security for mobile agents: issues and challenges
TRANSCRIPT
1
Section IX: Security and Privacy Aspects Section
Security for Mobile Agents: Issues and Challenges
Paolo Bellavista, Antonio Corradi, Corrado Federici, Rebecca Montanari, Daniela Tibaldi
Dip. Elettronica, Informatica e Sistemistica – University of Bologna
Viale Risorgimento, 2 - 40136 Bologna - ITALY Phone: +39-051-2093001; Fax: +39-051-2093073
Email: {pbellavista, acorradi, cfederici, rmontanari, dtibaldi}@ deis.unibo.it
Abstract Mobile Agent (MA) technology raises significant security concerns and requires a thorough security framework with a wide range of strategies and mechanisms for the protection of both agent platform and mobile agents against possibly malicious reciprocal behavior. The security infrastructure should have the ability to flexibly and dynamically offer different solutions to achieve different qualities of security service depending on application requirements. The chapter presents the security threats that typically arise in MA applications and describes the proposed currently available countermeasures to protect both nodes and mobile agents. In addition, the chapter surveys the state-of-the-art research activities about integrated security supports in MA systems and identifies open research issues and on-going research work.
1 Security: a Missing Link for Mobile Agents Acceptance
The convergence of the Internet with wireless communications have raised new challenges in the
support of user and terminal mobility, in facing heterogeneity, and in adapting to the dynamic
changes in the network infrastructure [1]. The new scenario seems a suitable application area for
computing paradigms that exploit the notion of code mobility, defined as the capability to
dynamically change the binding between software components and their location of execution [2].
As mobile networks gain widespread acceptance and ubiquitous environments start to emerge, the
ability to change the locations where applications can execute becomes an increasingly important
requirement. For example, we can think to heterogeneous and resource-limited portable devices that
can benefit from the possibility to download on-demand device-specific software components and
discard them when no longer needed.
2
Along this line, the Mobile Agent (MA) paradigm with its properties of autonomy,
asynchronicity and local resource exploitation particularly suits the peculiarities of the new Internet
scenario. The typical proposed applications for MAs include information retrieval, network
management, electronic commerce and service provisioning support in telecommunication systems
[3], [4]. Recently, additional proposals are starting to explore the adoption of MAs for
implementing novel middleware solutions for mobile computing [1]. These solutions advocate the
adoption of MAs at service provision time to act as middleware proxies over the fixed network on
behalf of users/devices. These MA-based middleware proxies can autonomously carry on
operations, even in case of temporary device disconnection and can migrate dynamically, either to
follow device movements or to operate locally to the needed resources.
However, the widespread acceptance and adoption of the MA technology is currently delayed
by several complex security problems still to be completely solved. MAs have fostered even more
the traditional security issues to the limit. Compared to the client/server model, the MA paradigm
offers greater opportunities for performing various attacks because MA systems provide a
distributed computing infrastructure on which applications belonging to different (usually
untrusted) users can execute concurrently [5], [6]. Additionally, the execution sites hosting MAs
may be managed by different authorities with different and possibly conflicting objectives and may
communicate across untrusted communication infrastructures, such as the Internet.
The MA technology introduces another dimension of complexity. Unlike other kinds of mobile
code, such as applets that are pulled once and in one hop to remote systems, MAs may move
through a series of systems with different levels of trust and potentially untrusted (multiple-hop)
[7]. MA principals and owners of the execution environment are usually different: this raises new
threats specific to the MA technology. Since hosting nodes have complete control over MA
execution, in principle they can do anything to the agent, to both its code and its state.
These various and different issues have led MA security to receive increasing attention in recent
3
years from both a theoretical and a practical point of view. Without an appropriate security level for
agents, MA applications could only execute in trusted environments, and could not be deployed in
the Internet scenario. Various security techniques and initial frameworks have been developed
mainly in the area of site protection from potentially malicious agents [8]. The complementary issue
of protecting agents from malicious execution sites represents a new and challenging research area
that calls for new security models and frameworks, that have been up to now investigated only by
few researchers [8], [9], [10], [11].
2 Security Requirements
The term mobile agent contains two distinct concepts, mobility and agency, and refers to a self-
contained and identifiable software component that can move across the network (hence mobile)
and act on behalf of users (hence agent) [12]. According to this definition, in principle, we can
consider a MA as the equivalent of a “well-trained English butler” who knows user needs, likes and
habits, and moves in the open Internet landscape to securely carry out application-specific goals on
its user behalf [13]. Such well-trained butler would be equipped with security credentials, such as
stamped passports, that make it identifiable, permit interaction with other agents, and with hosting
environments and allow the signing of agreements and contracts [14].
However, this vision has various security implications that still need to be solved to transform
our desiderata into reality. To exemplify the security requirements and issues raised by the MA
technology, let us consider the case of a shopping mobile agent that has to find the most convenient
offer for a flight ticket. Suppose that Bob with his palmtop is willing to access a Flight-Ticket
Booking Service (FBS), while he is driving on the way back from work, to urgently search for and
book the cheapest Rome-to-London flight ticket. FBS provisioning relies on middleware proxies to
accommodate portable devices with strict resource constraints [1]. In particular, Bob accesses FBS
via a light-weight client running on her access device. Before starting a FBS provisioning session
4
the client requires Bob to authenticate. After a successful authentication, a middleware mobile
proxy, called in the following Alfred (the well-trained English butler), is instantiated to represent
Bob over the fixed network and to support Bob’s shopping operations.
A trusting relationship should be established between Bob and Alfred: Bob should be confident
that Alfred will only do what he asks without abusing/misusing its autonomy capabilities. It should
not be possible for an air travel agency to persuade Alfred to purchase a flight from London to
Dublin. Neither should Alfred be able to make the commitment to purchase the London-to-Dublin
flight. If a trusting relationship exists, Bob may also delegate Alfred to sign the flight purchase
contract on his behalf when one convenient offer is found.
