createResource()+deleteResource()+findResource()-locateLookup()+discovered()+discarded()
JINI Security Service+checkPrivileges()+createRole()+deleteRole()+createClient()+deleteClient()+appendResource()+deleteResource()+Grant_UR_Client()+Grant_UR_Resource()+Revoke_UR_Client()+Revoke_UR_Resource()
0..* 1
14
Implementation of JINI Security ClientImplementation of JINI Security Client
Builds a more organized, easy to use graphical Builds a more organized, easy to use graphical user interface compared to the existing oneuser interface compared to the existing one
Includes: Includes: Role management, client management, resource
management panels Client and resource authorization panels
15
Implementation of JINI Security ClientImplementation of JINI Security Client
Role management panel
17
Integration between MADGSJiniClient and Integration between MADGSJiniClient and SecurityHandler in MADGSSecurityHandler in MADGS
Add some translation code in MADGSJiniClient to Add some translation code in MADGSJiniClient to retrieve information from JINI SS.retrieve information from JINI SS.
Each Carolina server is considered as a client of Each Carolina server is considered as a client of JINI environment.JINI environment.
JINI Security Service must keep each server’s JINI Security Service must keep each server’s information in the client table ahead of time.information in the client table ahead of time.
18
Implementation of a security component in Implementation of a security component in MADGSMADGS
MADGS Security ManagerMADGS Security Manager SecurityHandlerSecurityHandler MADGS Security ClientMADGS Security Client Making changes in Agent Manager and Message Making changes in Agent Manager and Message
ManagerManager
19
Implementation of MADGS Security Implementation of MADGS Security ManagerManager
Role+roleId+roleDescription
Resource+resourceId+serviceId
Agent +agentId+agentName
Privilege+resourceId+serviceId+methodId+privilegeId …
Security Manager+getResourceList(..)+getServiceList(..)+createRole(..)+deleteRole(..)+getRoleById(..)+grantPrivilege(..)+revokePrivilege(..)+getRolePrivilege(..)+getAgentList(…)+grantRoleToAgent(..)+revokeRoleFromAgent(…)…….
* 1
* 1
* 1
* 1
20
Implementation of SecurityHandler in Implementation of SecurityHandler in MADGSMADGS
Is a common interface for SecurityManager, Is a common interface for SecurityManager, AgentManager, MessageManager and AgentManager, MessageManager and MADGSJiniClientMADGSJiniClient
Contains a set of public methods of Contains a set of public methods of SecurityManagerSecurityManager
Each method in SecurityHandler will direct the Each method in SecurityHandler will direct the call to the corresponding method in call to the corresponding method in SecurityManager and MADGSJiniClient.SecurityManager and MADGSJiniClient.
21
Implementation of MADGS Security ClientImplementation of MADGS Security Client
Usability criteriaUsability criteria Easy to use, comprehensible, well-organized, iterative
design.
IncludesIncludes Role services Authorization services Agent services Option to switch to use JINI Security Service or no
security.
23
Implementation of MADGS Security ClientImplementation of MADGS Security Client
Grant privileges to a role in MADGS Security Client
24
Using MADGS Security Manager to control Using MADGS Security Manager to control agent migration in MADGSagent migration in MADGS
25
Access JINI resources from any MADGS Access JINI resources from any MADGS agentsagents
Chooses university database as the JINI resource Chooses university database as the JINI resource in this implementation.in this implementation.
Builds a tool to access this resource (JINI Builds a tool to access this resource (JINI University Database tool).University Database tool).
Creates a MADGS agent to use this tool to access Creates a MADGS agent to use this tool to access the university database from MADGS.the university database from MADGS.
27
Allow MADGS agents to use JINI UDBAllow MADGS agents to use JINI UDB
Each Carolina server is considered as a client in Each Carolina server is considered as a client in JINI environment.JINI environment.
Each Carolina client will be granted a set of roles Each Carolina client will be granted a set of roles which is the union of all of the roles assigned to all which is the union of all of the roles assigned to all agents operating on it.agents operating on it.
Information of agents’ roles are kept in the agent Information of agents’ roles are kept in the agent directory and maintained by Security Manager in directory and maintained by Security Manager in MADGS.MADGS.
28
A MADGS agent access JINI university A MADGS agent access JINI university database resource database resource
29
Objectives of empirical evaluationObjectives of empirical evaluation
To make sure the security enforcement is working To make sure the security enforcement is working properly.properly.
To explore the effects of security on the main To explore the effects of security on the main functions of MADGS such as agent functions of MADGS such as agent communication or migration.communication or migration.
To look at the performance issues of using JINI To look at the performance issues of using JINI Security ServiceSecurity Service
30
Empirical evaluation settingEmpirical evaluation setting
Carolina server was installed on four machines Carolina server was installed on four machines (Lisa, Markus, Hien and Greg).(Lisa, Markus, Hien and Greg).
