Security of Mobile Code

Security of Mobile Code

Zbigniew Kotulski (Polish Academy of Sciences, Warsaw, Poland and Warsaw University of Technology, Poland) and Aneta Zwierko (Warsaw University of Technology, Poland)
Copyright: © 2008 |Pages: 16
DOI: 10.4018/978-1-59904-899-4.ch003
OnDemand PDF Download:
$37.50

Abstract

The recent development in the mobile technology (mobile phones, middleware, wireless networks, etc.) created a need for new methods of protecting the code transmitted through the network. The oldest and the simplest mechanisms concentrate more on integrity of the code itself and on the detection of unauthorized manipulation. The newer solutions not only secure the compiled program, but also the data, that can be gathered during its “journey,” and even the execution state. Some other approaches are based on prevention rather than detection. In this chapter we present a new idea of securing mobile agents. The proposed method protects all components of an agent: the code, the data, and the execution state. The proposal is based on a zero-knowledge proof system and a secure secret sharing scheme, two powerful cryptographic primitives. Next, the chapter includes security analysis of the new method and its comparison to other currently more widespread solutions. Finally, we propose a new direction of securing mobile agents by straightening the methods of protecting integrity of the mobile code with risk analysis and a reputation system that helps avoiding a high-risk behavior.

Key Terms in this Chapter

Availability: Availability exists when every agent (local, remote) is able to access data and services on an agent platform, which responsible to provide them

Integrity: Integrity exists when the agent platform protects agents from unauthorized modification of their code, state, and data and ensure that only authorized agents or processes carry out any modification of the shared data

Security Services: Security services guarantee protecting agents against attacks. During agent’s transportation the code is protected as a usual file. At the host site, the agent is open for modifications and very specific methods must be applied for protection. For the agent’s protection the following security services can be utilized:

Weak Mobility: Weak mobility of an agent means that only the agent’s code is migrating and no execution state is sent along with an agent program.

Strong Mobility: Strong mobility of an agent means that a running program along with its particular (actual) state is moving from one host site to another.

Intelligent Software Agent: Intelligent software agent is an agent that uses artificial intelligence in the pursuit of its goals in contacts with hosts and other agents.

Anonymity: Anonymity is when agents’ actions and data are anonymous for hosts and other agents

Confidentiality: Confidentiality is any private data stored on a platform or carried by an agent that must remain confidential. Mobile agents also need to keep their present location and the whole route confidential

Mobile Agent: Mobile agent is an agent that can move among different platforms (hosts) at different times while the stationary agent resides permanently at a single platform (host).

Agent Platform (Host): Agent platform is a computer where an agent’s code or program is executed. The software agent cannot perform its actions outside hosts. The host protects agents against external attacks.

Cryptographic Protocol: Cryptographic protocol is a sequence of steps performed by two or more parties to obtain a goal precisely according to assumed rules. To assure this purpose the parties use cryptographic services and techniques. They realize the protocol exchanging tokens.

Software Agent: Software agent is a piece of code or computer program that can exercise an individual’s or organization’s authority, work autonomously at host toward a goal, and meet and interact with other agents

Accountability: Accountability exists when each agent on a given platform must be held accountable for its actions: must be uniquely identified, authenticated, and audited

Complete Chapter List

Search this Book:
Reset