Suppose now that Alfred generates a shopping mobile agent and delegates it the flight searching
and booking operations. The shopping agent could migrate among the various air-travel agencies
nodes to locally operate on needed resources, whereas Alfred could closely follow Bob movements.
Once completed its tasks, the shopping agent returns to Alfred the result of the computation. The
shopping agent should be granted the same rights and submitted to the same restrictions as Alfred.
In this scenario, several security issues arise and several attacks are possible, as Figure 1 shows.
Since MA execution is at the mercy of hosting nodes, how is it possible to ensure that these nodes
do not manipulate the results of the shopping agent computation and do not illegally access to MA
private information? If no countermeasures are taken, for instance, an intermediate air-travel agency
could intentionally alter cancel the flight ticket offers previously collected by the MA in order to
gain a bargain advantage. If the shopping agent carries Bob’s private key, the air travel agency
could also steal the key to forge a purchase transaction commitment.
The hosting execution environment should also need certain protection from the shopping agent.
A malicious shopping agent may try to gain privileged or unrestricted access to information
belonging to the current execution environment, or may try to misuse services offered by the
execution environment to attack the hosting node itself or to use the node as the basis for probing
5
and exploiting the vulnerabilities of other systems [6]. For example, unregulated access to the file
system may permit agents to install a virus or a Trojan horse, whereas unrestricted access to node
resources may allow the shopping agent to produce denial of service attacks, to jeopardize
operativity of hosting sites by exhausting memory, storage system, and CPU cycles.
Figure 1. Security threats in Mobile Agent systems.
Recent research efforts have mainly focused on the development of ad-hoc security techniques that
can only partially circumvent the aforementioned security threats. For example, no viable solution
exists that can convince Bob to give his signing key to Alfred (and hence to the shopping agent) and
to trust air-travel agencies to use it only properly.
We still also lack general comprehensive security framework that can provide solutions for
addressing in a uniform and coherent manner all the security issues arising in MA applications. That
framework should define how to express security requirements, how to administer them, how to
distribute them to relevant entities and how to enforce them. The desired behavior of both agent
platforms and agents should be defined at a high-level of abstraction, separately from agent/system
(1) User-Agent Trust(2) Inter-Agent security (3) Agent-Node security(4) Node-Agent Security(5) Network security
Execution Node
(3)
(5)
(4)
(2)
Execution Node
Bob
(1)Alfred
Agent generation
Agentmigration
Agent execution
NETWORK
(*) © D. LiguΘri(**) © FumettieStorie di Pezzin & Marinato
(*)
(*)
(**)
Execution Node
(*)
(*)
“Evil” Agent
“Angel “Shopping Agent
Agent execution
Agent execution
(1)
6
code to facilitate the dynamic adaptation of security controls to the evolution of both the execution
environment and the application requirements.
Differently from the traditional approach to MA security, security concerns should inform every
phase of MA system development, from requirement engineering to design, implementation, testing
and deployment [15]. The ultimate challenge is, therefore, unifying security with system
engineering. Just as MA system engineers analyze and select system features to answer to
functional requirements, security engineers must develop applicable security models and deploy
those security measures that can make available different qualities of security service depending on
specific security requirements of applications and on the most suitable trade-off between security
and efficiency.
3 Security Countermeasures
This section is intended to outline the key features and to point out the limitations of the most
common protection techniques adopted to protect both agent platforms and agents against reciprocal
malicious behavior.
3.1 User-agent Trust
Any “well-trained English butler” should be delegated with proper rights in order to carry out his
tasks. Delegation is a means by which users can trust agents to make decisions on their behalf.
Several trust-management systems based on the notion of delegation have been proposed in
recent years in decentralized systems to allow one entity to give some of its authority to other
entities, e.g., the Simple Public Key Infrastructure (SPKI) [16], Attribute Certificates [17].These
systems have been recognized fruitfulness even for supporting delegation in mobile agent systems
and are starting to be integrated in several MA system projects [18], [19].
SPKI exploits public-key based certificates for supporting both authentication and authorization
[16]. SPKI certificates securely bind a user and his public key with a set of rights and specify
7
whether the user is authorized to delegate his rights. SPKI supports a very simple notion of
delegation that makes it suitable only for small networks. The main weakness is that it does not
allow to specify any other constraints on delegation. For instance, it is not possible to impose
limitations on the entities to whom the user can delegate his rights or specify which rights the user
can delegate.
Another emerging technique for delegation is based on the exploitation of Attribute Certificates
(ACs) that securely bind users with their rights, but do not contain the user public key [17]. ACs
permit to support a flexible delegation model because it is possible to specify not only whether the
AC owner is authorized to delegate some of his privileges but also the conditions that must hold for
the delegation to take place. For example, the AC issuer can impose some restrictions on the entities
to whom the AC owner can delegate his privileges, on the delegation chain length and also on the
subset of privileges that the AC owner can delegate.
3.2 Protecting Agent Platforms
The problem of protecting agent platforms from malicious agent behavior requires to perform
various security checks both when an agent arrives and while it is executing. Before executing an
agent, the hosting node should guard against malicious agent logic which is defined as a set of
instructions that cause a site security policy to be violated. If the agent code is proven to be secure,
the host should authenticate the incoming agent and should mediate agent operations on needed
resources by means of access control checks.
3.2.1 Secure Agent Code
Research on provably secure code has been undertaken for several years targeted at allowing to
verify that a piece of code is secure before it begins execution. Some research activities in the field
of safe programming languages can enhance the development of code safety by proposing solutions
based on strong typing, restricted memory-reference manipulations, and runtime-supported memory
8
allocation and deallocation [8]. Another formal technique that can be used to develop provably
secure code is the Proof Carrying Code that forces agent code producer to formally prove that the
mobile code has the safety properties required by the hosting agent platform. The proof of the code
correct behavior is transmitted to the hosting node that can validate the received code [20]. The
major problems with Proof Carrying Code techniques are the need of a standard formalism for
establishing safety policies and the significant performance overhead sometimes unacceptable to
both transmit and verify proofs.
