Security Issues in Agent Based Computing - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Security Issues in Agent Based Computing

Description:

Protecting agents form other malicious agents. Protecting hosts from malicious agents ... the agents briefcase which includes the agent's code out to disk ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 15
Provided by: patr86
Category:

less

Transcript and Presenter's Notes

Title: Security Issues in Agent Based Computing


1
Security Issues in Agent Based Computing
2
Main Security Areas
  • Protecting agents form other malicious agents
  • Protecting hosts from malicious agents
  • Protecting agents from malicious hosts
  • Protecting multiple machines from a malicious
    agent.
  • DOS attacks
  • Resource hungry agents

3
How Current Agent Based Systems have attempted
to address these issues
  • Tacoma
  • Uses a single entry point Firewall agent for each
    place that all visiting agents must pass through.
  • Many security policies and mechanisms could
    therefore be implemented within this firewall
    agent such as authentication, access control and
    accounting
  • At the time of the paper however the firewall
    agent only provided accounting where it would
    write the agents briefcase which includes the
    agents code out to disk

4
Agent Tcl
  • Authentication
  • Authentication in Tcl is done using PGP
  • Before an agent can move to a place it must first
    register with that server which is done by
    creating a registration request. This
    registration request is encrypted using the agent
    owners private key thus the agent can be denied
    access based on its owner. This means places
    must contain ACLs of all owners that are allowed
    to execute agents on that server
  • During Migration the agent is digitally signed
    with the current servers private key and
    encrypted with the receiving servers public key .
    The migration message also contains the agents
    owner and the degree of confidence that the
    current server has in the owners validity

5
Agent Tcl
  • Authorisation
  • Once the agent has been authenticated it can then
    attempt to access the local resources.
  • Access to these resources can be gained in two
    ways
  • Indirect Access access to the resources is made
    via other agents in which case the security
    policy can be built into the agents specific to
    each place and based on the following agent
    owner, sending server and the degree of
    confidence
  • Access to resources directly through language
    primitives. This is done using safe Tcl.
  • Two interpreters are provided Trusted and
    Un-trusted
  • Un-trusted interpreter implements a sub set of
    commands

6
Telescript
  • Agents Uniquely Identified by a telename
  • Authority
  • Identifies the agents owner
  • Identity
  • Identifies the agent
  • Telescript processes cannot directly access the
    resources of the machine they are running on
  • Permits
  • Each Telescript agent contains a permit which
    limits the resources and the quantity of these
    resources that the agent can use as well as what
    commands the agent can execute.
  • Permits are granted when an agent is first
    created and then renegotiated every time the
    agent migrates

7
Generalised Agent Model
  • Resource Access
  • Local resources
  • Resources brought with agent
  • Migration
  • Unrestricted Migration vs. Restricted Migration
  • Communication
  • Local communication vs. Remote Communication

8
Host Agent Security
  • Controlling access to the resources on the
    machine on which the agent is running and
    controlling access to certain commands
  • This can be done by using interpreted languages
    where the interpreter can check the execution
    dynamically
  • Determining the identity of different agents so
    that different policies can be applied
  • This produces the problem of authenticating an
    agent to its owner in a distributed scalable
    manner and then setting access permissions based
    on this authentication.

9
Agent to Agent Security
  • Do not allow the direct manipulation of agents by
    other agents rather use message passing over a
    secure channel
  • There is also the problem of agents stealing
    information or resources from other agents
  • There is also the idea that communication between
    agents can be of a transactional nature and this
    complicates matters further

10
Agent - Host Security
  • this point will determine the effectiveness of
    future agent system implementations. It is the
    Achilles' heel of agent based architectures
  • The host should not be able to tamper with an
    agent running on it, by changing its
    functionality or by pulling sensitive information
    from it
  • Proposed Solutions
  • One solution is to have a dedicated piece of
    trusted hardware in the machine that the agent
    runs on.
  • Other proposed solutions involve trusted places
    detecting the tampering of agents once they
    return from an untrusted place.
  • Other solutions involve authenticating the
    machine before migrating to it to ensure that it
    can be trusted
  • To extend this we could use a reputation based
    service where we create an audit trail which will
    leads us to the machine that tampered with the
    agent and this host can then be black listed

11
Agent - Multiple Host Security
  • The ability of agents to create other agents
    means that a single parent agent could in theory
    have control over an excessive number of
    resources. This could in turn allow that agent to
    perform Denial of Service attacks and cause other
    negative effects to hosts
  • Agents could be used to deduce information based
    on accessing many sites and having a global view
    of the system
  • In order to combat this we would need to have a
    more global mechanism of limiting resource
    allocation.

12
Proposed Solution
  • Goals Design Decisions
  • Goal A practical solution that is implementable
    using current technology
  • Design Decisions an agent not concerned about
    security should not incur any security overhead
  • Authentication
  • Based on a user, password, counter password tuple
  • Agent must have prior knowledge/trust of this
    host
  • Host must have prior knowledge/trust of this user
  • Agents must only carry the information that they
    will need at the new site
  • Agents concerned with security must return home
    once its task is complete

13
Proposed Agent Multiple Host Security
  • Detection and termination of resource hungry
    agents is not enough to stop this problem as the
    agent owner can create another instance of that
    agent
  • Need to determine the user or at least the host
    where the agent is being created
  • The idea of digital cash or tokens that can be
    used to purchase resources may not solve this
    problem as it may be in the hosts best interest
    to offer these resources.

14
Questions
  • Any Questions?
Write a Comment
User Comments (0)
About PowerShow.com