30-08-2014, 10:15 AM
Mobile Agent Protection
With Adaptability and Cloning
[attachment=67384]
Abstract
Mobile agents evolve as promising distributed computing paradigm. Based on autonomous programs, they can
provide many benefits to development of distributed applications. However, they must be protected from any act aiming
at deterioration, destruction or handling of their code, state or data.
The objective of this paper is to propose a protocol based on two agents: mobile agent and clone agent. The clone is a
mobile agent’s prototype with no critical code and data. It is created and sent by mobile agent in order to be executed
first. In return, clone is analyzed by mobile agent to detect any malicious action: if actions are considered grave,
mobile agent redoes a copy and changes destination. If actions are doubtful, mobile agent chooses a plan of adaptation
then migrates. If all actions are allowed, mobile agent migrates with trust
. INTRODUCTION
Mobile agents are new approach which can bring better performances to distributed applications programming .They
provide several advantages to design and control distributed applications [3](e.g., autonomy, dynamic adaptation,
software deployment, distributed and heterogeneous computing, a better use of network resources and reduction of
communication with respect to latency, bandwidth and connection time).
Mobile agents are program instances, able to migrate from one agent platform to another [1], [9], thus fulfilling tasks
on behalf of user or another entity. They consist of three parts: code, data state (e.g. instance variables), and execution
state.
They transport sensitive information such as secret keys, electronic money, and other private data.
Consequently, security is a fundamental precondition for acceptance of mobile agent applications. In other words, we
need to have a program that actively protects itself against malicious hosts who try to attack mobile agent in order to
obtain service without providing payment, to remove private information from agent’s memory, or to destroy their code,
state or data [16], [27].
We can classify host’s attacks against mobile agents into three great classes [4], [8], [14]: inspection, modification and
replay attacks. Inspection consists in examining the contents of agent, or the stream of execution to get back critical
information transported by mobile agent.
The modification is realised by replacing some elements of agent with the aim of leading an attack.
Replay attacks are obtained by cloning the agent, then by executing the clone in several configurations to find agent’s
knowledge.
We also quote denial of service [12] where a malicious host can ignore demands of service, introduce unacceptable
delays for critical spots, don’t execute the code of mobile agent either end it without notice. Other agents who wait for
the answer of this agent will be in deadlock.
Various techniques are in the course of study to guarantee to agents a trust execution in visited hosts, such as tamper
proof hardware [12], function hiding [13], black box [6], [15] or clueless agents [11].
In this paper, we describe a proposition to protect mobile agent, based on cloning and adaptability concepts.
The clone is a mobile agent copy, with no critical code and data. Mobile agent creates its clone, saves a copy and sends
it first to the host. After execution, clone returns back to mobile agent who compares it with the saved copy in order to
detect possible attacks.
2. RELATED WORK
In order to protect mobile agent, several approaches were proposed. They try to guarantee the access to different hosts
and the execution with trust. Most of these approaches are based on detection. Our proposition is based on protection.
In this subsection, we summarize some proposed techniques based on one or more agents. The next subsection
presents some works based on adaptability.
IMPLEMENTATION
In order to prove the viability of our protocol, prototypes of mobile and clone agents are created.
The current implementation is made within JADE agent platform (Java Agent DEvelopment framework). The main
reason for this selection was the fact that JADE is one of the best modern agent environments [5]. Furthermore, JADE
is open-source and it is FIPA compliant [1]. In what follow, we describe some principles of our implementation:
CONCLUSION
In this paper, we looked at the general problem of mobile agent protection against malicious hosts, and different
proposed works. Then, we presented a protocol to assure the mobile agent protection. The idea is based on prevention
and requires two agents: mobile agent, with knowledge and critical data, and a prototype, with no sensitive code and
data. This prototype is called clone agent.
With Adaptability and Cloning
[attachment=67384]
Abstract
Mobile agents evolve as promising distributed computing paradigm. Based on autonomous programs, they can
provide many benefits to development of distributed applications. However, they must be protected from any act aiming
at deterioration, destruction or handling of their code, state or data.
The objective of this paper is to propose a protocol based on two agents: mobile agent and clone agent. The clone is a
mobile agent’s prototype with no critical code and data. It is created and sent by mobile agent in order to be executed
first. In return, clone is analyzed by mobile agent to detect any malicious action: if actions are considered grave,
mobile agent redoes a copy and changes destination. If actions are doubtful, mobile agent chooses a plan of adaptation
then migrates. If all actions are allowed, mobile agent migrates with trust
. INTRODUCTION
Mobile agents are new approach which can bring better performances to distributed applications programming .They
provide several advantages to design and control distributed applications [3](e.g., autonomy, dynamic adaptation,
software deployment, distributed and heterogeneous computing, a better use of network resources and reduction of
communication with respect to latency, bandwidth and connection time).
Mobile agents are program instances, able to migrate from one agent platform to another [1], [9], thus fulfilling tasks
on behalf of user or another entity. They consist of three parts: code, data state (e.g. instance variables), and execution
state.
They transport sensitive information such as secret keys, electronic money, and other private data.
Consequently, security is a fundamental precondition for acceptance of mobile agent applications. In other words, we
need to have a program that actively protects itself against malicious hosts who try to attack mobile agent in order to
obtain service without providing payment, to remove private information from agent’s memory, or to destroy their code,
state or data [16], [27].
We can classify host’s attacks against mobile agents into three great classes [4], [8], [14]: inspection, modification and
replay attacks. Inspection consists in examining the contents of agent, or the stream of execution to get back critical
information transported by mobile agent.
The modification is realised by replacing some elements of agent with the aim of leading an attack.
Replay attacks are obtained by cloning the agent, then by executing the clone in several configurations to find agent’s
knowledge.
We also quote denial of service [12] where a malicious host can ignore demands of service, introduce unacceptable
delays for critical spots, don’t execute the code of mobile agent either end it without notice. Other agents who wait for
the answer of this agent will be in deadlock.
Various techniques are in the course of study to guarantee to agents a trust execution in visited hosts, such as tamper
proof hardware [12], function hiding [13], black box [6], [15] or clueless agents [11].
In this paper, we describe a proposition to protect mobile agent, based on cloning and adaptability concepts.
The clone is a mobile agent copy, with no critical code and data. Mobile agent creates its clone, saves a copy and sends
it first to the host. After execution, clone returns back to mobile agent who compares it with the saved copy in order to
detect possible attacks.
2. RELATED WORK
In order to protect mobile agent, several approaches were proposed. They try to guarantee the access to different hosts
and the execution with trust. Most of these approaches are based on detection. Our proposition is based on protection.
In this subsection, we summarize some proposed techniques based on one or more agents. The next subsection
presents some works based on adaptability.
IMPLEMENTATION
In order to prove the viability of our protocol, prototypes of mobile and clone agents are created.
The current implementation is made within JADE agent platform (Java Agent DEvelopment framework). The main
reason for this selection was the fact that JADE is one of the best modern agent environments [5]. Furthermore, JADE
is open-source and it is FIPA compliant [1]. In what follow, we describe some principles of our implementation:
CONCLUSION
In this paper, we looked at the general problem of mobile agent protection against malicious hosts, and different
proposed works. Then, we presented a protocol to assure the mobile agent protection. The idea is based on prevention
and requires two agents: mobile agent, with knowledge and critical data, and a prototype, with no sensitive code and
data. This prototype is called clone agent.