A more pragmatic approach, adopted in most MA systems, is to trust a specific piece of agent
code because one trusts the developer/supplier of the agent code. This technique requires ways to
verify through cryptographic means that a particular piece of agent code originates from the trusted
party.
Another approach based on path history logs can be exploited to allow hosting platforms to
decide whether to execute an incoming agent [21]. The underlying idea is to maintain an
authenticable record of the prior platforms visited by an agent, so that a newly visited platform can
determine whether to process the agent and what resource constraints to apply. Computing a path
history requires each agent platform to add a signed entry to the agent path, indicating its identity
and the identity of the next platform to be visited, and to supply the complete path history to the
next platform.
Another technique for detecting malicious agent logic uses a state appraisal function that
becomes part of the agent code and guarantees that the agent state has not been tampered with by
malicious entities [22]. The success of this technique relies on the possibility to predict alterations
to the agent state, and to prepare countermeasures, in the form of appraisal functions. The state
appraisal function is produced by the agent author and it is signed together with the rest of the
agent. The visited platform uses this function to verify that the agent is in a correct state and to
determine what privileges to grant to the agent.
9
3.2.2 Agent Authentication
Authentication mechanisms are required for associating agents with responsible principals, where
principals represent the subjects that request operations, e.g., an individual, a corporation, a service
provider, and a network administrator. For authenticating incoming agents, agent principals can be
associated with personal public/private keys and can be forced to digitally sign agents to ensure the
correct identification of their responsible party. The public-key based authentication process safely
verifies the correspondence between principal identities and keys. Most authentication solutions
based on public-key cryptography delegate key lifecycle management to Public Key Infrastructures
(PKIs) [23]. Authentication can also ascertain the paternity of agents by associating them with their
responsible role. A role-based model facilitates the administration and management of a large
number of principals, by simplifying the dynamic handling of principals and permissions.
3.2.3 Agent Authorization
Research in the authorization field has focused on two main areas. Some researches attempt to
realize access control mechanisms, while others are concerned about finding languages for
expressing access control requirements.
Access control mechanisms can enforce the control of agent behavior at run-time and can limit
access to resources. The early sandboxing technique is a typical example [24]. However, the rigidity
of the sandbox model makes it inadequate for complex agent-based applications. The JDK 1.2
security architecture evolves from the sandbox by introducing fine-grained, extensible access
control structures for a wide range of applications and clearly separates the enforcement mechanism
from the security policy specification [25]. However, the JDK 1.2 provides support for traditional
access control lists only, so more sophisticated access control requires further extensions to this
architecture. Another proposal for controlling the execution of mobile agents written in the Tcl
scripting language is the Safe-Tcl security framework which uses at least two interpreters – one
10
regular for trusted code and a safe interpreter for untrusted code [8]. When untrusted code executing
in the safe interpreter executes a command requiring access to a system resource, the trusted
interpreter evaluates whether access should be granted or denied.
Several MA systems adopt simple access control lists (ACLs) to implement access control in
MA applications. However, ACLs exhibit limitations in enforcing all the complex access controls
necessary in MA applications. The complexity of access control decisions in MA based applications
derives from both static and dynamic considerations. On the one hand, it is mandatory to consider
static attributes, such as the identity of the source code implementer, the host from where the code
was loaded, and the identity/role of the principal on behalf of whom the mobile agent is executing.
On the other hand, it is necessary to take into account also dynamic attributes relating to the current
context in which the mobile agent operates. An agent may be granted different permissions
depending on the current time, the current application state, or the state of the resources that the
code is accessing. In most current solutions based on ACLs, complex access control constraints are
often directly hard-coded into the applications, thus imposing reconfiguration, rebuilding, or even
rewriting of significant parts of the application at any policy change.
Several research approaches are emerging that propose language-based solutions to separate
policy from access control implementation [26], [27], [28], [29]. From the research field in mobile
code technologies, entirely procedural languages have been developed to restrict mobile agents
operations depending on their historical behavior in addition to common discriminators like the MA
source location or the identity/role of its user [26]. Other languages combine procedural and
declarative rules. They describe both the minimal set of capabilities the hosting node must grant to
enable an incoming mobile agent to perform its task, as well as the trust conditions to be evaluated
to determine its trustworthiness [27]. In addition, more expressive logic-based declarative languages
not specifically proposed for MA systems could be considered. They can be extended to cater for
mobility and employed in MA systems to provide access control decisions that can take into
11
account temporal and application-dependent dynamic aspects [28], [29], [30].
3.3 Protecting Agents
The main issues to be comprehensively addressed to protect agents against malicious hosts are
agent execution, integrity and secrecy. Protecting agent execution requires to ensure that agents are
not hijacked to untrusted destinations that may present agents with a false environment, thus
causing them to execute incorrectly, do not commit to unwilling actions and do not suffer of
premature termination or starvation due to unfair administrator’s policies that fail to provide
necessary system resources (such as access to files, communication channels or cpu time).
Protecting agent integrity requires the identification of agent tampering, either of its code or of its
state, by malicious execution hosts. Providing agent secrecy requires hiding the agent code and state
parts from the site responsible for its execution.
There is no universal and general solution to the problem of agent protection. Little can be done
to ensure correct agent execution. A security practice could be to develop agents with the necessary
support services for its execution embedded into its code. For example, agents may have the crypto
code to perform sensitive operations or to resolve names. This would make agents independent
from the services offered by hosts, but it would simply reduce the possibility of hosts to attack
agents and would also significantly increases the transmission costs because of the bigger agent
bytecode size.
Only few partial approaches have been proposed to either prevent or detect attacks against agent
integrity and secrecy. Prevention techniques are aimed at turning attacks into computationally
unfeasible or useless tasks, while detection techniques are aimed at allowing agent responsible users
to verify whether some attacks have been carried out against their agents once they return back.
With regard to the prevention of attacks to agent integrity and secrecy, some proposals try to
overcome the problem by not permitting mobile agents to move to untrusted hosts. Others face the
12
problem by taking organizational measures [31]. Only trusted parties are permitted to set up an
agent platform and to host agent execution, but this is currently a too restrictive requirement.
