Security Issues in Agent Based Computing

1
Security Issues in Agent Based Computing
2
Main Security Areas

• Protecting agents form other malicious agents
• Protecting hosts from malicious agents
• Protecting agents from malicious hosts
• Protecting multiple machines from a malicious
  agent.
• DOS attacks
• Resource hungry agents

3
How Current Agent Based Systems have attempted
to address these issues

• Tacoma
• Uses a single entry point Firewall agent for each
  place that all visiting agents must pass through.
• Many security policies and mechanisms could
  therefore be implemented within this firewall
  agent such as authentication, access control and
  accounting
• At the time of the paper however the firewall
  agent only provided accounting where it would
  write the agents briefcase which includes the
  agents code out to disk

4
Agent Tcl

• Authentication
• Authentication in Tcl is done using PGP
• Before an agent can move to a place it must first
  register with that server which is done by
  creating a registration request. This
  registration request is encrypted using the agent
  owners private key thus the agent can be denied
  access based on its owner. This means places
  must contain ACLs of all owners that are allowed
  to execute agents on that server
• During Migration the agent is digitally signed
  with the current servers private key and
  encrypted with the receiving servers public key .
  The migration message also contains the agents
  owner and the degree of confidence that the
  current server has in the owners validity

5
Agent Tcl

• Authorisation
• Once the agent has been authenticated it can then
  attempt to access the local resources.
• Access to these resources can be gained in two
  ways
• Indirect Access access to the resources is made
  via other agents in which case the security
  policy can be built into the agents specific to
  each place and based on the following agent
  owner, sending server and the degree of
  confidence
• Access to resources directly through language
  primitives. This is done using safe Tcl.
• Two interpreters are provided Trusted and
  Un-trusted
• Un-trusted interpreter implements a sub set of
  commands

6
Telescript

• Agents Uniquely Identified by a telename
• Authority
• Identifies the agents owner
• Identity
• Identifies the agent
• Telescript processes cannot directly access the
  resources of the machine they are running on
• Permits
• Each Telescript agent contains a permit which
  limits the resources and the quantity of these
  resources that the agent can use as well as what
  commands the agent can execute.
• Permits are granted when an agent is first
  created and then renegotiated every time the
  agent migrates

7
Generalised Agent Model

• Resource Access
• Local resources
• Resources brought with agent
• Migration
• Unrestricted Migration vs. Restricted Migration
• Communication
• Local communication vs. Remote Communication

8
Host Agent Security

• Controlling access to the resources on the
  machine on which the agent is running and
  controlling access to certain commands
• This can be done by using interpreted languages
  where the interpreter can check the execution
  dynamically
• Determining the identity of different agents so
  that different policies can be applied
• This produces the problem of authenticating an
  agent to its owner in a distributed scalable
  manner and then setting access permissions based
  on this authentication.

9
Agent to Agent Security

• Do not allow the direct manipulation of agents by
  other agents rather use message passing over a
  secure channel
• There is also the problem of agents stealing
  information or resources from other agents
• There is also the idea that communication between
  agents can be of a transactional nature and this
  complicates matters further

10
Agent - Host Security

• this point will determine the effectiveness of
  future agent system implementations. It is the
  Achilles' heel of agent based architectures
• The host should not be able to tamper with an
  agent running on it, by changing its
  functionality or by pulling sensitive information
  from it
• Proposed Solutions
• One solution is to have a dedicated piece of
  trusted hardware in the machine that the agent
  runs on.
• Other proposed solutions involve trusted places
  detecting the tampering of agents once they
  return from an untrusted place.
• Other solutions involve authenticating the
  machine before migrating to it to ensure that it
  can be trusted
• To extend this we could use a reputation based
  service where we create an audit trail which will
  leads us to the machine that tampered with the
  agent and this host can then be black listed

11
Agent - Multiple Host Security

• The ability of agents to create other agents
  means that a single parent agent could in theory
  have control over an excessive number of
  resources. This could in turn allow that agent to
  perform Denial of Service attacks and cause other
  negative effects to hosts
• Agents could be used to deduce information based
  on accessing many sites and having a global view
  of the system
• In order to combat this we would need to have a
  more global mechanism of limiting resource
  allocation.

12
Proposed Solution

• Goals Design Decisions
• Goal A practical solution that is implementable
  using current technology
• Design Decisions an agent not concerned about
  security should not incur any security overhead
• Authentication
• Based on a user, password, counter password tuple
• Agent must have prior knowledge/trust of this
  host
• Host must have prior knowledge/trust of this user
• Agents must only carry the information that they
  will need at the new site
• Agents concerned with security must return home
  once its task is complete

13
Proposed Agent Multiple Host Security

• Detection and termination of resource hungry
  agents is not enough to stop this problem as the
  agent owner can create another instance of that
  agent
• Need to determine the user or at least the host
  where the agent is being created
• The idea of digital cash or tokens that can be
  used to purchase resources may not solve this
  problem as it may be in the hosts best interest
  to offer these resources.

14
Questions

• Any Questions?