Security Issues in AgentBased Systems

1
Security Issues in Agent-Based Systems

• by Gabriel Becerra
• Department of Computer Sciences Knowledge
  Science - AI Groups University of Calgary

2
Agenda

• Introduction
• Basic Definitions
• Attacking Entities
• Defense Utilities
• Problem Description
• Malicious MAS Agents
• Current Set of Countermeasures
• Proposed Work
• A Sanctioning Committee High-level Trust
• Standard Computation of Trust
• Concluding Remarks

3
Introduction
4
Intro. Agents MAS (1/2)

• Agents are composed by
• Set of situations (Sit)
• Set of actions (Act)
• Set of internal data (Data)

FAG Sit x Data ? Act
5
Intro. Agents MAS (2/2)

• A multi-agent system is the set of agents (Ag)
  and the environment they share

Collaborate
Coordinate
Cooperate
6
Intro. Attacking Entities (1/2)

• Malware Malicious Software

Infects other programs by injecting a copy of
itself
Travels from machine to machine acrossthe
network. May carry a virus.
A useful programthat contains hiddencode
7
Intro. Attacking Entities (2/2)
and Humans,of course!
8
Intro. Defense Utilities
9
Problem Description
future breakthrough in mobile agent protection
will alsobe a breakthrough for undetectable
viruses Wang, Y (2000) Using Mobile Agent
Results to Create Hard-to-Detect Computer Viruses
10
Overview (C-Map)
11
Accidents May Happen!
12
Malicious MAS Ag. Countermeasures (1/2)
AttackingTechniques
MAS
uses
is a
is a
is a
IntegrityAttacks
ConfidentialityAttacks
AvailabilityRefusal
is a
is a
is a
is a
Interference
is a
ReverseEng.
Delay of Service
is a
is a
Modification
Eavesdrop
TransmissionRefusal
DoS
13
Malicious MAS Ag. Countermeasures (2/2)
Countermeasures
Ag
uses
is a
is a
Trust-basedComputing
CodeObfuscation
is a
is a
Crypto.Techniques
Itinerary
is a
is a
EncryptedFunctions
Sliding Encryption
14
Malicious Ag. MAS Countermeasures (1/2)
AttackingTechniques
Ag
uses
is a
is a
Social Engineering
CoordinationAttacks
is a
DDoS
Artificial Intelligence at its best!Well, if
used properly
15
Malicious Ag. MAS Countermeasures (2/2)
MASCountermeasures
MAS
uses
is a
is a
Path History
Authentication
is a
is a
is a
State Appraisal
Safe Code Interpretation
SignedCode
16
My Proposal Sanctioning Committee
17
Concepts to Consider

• Social Commitments

• Law
• Norms

18
Motivation An example
Yellow Pages
Bob
40
Math Agent?
5 4?
Bob e Ag
18
Alice e Ag
19
Motivation Related Work

• Actual research focuses on
• Detecting breakage of social commitments
• Getting agents to deviate from the law and/or
  their social commitments (Game theory)
• There is no research on MAS and Sanctioning
  anti-social behaviour
• Research focuses on trust and reputation
• How can we control or avoid anti-social acts?
• How can we punish the perpetrators?

20
Ontology of Sanctions

• Have to differentiate between
• Legal issues
• Moral Issues
• Figure out a bridge between Law and MAS

21
Committee of Agents (CA)

• Create a mixed theory of social control
• Apply restitutory law and shaming
• Create agents representing
• Different points of views
• i.e. different theories approaches to social
  control and moral issues
• Implement the voting protocol
• A less subjective decision will be reached

22
(CA) Shaming Paradigm (1/3)
Bob does not perform properly shame on him!
Oops4518? I am so sorry!
By applying the shaming paradigmwe can enforce
agents (agents developers) improve the services
they offer.
23
(CA) Trust Reputation (2/3)
Bobs trust level has been lowered!
By lowering Bobs trust level it is expected
that other agents refrain from interacting with
Bob
Im Bad!Ha Ha Ha
See Becerra, Denzinger, Kremer (2005) Can You
Trust Your Trust Model?
24
(CA) Enough is Enough! (3/3)
But Iminnocent!
Bobs has beenisolated from society!
25
Concluding Remarks
26
Conclusions

• Malicious agents can steal or modify the data on
  the host. Lack of sufficient authentication and
  access control mechanisms lead to these attacks.

27
Conclusions

• A malicious host can attack the agent by
• Stealing or modifying its data
• Corrupting or modifying its code or state
• Deny requested services
• Return false system call values
• Reinitialize the agent or even terminate it
  completely

28
Conclusions

• Have to distinguish between
• Legal and moral issues
• This distinction will allow me to
• Apply a mixed theory of law, restitutory and
  shaming principles to specific cases
• Legal issue, e.g. fraud, is handled with trust
  and isolation penalties
• Moral issue, e.g. not replying on time to a
  request, is handled by applying shaming principles

29
Conclusions

• Creating a committee of agents will
• Provide objective ascriptions
• Standardize sanctioning approaches
• Provide a high-level of trust Institution or
  Authority-based trust
• Agents can build a trusted reputation of other
  agents Third party trust (transitivity
  principles)
• Enhance active countermeasures
• See Becerra, Kidney, Heard (2005) Enhancing
  Active Countermeasures

30
Questions or Comments?
31
Encrypted Functions
BACK

• For the host to execute the agent, it has to have
  full control over the code. As prevention, the
  function of the agent is encrypted. This
  encrypted function is implemented as a cleartext
  program. Even though the host is able to read the
  program it wont understand what the program does
  i.e. the programs function.

32
Sliding Encryption
BACK
Oh oh!
Host AHost B
_at_G_at_gt?_at_!_at_
If blah then blob
Host B
Host A
33
Authentication and Access Control Mechanisms
BACK

• This is the first line of defense against a
  malicious agent. If the Host can authenticate the
  agent and in turn the device that dispatched the
  agent, it can apply authorization and access
  control.

34
Safe Code Interpretation
BACK

• Agents code is executed by a virtual machine
  that sits on top of the native processor and OS.
  This virtual machine can enforce additional
  security.

35
Path Histories
BACK

• An agent could reach the host by making a number
  of hops. During this transit a malicious host
  could have changed the agent into a malicious
  agent. By storing the log of the travel of the
  agent, the current host can determine the route
  taken by the agent.

36
State Appraisal
BACK

• This calculates the permissions the user wants
  the agent to have during execution. The host
  platform uses these state functions to verify the
  correct state of the agent and hence determines
  the privileges to give to the agent depending on
  its state. This ensures that the agent has not
  turned malicious due to alterations of its states.