Some mainly rely on special tamper-proof hardware that avoids unauthorized modification of
agent code/state by executing the agent in a physically sealed environment. Even the administrators
of the agent execution system do not have access to this execution environment [32]. However, the
cost of tamper proof hardwares makes this approach impractical for a large number of users.
Tamper proof hardwares can only be deployed in closed corporate system or secure military
networks [11]. In addition, this approach clashes with openness and limits the scalability of
applications as it forces agents to migrate only to nodes that are equipped with tamper-proof
hardware.
Others try to address the problem by adopting algorithms that obfuscate agent code and data to
make it difficult for hostile environments to analyze code and data structures at least for the time the
agent executes in a host. State variable splitting and recomposition, hardly predictable program flow
by using run time data values dependencies are only examples of obfuscation operations [33]. This
approach has, however, two main limitations: the difficulty to identify in advance an agent lifetime
that minimizes the possibility to successfully inspect agent data and code and the need for a global
time clock to check expiration time.
The prevention of attacks to agent secrecy seems extremely difficult to guarantee. A few
researchers address the issue by using the concept of computing with encrypted functions [34]. The
key idea behind that approach is to have the agent platform execute agent code embodying an
encrypted function without being able to discern the original unencrypted function. However, this
technique is not of general validity because it applies only to certain classes of polynomials and
rational functions. In addition, it still remains to be seen whether agent platform administrators will
be willing to run agents executing arbitrary encrypted functions that cannot be interpreted.
Other approaches control the possibility of an agent to reveal private information [35]. Using the
13
environmental key generation method, agent private information can be encrypted and only
disclosed when some predefined environmental condition have been met.
Detection techniques can be exploited to discern if any tampering with agent code or state has
occurred. Among the proposals that adopt a detection strategy some present cryptographic
approaches to encapsulate the results of agent computation at each visited platform for subsequent
verification with the aim of preserving the forward integrity of results collected by the agents during
its roaming. Some of these solutions employ centralized solutions that rely on Trusted Third Parties
(TTP) to encapsulate partial results. The TTP can be used to track the agent execution at each
intermediate step by recording partial results [36]. The central role of a TTP may cause some
inefficiencies that can be overcome by more distributed protocols [37], [38], [39]. Another method,
called execution tracing, for detecting unauthorised modifications of agent code/state relies on non-
modifiable traces of agent computation created at each intermediate execution host [40]. Each
single trace is a sequence formed by an identifier of executed instructions along with values of
internal state variables involved. A signed hash of the trace is sent from node to node upon
conclusion along with final agent execution state until the agent returns back to its sender node. If
the agent owner suspects that some host behaves maliciously, it starts a check procedure by asking
to each involved host its copy of the trace, by locally executing the returned agent and by
comparing the computation results with the received traces. The major drawbacks of the approach
are not only the management of the trace logs, but also their size and the intensive message
exchanges between the sender nodes and all visited nodes at any integrity check.
Finally, some solutions partially achieve integrity by replicating agents and by exploiting
replication to compare the results obtained by following different paths [37], [41]. These
approaches ensure that destroying or tampering with one or more agent do not compromise the
correctness of agent computation because even in case of attacks a still adequate number of agent is
expected to return with meaningful results.
14
4 Overview of Security Solutions in MA–based systems
This section is devoted to examine the different directions of security solutions provided by the
most diffused MA systems. Despite differences and peculiarities in supported security models, it is
possible to recognize some common features. Because a large number of MA systems are based on
Java, most MA security solutions rely on the Java security model and have been developed on top
of the Java security architecture. In particular, earlier MA systems rely on the use of the sandbox
model and of the Java Security Manager to limit the scope of the agent while executing [24],
whereas more recent MA systems propose flexible solutions based on the more evolved Java2
security [25].
Most MA systems mainly focus on security solutions for the protection of agent platforms,
whereas the issue of protecting agents from possibly malicious hosting execution sites is often
neglected and rarely addressed.
With regard to agent platform protection, most common approaches rely on cryptographic
mechanisms that permit to verify the identity of the agent owner, to assign access restrictions to the
agent based on the owner identity/role and to execute agents in a secure environment that can
enforce these restrictions.
In the Concordia system the agent platform protection is achieved through agent authentication
and resource access control [42]. Any Concordia agent has a unique identity associated with the
identity of the user that has launched it. Resource control is based on the Java 1.1 security model
and relies on simple access control lists that allow or deny access to resources on the basis only of
agent identities.
Voyager implements a proprietary security manager to restrict agent operations with the
drawback of modifying the security manager implementation if any security policy changes [43]. In
Grasshopper, customizable access control lists rule agent access to resources on the basis of the
identity of the agent and of the group that it belongs to [44].
15
The Aglets system provides an aglet Security Manager to implement own security policies [31].
The behavior of the Security Manager cannot be changed directly, but via a GUI tool or directly
editing policy files. In the Aglet security model, agents can access resources depending on their
associated principles, i.e. entities that can be authenticated. Examples of defined principles include
the agent, the agent developer and the agent owner.
D'Agents authenticates the owner of an agent, assigns resource limits to the agent based on this
identity and enforces those limits [45]. Resources are divided into indirect resources that are
accessed through another agent and built-in resources that are directly accessible through language
primitives. The agent that controls an indirect resource enforces its own access restrictions. For
builtin resources there are some absolute access policies that are enforced by the server.
Ajanta protects hosting resources through an ad-hoc Security Manager that uses identity-based
access control lists to grant or deny agent access [46]. The Ajanta Security Manager is used only for
mediating access to system-level resources. For all application-defined resources, Ajanta uses a
proxy-based mechanism where a proxy intercepts agent requests and denies or grants access based
on its own security policy and on the agent’s credentials, i.e. tamperproof information including the
agent owner.
The MARISM-A platform provides security mechanisms to protect migration, confidentiality and
integrity of agents [47]. MARISM-A is based on Java and is very similar to other existing agent
platforms, like Grasshopper, but its main different feature is its simple extensibility. In fact, its core
provided features, like confidentiality and authentication for agent communication, can be extended
with some more complex security mechanisms. For example, an extension of MARISM-A core
security model exploits SPKI (Simple PKI) features to realize a role based access control model.
