Security for Mobile Agents: Issues and Requirements
William M. Farmer, Joshua D. guttman, Vipin Swarup
The MITRE Corporation
Authentication = deducing which principal is making the request; it can be complicated when the agent traveles from host to host
Authorization = deducing whether to grant a request or not
Model 1 = Travel agent
Travel agent send an agent to several airline companies to look for the smalles price.
We cannot expect the participants to trust each other.
An agent's critical decisions should be taken on neutral (trusted) hosts.
Unchanging components of the state should be sealed cryptographically.
Model 2 = Distribued Intrusion Detection
The network is partitioned in domains with an interpreter (host) on each domain. The agent audit and collect data and respond to attacks.
- is an interpreter (host) untampered?
- will an interpreter run correctly the agent?
- will a host run the task to completion?
- will a jost transmit an agent as required?
- can an agent's code and data be kept secret?
- can an agent keep a key?
- authenticate the author and the sender
- check integrity of the code
- can the host ensure the agent's privacy during transmission?
Possible, but not easy tasks
- use a safe language to program
- can a sender restrict agent flexibility
- can an interpreter ensure that the agent is in a safe state
- can a sender control which interpreter runs its agent