Abstract
In mobile agent systems, program code together with some process state can autonomously migrate to new hosts. Despite its many practical benefits, mobile agent technology results in significant new security threats from malicious agents and hosts. In this paper, we propose a security architecture to achieve three goals: certification that a server has the authority to execute an agent on behalf of its sender; flexible selection of privileges, so that an agent arriving at a server may be given the privileges necessary to carry out the task for which it has come to the server; and state appraisal, to ensure that an agent has not become malicious as a consequence of alterations to its state. The architecture models the trust relations between the principals of mobile agent systems and includes authentication and authorization mechanisms.
This work was supported by the MITRE-Sponsored Research Program.
Shimshon Berkovits is also affiliated with the Department of Mathematical Sciences, University of Massachusetts-Lowell.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
L. Cardelli. A language with distributed scope. In Proceedings of the 22nd ACM Symposium on Principles of Programming Languages, pages 286–298, 1995. http://www.research.digital.com/SRC/Obliq/Obliq.html.
H. Cejtin, S. Jagannathan, and R. Kelsey. Higher-order distributed objects. ACM Transactions on Programming Languages and Systems, 17(5):704–739, September 1995. http://www.neci.nj.nec.com:80/PLS/Kali.html.
D. Chess, B. Grosof, C. Harrison, D. Levine, C. Parris, and G. Tsudik. Itinerant agents for mobile computing. IEEEPersonal Communications Magazine, 2(5):34–49, October 1995. http://www.research.ibm.com/massive.
D. Chess et al. Things that go bump in the net. Web page at http://www.research.ibm.com/massive, IBM Corporation, 1995.
W. M. Farmer, J. D. Guttman, and V. Swarup. Security for mobile agents: Authentication and state appraisal. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), LNCS 1146, pages 118–130, September 1996.
W. M. Farmer, J. D. Guttman, and V. Swarup. Security for mobile agents: Issues and requirements. In National Information Systems Security Conference. National Institute of Standards and Technology, October 1996.
C. G. Harrison, D. M. Chess, and A. Kershenbaum. Mobile agents: Are they a good idea? Technical report, IBM Research Report, IBM Research Division, T.J. Watson Research Center, Yorktown Heights, NY, March 1995. http://www.research.ibm.com/massive.
C. Haynes and D. Friedman. Embedding continuations in procedural objects. ACM Transactions on Programming Languages and Systems, 9:582–598, 1987.
R. Housley, W. Ford, W. Polk, and D. Solo. Internet public key infrastructure X.509 certificate and CRL profile. Internet Draft <draft-ietf-pkix-ipki-part1-06.txt>, Work in Progress, October 1997.
IEEE Std 1178–1990. IEEE Standard for the Scheme Programming Language. Institute of Electrical and Electronic Engineers, Inc., New York, NY, 1991.
G. Karjoth, D. B. Lange, and M. Oshima. A security model for Aglets. In IEEE Internet Computing, pages 68–77, July/August 1997.
C. Kaufman, R. Perlman, and M. Speciner. Network Security: Private Communication in a Public World. Prentice Hall, 1995.
B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10:265–310, November 1992.
S. Micali. Efficient certificate revocation. Technical Memo MIT/LCS/TM-542b, MIT, September 1997. See also US Patent 5666416.
Sun Microsystems. Java: Programming for the Internet. Web page available at http://www.java.sun.com/.
Sun Microsystems. HotJava: The security story. Web page available at http://www.java.sun.com/doc/overviews.html, 1995.
M. Myers. Internet public key infrastructure online certificate status protocol-OCSP. Internet Draft <draft-ietf-pkix-opp-ocsp-01.txt>, Work in Progress, November 1997.
M. Naor and K. Nissim. Certificate revocation and certificate update. In 7th USENIX Security Symposium, San Antonio, CA, January 1998.
M. K. Reiter and S. G. Stubblebine. Toward acceptable metrics of authentication. In IEEE Symposium on Security and Privacy, pages 3–18, 1997.
R. L. Rivest and B. Lampson. SDSI — A simple distributed security infrastructure. http://www.theory.lcs.mit.edu/~rivest/publications.html.
J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the Usenix Winter Conference, pages 191–202, 1988.
J. Tardo and L. Valente. Mobile agent security and Telescript. In IEEE CompCon, 1996. http://www.cs.umbc.edu/agents/security.html.
C. Thirunavukkarasu, T. Finin, and J. Mayfield. Secret agents — a security architecture for KQML. In CIKM Workshop on Intelligent Information Agents, Baltimore, December 1995.
G. Vigna. Protecting mobile agents through tracing. In Proceedings of the Third Workshop on Mobile Object Systems, Finland, June 1997.
J. E. White. Telescript technology: Mobile agents. In General Magic White Paper, 1996. Will appear as a chapter of the book Software Agents, Jeffrey Bradshaw (ed.), AAAI Press/The MIT Press, Menlo Park, CA.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Berkovits, S., Guttman, J.D., Swarup, V. (1998). Authentication for Mobile Agents. In: Vigna, G. (eds) Mobile Agents and Security. Lecture Notes in Computer Science, vol 1419. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68671-1_7
Download citation
DOI: https://doi.org/10.1007/3-540-68671-1_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64792-8
Online ISBN: 978-3-540-68671-2
eBook Packages: Springer Book Archive