The SOMA support to agent platform protection is built on top of the Java 1.2 security model that
allows both identity-based and role-based access control [48]. The use of the Ponder language
permits the specification of flexible and fine-grained authorization policies, separately from agent
16
code and system access control mechanisms, that can control agent access to resources on the basis
of composite factors, both static (identity/role of agent owner/creator), and dynamic (time,
application state, resource state). In addition, the integration of Ponder within SOMA allows not
only to define agent rights, but also agent duties.
Similar security approaches to the SOMA system are proposed in the NOMADS environment
[49]. NOMADS is an example of MA system that provides dynamic access and resource control
and a policy-based approach to host security. Safe execution of agents is based on the ability of
NOMADS to control the resources accessed and consumed by agents. The resource control
mechanism allows control over the rate and quantity of resources used by agents. These resource
control mechanisms, built on a custom Java Virtual Machine called Aroma [50], complement
Java's access control mechanisms and help in making the NOMADS system secure against
malicious agents.
With regard to agent protection against malicious hosting nodes, Concordia, Voyager and
Grasshopper do not currently support integrated solutions. Aglets addresses the issue by relying on
an organizational approach that prevents agents to move toward untrusted execution environments.
In contrast, the Ajanta system provides a wide range of integrated techniques to at least detect any
illegal tampering to agent code and state. Similar approaches are provided in the SOMA platform
[39].
5 Open Issues and Directions of work in secure MA-systems
This section examines some of the most relevant open issues that still need to be faced before the
MA technology is ready for commercial applications and overviews the primary current directions
of work in MA systems.
With regard to host protection, an open research issue relates to the development of effective
countermeasures against denial of service. An hostile host may create clones of authorized agents
17
and use them to attack other nodes. The detection of cloning is still a very hard problem in MA
environments. Only a very few proposals tackle this issue, but solutions are expensive in terms of
computational overhead and limit the autonomy and efficiency of the agent execution by relying on
interactive protocols [51]. To reduce the risks of denial of service attacks resulting from a poorly
programmed or malicious agent overuse of critical resources, authorization should be associated
with monitoring techniques to exclude excessive resource consumption and with auditing
mechanisms to record all MA activities. Few solutions are starting to investigate tools and
mechanisms for combined resource and access control management [49], [52]. However, there are
several technological limitations to overcome. Most approaches rely on standard Java security
mechanisms that can only either grant or deny access to a particular service [53]. Changes to the
Java Virtual Machine are necessary to minimize the impact of denial of service attacks and to
provide meaningful accounting, at the expense of portability, however.
In addition, the concept of secure cascaded delegation should be regarded as an ongoing research
issue in need of further investigation. Cascaded delegation occurs when one agent (initiator) may
authorize other agents (delegates) to perform some tasks with its rights. Secure delegation implies
the ability to reconstruct the complete delegation chain and to verify the proper authorization of
agents that claim to act on behalf of someone else. However, several practical issues may arise
when considering open MA environments. Due to the unsolved agent protection attacks from
malicious nodes, the delegation process can occur only in trusted nodes. In addition, in several
application scenarios for both legal reasons and accountability, auditing mechanisms should be
available to keep track of the initiator of delegation and of the delegated permissions in a non-
repudiable manner.
Trust issues remain also a major reason for hampering a final acceptance of MAs [54]. For
mobile agents to undertake more sophisticated missions and to operate effectively without the
responsible user supervision, users will have to trust their agents to maintain conformance to the
18
desired objectives. The user trust into agents cannot be simply reduced to delegating agents specific
rights to MAs (see Section 3.1); users need to rely on mechanisms to constantly monitor and rule
agent behavior within the bounds of desired constraints.
Another crucial security requirement when deploying MAs in pervasive computing
environments is the dynamic establishment of trust relationships between MAs and visited nodes.
The dynamic determination of execution nodes requires dynamic establishment and enforcement of
access control and the integration of access control with probing of resource availability so as to
influence agent migration itineraries [55].
Among the various described open issues the ones that are starting to most attract research
interest are in the area of agent trustworthiness and dynamic security policy negotiation. If users and
administrators can be assured that agent behavior conforms to desired constraints and objectives,
everyone can stop worrying and start loving agents [14]. In addition, the need for dynamic policy
negotiation is increasingly emerging in those application scenarios where a primary requirement is
the dynamic formation of temporary coalitions. The following sections overview some of the
emerging proposals in these two areas.
5.1 Agents and Trust
Key to implementing a trustworthy MA system is to devise an infrastructure mechanism that allows
to control agent autonomy and to dynamically adjust governing strategies to deal with changing
priorities and contexts [14]. However, this is not an easy task.
A heading research direction growing considerably in these last years is the integration of MA
platforms with policy-based management solutions [56]. Policies that constrain the behavior of
system components are becoming an increasingly popular approach to dynamic application
adjustability in both academia and industry. [57] points out all the benefits of policy-based
approaches, including reusability, efficiency, extensibility, context-sensitivity, verifiability, support
19
for both simple and sophisticated components, protection from poorly-designed, buggy, or
malicious components, and reasoning about component behavior.
In particular, policy-based network management has been the subject of extensive research over
the last decade [56]. Policies are often applied to automate network administration tasks, such as
configuration, security, recovery, and QoS.
In the field of MA systems, policies can be a powerful means to model agent behavior in terms
of rights and duties. Explicit policies governing human-agent interaction, based on careful
observation of work practice and with an understanding of current social science research, can help
in assuring that effective and natural coordination, appropriate levels and modalities of feedback,
and adequate predictability and responsiveness to human control are maintained [57].
The development of policy-driven MA systems requires the consideration of some general
requirements. A basic requirement is the choice of an expressive language for policy specification.
In modern inter-organizational MA environments, languages should include the ability to group
policies that apply to agents to simplify the management of large-scale complex agent systems. As a
final consideration, the implementation of policy specifications should not introduce prohibitive
performance costs that would limit the deployment of the MA technology.