JINI Lookup Service and JINI Security service JINI Lookup Service and JINI Security service was install on Lisa machinewas install on Lisa machine
““Stress” agent was created on every machine to Stress” agent was created on every machine to monitor the communication process among agents.monitor the communication process among agents.
Measurement of communication time betweenMeasurement of communication time between Sender agent with (without GUI) sends messages to
Echo agent with(without GUI). Communication time = receiving time – sending time Using asynchronous communication
33
Empirical evaluation resultsEmpirical evaluation results
No Security - Asynchronous - no GUI
0
500
1000
1500
2000
2500
5 30 55 80 105
130
155
180
205
230
255
280
305
330
355
# of agent couples
rou
nd
trip
tim
e [m
s] MARKUS
GREG
HIEN
LISA
average
34
Empirical evaluation resultsEmpirical evaluation results
no Security - Asynchronous - GUI
0
50
100
150
200
250
300
350
400
5 20 35 50 65 80 95 110
125
140
155
170
185
# of agent couples
rou
nd
trip
tim
e [m
s] MARKUS
GREG
HIEN
LISA
average
35
Empirical evaluation resultsEmpirical evaluation results
Internal - Asynchronous - no GUI
0
5000
10000
15000
20000
25000
30000
35000
# of agent couples
rou
nd
trip
tim
e [
ms] MARKUS
GREG
HIEN
LISA
average
36
Empirical evaluation resultsEmpirical evaluation results
JINI - Asynchronous - no GUI
0
20000
40000
60000
80000
100000
120000
5 10 15 20 25
# of agent couples
rou
nd
trip
tim
e [m
s] MARKUS
GREG
HIEN
LISA
average
37
Empirical evaluation resultsEmpirical evaluation results
no Security - Internal - JINI
0
5000
10000
15000
20000
25000
30000
35000
40000
45000
5 20 35 50 65 80 95 110
125
140
155
170
185
# of agent couples
rou
nd
trip
tim
e [m
s]
no Security - Async - GUI
no Security - Async - no GUI
Internal - Async - no GUI
JINI - Async - no GUI
38
Related workRelated work
Research done in agent securityResearch done in agent security Mobile agent system built with securityMobile agent system built with security Replication methods.Replication methods.
39
Related work in agent securityRelated work in agent security
Protecting agent platformsProtecting agent platforms Security threats: masquerading, denial of service and
unauthorized service. Approaches: software-based fault isolation, safe code
interpretation, signed code, proof carrying code, state appraisal, path history, role-based access.
Protecting agentsProtecting agents Security threats: spy agent’s communication, invoke
agent’s public methods without permissions. Malicious platforms can intercept, update agent’s states
Approaches: environmental key generation, computing with encrypted function, record mutual itinerary with and without replication, tracing execution, role-based access
40
Existing mobile agents system with Existing mobile agents system with securitysecurity
Telescript:Telescript: protecting agent platforms only by issuing a permit for
each agent.
ConcordiaConcordia protecting agent platforms: using statistically specified
access control lists based on user identities. protecting agents: using encryption control
Ajanta:Ajanta: protecting agent platforms: based on concept of proxy
interposition protecting agents: by encryption.
41
Overview on replication approachesOverview on replication approaches
Active replicationActive replication client sends its request to all replicas and takes the first
incoming result
Passive replicationPassive replication client sends its request to only one main server. This
replica will execute the operation and copy the results to other existing replicas.
Semi active replication, semi passive replicationSemi active replication, semi passive replication combine of active and passive replication
42
SummarySummary
Incorporated the security using role-based Incorporated the security using role-based approach into a multiagent distributed goal approach into a multiagent distributed goal satisfaction system.satisfaction system.
Experienced with using JINI Security Service and Experienced with using JINI Security Service and implements an separated security component in implements an separated security component in MADGS.MADGS.
Did empirical evaluation to see how the security Did empirical evaluation to see how the security affects the operation of a mobile agent system, affects the operation of a mobile agent system, which method (JINI or not JINI) is appropriate which method (JINI or not JINI) is appropriate with MADGS.with MADGS.
Opened many interesting research issues from the Opened many interesting research issues from the implementation and evaluation of the project.implementation and evaluation of the project.
43
Future workFuture work
Look at negative privileges as well as positive Look at negative privileges as well as positive privilegesprivileges
Look at combination of an encryption technique Look at combination of an encryption technique with role information to protect role information with role information to protect role information from being spied and changed.from being spied and changed.
Replication of security database:Replication of security database: high level: using JINI low level: using local database on Carolina server
44
Future workFuture work
Provide a tool for a security officer to analyze the Provide a tool for a security officer to analyze the role hierarchy.role hierarchy.
Allow any JINI client to access some resource in Allow any JINI client to access some resource in MADGS.MADGS.
Test with an working scenario in the context of Test with an working scenario in the context of distributed planning.distributed planning.