There is already some research work integrating policy-based management with MA systems
[58], [59]. This works focuses on the use of policies for controlling agent-related security aspects.
Policies specify complex and flexible access controls for agent-to-resource and agent-to-agent
interactions and express which actions agents must perform in response to events. An important
advantage of a policy-based approach to MA system security is the possibility to specify, represent,
and manipulate policy information independently from the components in charge of policy
interpretation and cleanly separated from agent/system code. Modern inter-organizational
environments require sophisticated security policies that are difficult to implement in current MA
platforms where policies are often directly hard-coded into applications, thus making difficult the
20
reconfiguration required at any policy change. Separation of concerns enables policies to be
dynamically changed and allows to modify the behavior of MAs by simply loading or unloading
relevant policies without the need of re-implementing agent code from scratch.
5.2 Dynamic Configuration of Access Control
Dynamic migration implies that a MA may not know in advance which nodes are going to host its
execution throughout its lifetime. Since target nodes and MAs are typically owned by different
authorities, their interests can conflict with respect to resource access and utilization. Thus, there
should be a mechanism for a priori acquisition of resource availability and for the dynamic
establishment of access control between agents and nodes. The knowledge of the availability of
resources in a particular site may show several benefits. MAs can exploit the visibility of available
resources to adjust their behavior accordingly and to reduce the risk of undesired task failure during
execution. Resource availability visibility can also help MAs in deciding whether it is more
profitable to stay in a locality than to move and explore a new computing environment. When
entering a new locality, a MA should be provided with the mechanisms needed to express its
desired resource visibility and to dynamically negotiate access control policies to obtain access to
needed resources. Policy negotiation allows MAs to enlarge the set of accessible resources with no
risk of illegitimate resource usage for the hosting nodes.
Some research activities are starting to emerge to provide controlled resource visibility and to
support policy negotiation [60], [55]. The COSMOS framework allows to dynamically determine
the MA contexts, and to effectively rule the access to them, by taking into account different types of
metadata (user profiles and system/user-level authorization policies), expressed at a high level of
abstraction and cleanly separated from the service logic [60]. As a distinctive feature, COSMOS
provides MAs entering a new locality with a controlled visibility of the directly accessible
physical/logical resources and of the other MAs locally executing (active context views). Active
21
context views contain resources that both MAs are willing to access and the COSMOS access
control function have qualified as accessible.
COSMOS addresses also the privacy issues that arise when exploiting MAs for building
context-aware services [1]. In fact, context awareness requires computing devices to gather, collect
and propagate up to the service level both user- and environment-specific information to permit
more informed service management strategies. However, the visibility of user-specific information,
such as user location, could be exploited to infer user tasks or preferences, thus to violate user
privacy. COSMOS protects user privacy by enabling users to specify which personal context
information they are willing to make public. User specifications, carried in the MA state part, guide
and automate COSMOS access controls to user personal context information.
With regard to dynamic establishment of access control, a negotiation model integrated in the
FarGo system is described in [55]. The model makes resource providers and consumers reach an
agreement on the allowed access and on the amount of resource utilization. The goal of negotiation
is to identify a set of permissions acceptable to both resource providers and consumers; the result of
the negotiation is a contract. Because the negotiation is closely tied to the application level rather
than depending on the infrastructure level, it is the application to choose when to invoke the
negotiation and which negotiation strategy to apply.
6 Conclusions
Mobile code-based programming models have recently gained wide prominence for their appealing
features in terms of flexibility, extensibility and efficiency. In particular, MAs have attracted a great
research interest and are emerging in mobility-enabled scenarios as an enabling technology for the
design, implementation and deployment of both advanced Internet services and middleware
solutions. However, the MA technology poses severe security risks and calls for novel security
mechanisms and frameworks.
22
Great research efforts have been devoted to develop countermeasures for the security threats
arising in MA systems. Although a great number of mechanisms currently exist, further
improvements are still necessary trough either the incremental refinements of available protection
mechanisms to reduce processing and storage overhead or the combination of complementary
mechanisms to form a more effective protection scheme. In addition, no single solution to all the
problems of agent execution, integrity and secrecy seems to exist, unless tamper proof hardwares
are introduced, which is likely to be overhead-prone. Currently no manufacturer produces these
devices at low costs even though the recent Trusted Computing Platform Alliance TCPA-Palladium
(recently renamed TCG–NGSCB Next Generation Secure Computer Base) represents a significant
step toward this goal. Even if tamper proof hardware devices would gain wider diffusion, we would
still need to certify that the manufacturers do not introduce malicious back doors.
The development of thorough security frameworks is another research direction that requires
more investigation, experimentation and experience. The state-of-the-art of MA systems points out
that there is very little support for fully integrated security frameworks that can provide the required
degree of flexibility. Most current security frameworks lack a clear separation between policies and
security mechanisms and provide monolithic security solutions where applications cannot choose
their suitable trade-off between security, scalability and performance. In addition, only very few
frameworks provide the required support to protect agents against malicious hosts.
We can conclude that albeit security is crucial for wider diffusion of the MA paradigm, it is still
in a somewhat immature state. Issues related to trust, delegation and security policy negotiation are
non trivial to solve and only pioneer solution attempts are starting to emerge. In addition, intense
standardization efforts should be directed to promote wider acceptance of security supports and to
facilitate their use, thus leveraging the adoption of the MA technology in fielded systems.
Acknowledgements Work supported by the Italian Ministero dell'Istruzione, dell'Università e della Ricerca (MIUR) in
23
the framework of the FIRB WEB-MINDS Project "Wide-scale Broadband Middleware for Network Distributed Services" and by the National Research Council (CNR) in the framework of the Strategic IS-MANET Project "Middleware Support for Mobile Ad-hoc Networks and their Application". We also thank Niranjan Suri for valuable comments and suggestions.
References:
[1] P. Bellavista, D. Bottazzi, A. Corradi, R. Montanari, S. Vecchi, “Mobile Agent Middlewares for Context-aware Applications”, Section III, Handbook of Mobile Computing, CRC Press, 2003.
[2] A. Fuggetta, G. P. Picco, G. Vigna, “Understanding Code Mobility”, IEEE Transactions on
Software Engineering, Vol. 24, No. 5, 1998. [3] M. Baldi, G. P. Picco, “Evaluating the Tradeoffs of Mobile Code Design Paradigms in
Network Management Applications”, 20th International Conference on Software Engineering (ICSE'98), IEEE Press, Los Alamitos CA, 1998.
[4] R. H. Glitho, T. Magedanz (eds.), Special Issue on “Applicability of Mobile Agents to
Telecommunications”, IEEE Network, Vol. 16, No. 3, 2002. [5] M. S. Greenberg, J. C. Byington, T. Holding, D. G. Harper, “Mobile Agents and Security”,
IEEE Communications Magazine, Vol. 36, No. 7, 1998. [6] W. Jansen, “Countermeasures for Mobile Agent Security”, Computer Communications,
Elsevier Press, Vol. 23, No. 17, 2000 [7] G. Knoll, N. Suri, J.M. Bardshaw, “Path-based Security for Mobile Agents”, Electronic Notes
in Theoretical Computer Science, Vol. 58, No. 2, 2002. [8] G. Vigna, “Mobile Agents and Security”, LNCS 1419, Springer-Verlag, 1998. [9] R. Oppliger, “Security issues related to mobile code and agent-based systems”, Computer
Communications, Elsevier Press, Vol. 22, No. 12, 1999. [10] N. Borselius, “Mobile agent security”, Electronics and Communication Engineering Journal,
IEE Press, Vol. 14, No. 5, 2002. [11] J. Zachary, “Protecting Mobile Code in the Wild”, IEEE Internet Computing, Vol. 7, No. 2,
2003. [12] V. A. Pham, A. Karmouch, “Mobile software agents: an overview”, IEEE Communications
Magazine, Vol. 36, No. 7, 1998. [13] N. Negroponte, “Agents: From Direct Manipulation to Delegation”, Software Agents, AAAI
Press, 1997. [14] J. Bradshaw, G. Cabri, R. Montanari, “Taking Back Cyberspace”, IEEE Computer, Vol. 36,
No. 7, 2003.
24
[15] P. T. Devanbu, S. Stubblebine, “Software engineering for security: a roadmap”, International
Conference on Software Engineering (ICSE’00), ACM Press, Limerick, Ireland, 2000. [16] J. Howell, D. Kotz, “A Formal Semantics for SPKI”, 6th European Symposium on Research in
Computer Security (ESORICS 2000), LNCS 1895, Springer-Verlag, France, 2000 [17] J. Linn, M. Nystrom, “Attribute Certification: An Enabling Technology for Delegation and
Role-Based Controls in Distributed Environments”, 4th ACM Workshop on Role-Based Access Control (RBAC’99), ACM Press, Fairfax, USA, 1999.
[18] W. A. Jansen, “A Privilege Management Scheme for Mobile Agent Systems”, 5th
International Conference on Autonomous Agents, ACM Press, Canada, May 2001. [19] S. Mudumbai, A. Essiari, W. Johnston, “Anchor Toolkit - A Secure Mobile Agent System”,
3rd International Symposium on Mobile Agents (ASA/MA'99), Palm Springs (CA, USA), October 1999.
[20] G. Necula, “Proof Carrying Code”, 24th ACM Symposium on Principle of Programming
Languages, ACM Press, Paris, France, 1997. [21] D. Chess, B. Grosof, C. Harrison, D. Levine, C. Parris, G. Tsudik, “Itinerant Agents for
Mobile Computing”, IEEE Personal Communications, Vol. 2, No. 5, 1995. [22] W. Farmer, J. Guttman, V. Swarup, “Security for Mobile Agents: Authentication and State
Appraisal”, 4th European Symposium on Research in Computer Security, Rome, Italy, 1996. [23] W. Ford, M. Baum, “Secure Electronic Commerce”, Prentice-Hall, 1997. [24] L. Gong, “Java Security: Present and Near Future”, IEEE Micro, Vol. 17, No. 3, 1997. [25] L. Gong, “Inside Java 2 Platform Security”, Addison Wesley, 1999. [26] G. Edjlali, A. Acharya, V. Chaudhary, “History-based access control for mobile code”, 5th
ACM Conference on Computer and Communications Security, ACM Press, San Francisco, California, USA, 1998.
[27] M. Blaze, J. Feigenbaum, J. Ioannidis, A. D. Keromytis, “The Role of Trust Management in
Distributed Systems Security”, Secure Internet Programming: Issues in Distributes and Mobile Object Systems, Springer-Verlag, 1999.
[28] S. Jajodia, P. Samarati, V. S. Subrahmanian, “A logical language for expressing
authorizations”, IEEE Symposium on Security and Privacy, IEEE Press, 1997. [29] V. Varadharajan, C. Crall, J. Pato, “Authorization in Enterprise-wide Distributed System. A
practical Design and Application”, 14th Annual Computer Security Applications Conference, IEEE Press, 1998.
[30] E. Lupu, M. Sloman, N. Dulay, N. Damianou, “Ponder : realising enterprise viewpoint
25
concepts”, 4th International Enterprise Distributed Object Computing Conference, IEEE Press, Makuhari, Japan, 2000.
[31] D. Lange, M. Oshima, “Programming and Deploying Java Mobile Agents with Aglets”,
Addison Wesley, 1998. [32] U.G. Wilhelm, S. Staamann, L. Butty, “Introducing Trusted Third Parties to the Mobile Agent
Paradigm. In J. Vitek, C. Jensen (Eds.), Secure Internet Programming: Security Issues for Mobile and Distributed Objects, Springer-Verlag, 1999.
[33] F. Hohl, “Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts”,
Mobile Agents and Security, LNCS 1419, Springer-Verlag, 1998. [34] T. Sander C. Tschudin, “Protecting Mobile Agents against malicious hosts”, Mobile Agents
and Security, LNCS 1419, Springer-Verlag, 1998. [35] J. Riordan, B. Schneier, “Environmental key generation towards clueless agents”, Mobile
Agents and Security, LNCS 1419, Springer-Verlag, 1998. [36] A. Corradi, M. Creminini, C. Stefanelli, “Security Models and Abstractions in a Mobile Agent
Environment”, IEEE Workshop on Collaboration in Presence of Mobility, Stanford, CA, USA, 1998.
[37] B. Yee, “A Sanctuary for Mobile Agents”, DARPA Workshop on Foundations for Secure
Mobile Code, Monterey, CA, USA, 1997. [38] G. Karjoth, N. Asokan, C. Gülcü, “Protecting the Computation Results of Free-Roaming
Agents”, 2nd International Workshop on Mobile Agents, Stuttgart, Germany, 1998. [39] A. Corradi, M. Cremonini, R. Montanari, C. Stefanelli: “Mobile Agents Integrity for
Electronic Commerce Applications”, Information Systems, Elsevier Press, Vol. 24, N.6, 1999. [40] G. Vigna, “Cryptographic Traces for Mobile Agents”, Mobile Agents and Security, LNCS
1419, Springer-Verlag, 1998. [41] B.Shneider, “Towards fault tolerant and secure agentry”, 11th International Workshop on
distributed algorithms, LNCS 1320, Springer-Verlag, Berlin, Germany, 1997. [42] D. Wong, N. Paciorek, T. Walsh, J. DiCelie, M. Young, B. Peet, “Concordia: An
Infrastructure for Collaborating Mobile Agents”, First International Workshop on Mobile Agents, LNCS 1219, Springer-Verlag, Berlin, Germany, 1997.
[43] ObjectSpace – Voyager, http:///www.objectspace.com/ voyager/. [44] IKV++ - GrassHopper, http://www.ikv.de/products/ grasshopper/. [45] R. Gray, G. Cybenko, D. Kotz, D. Rus, “D'Agents: Security in a multiple-language, mobile-
agent system”, Mobile Agent Security, LNCS 1419, Springer-Verlag, 1998.
26
[46] A. Tripathi, “Mobile Agent Programming in Ajanta”, 19th IEEE International Conference on Distributed Computing Systems Workshop (ICDCS’99), IEEE Computer Society Press, Austin, Texas, 1999.
[47] S. Robles, J. Mir, J. Ametller, J. Borrell, “Implementation of Secure Architectures for Mobile
Agents in MARISM-A”, 4th International Workshop On Mobile Agents For Telecommunication Applications (MATA’02), LNCS 2521, Springer-Verlag, Barcelona, Spain, 2002.
[48] R. Montanari, C. Stefanelli, N. Dulay, “Flexible Security Policies for Mobile Agents
Systems”, Microprocessors and Microsystems, Elsevier Science Press, Vol.25, N.2, 2001. [49] N. Suri, J. M. Bradshaw, M. R. Breedy, P. T. Groth, G. A. Hill, R. Jeffers, T. S. Mitrovich, B.
R. Pouliot, D. S. Smith, “NOMADS: Toward a Strong and Safe Mobile Agent System”, 4th International Conference on Autonomous Agents, ACM Press, Barcelona, Spain, 2000.
[50] N. Suri, J. M. Bradshaw, M. R. Breedy, K. M. Ford, P. T. Groth, G. A. Hill, R. Saavedra,
“State Capture and Resource Control for Java: The Design and Implementation of the Aroma Virtual Machine”, http://nomads.coginst.uwf.edu/.
[51] J. Baek, D. Lee, R. S. Ramakrishna, “A design of protocol for detecting an agent clone in
mobile agent systems and its correctness proof”, 8th Annual ACM Symposium on Principles of Distributed Computing, ACM Press, Atlanta, Georgia, USA, 1999.
[52] P. Bellavista, A. Corradi, C. Stefanelli, “Java for On-line Distributed Monitoring of
Heterogeneous Systems and Services”, The Computer Journal, Oxford University Press, Vol. 45, No. 6, 2002.
[53] J.M. Bradshaw, M. Greaves, H. Holmback, T. Karygiannis, W. Jansen, B. G. Silverman, N.
Suri, A. Wong, “Agents for the masses”, IEEE Intelligent Systems, Vol. 14, No. 2, 1999. [54] A. Patrick, “Building Trustworthy Software Agents”, IEEE Internet Computing, Vol. 6, No. 6,
2002. [55] Y. Gidron, I. Ben-Shaul, O. Holder, Y. Aridor, “Dynamic configuration of access control for
mobile components in FarGo”, Concurrency and Computation: Practice and Experience, Vol. 13, No. 1, 2001.
[56] S. Wright, R. Chadha, G. Lapiotis, “Special Issue on Policy Based Networking”, IEEE
Network, Vol. 16, No. 2, 2002. [57] J. M. Bradshaw, P. Beautement, L. Bunch, S. V. Drakunov et al, “Making agents Acceptable
to People”, Handbook of Intelligent Information Technology (in press), IOS Press, Amsterdam, the Netherlands, 2003.
[58] A. Corradi, N. Dulay, R. Montanari, C. Stefanelli, “Policy-driven Management of Mobile
Agent Systems”, International Workshop on Policies for Distributed Systems and networks - Policy 2001, LNCS 1995, Springer-Verlag, Bristol, UK, 2001.
27
[59] J. M. Bradshaw, N. Suri, A. J. Canas, R. Davis, K. Ford, R. Hoffman, R. Jeffers, T. Reichherzer, “Terraforming cyberspace”, Computer, IEEE Press, Vol. 34, No. 7, 2001.
[60] P. Bellavista, R. Montanari, D. Tibaldi, “COSMOS: a Context-centric Access Control
Middleware for Mobile Environments”, to appear in 5th International Worshop on Mobile Agents for Telecommunication Applications (MATA’03), Springer Verlag, LNCS, Marrakesch, Ottobre ’03.