Skip to main content
SpringerLink
Log in

TAMAP: a new trust-based approach for mobile agent protection

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

Human activities are increasingly based on the use of distant resources and services, and on the interaction between remotely located parties that may know little about each other. Mobile agents are the most suited technology. They must therefore be prepared to execute on different hosts with various environmental security conditions. This paper introduces a trust-based mechanism to improve the security of mobile agents against malicious hosts and to allow their execution in various environments. It is based on the dynamic interaction between the agent and the host. Information collected during the interaction enables generation of an environment key. This key allows then to deduce the host’s trust degree and permits the mobile agent to adapt its execution accordingly to the host trustworthiness, its behavior history and the provided Quality of Service (QoS). An adaptive mobile agent architecture is therefore proposed. It endows the mobile agent with the ability to react with an unexpected behavior.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdul-Rahman, A., Hailes, S.: Using recommendations for managing trust in distributed systems. In: Proceedings of IEEE Malaysia International Conference on Communication’97 (MICC’97), Kuala Lumpur, Malaysia (1997)

  2. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of obfuscating programs. Advances in cryptology. In: Proceedings of Crypto’2001, Lecture Notes in Computer Science, Vol. 2139, pp. 1–18 (2001)

  3. Beaucamps, P., Filiol, E.: On the possibility of practically obfuscating program—towards a unified perspective of code protection. WTCV’06 Special Issue, G. Boufante, I., Marion, J.Y. (eds) J. Comput.Virol. 3(1) (2007)

  4. Beimel A. and Burmester M. (2000). Computing functions of a shared secret. SIAM J. Discrete Math. 13(3): 324–345

    Article  MathSciNet  Google Scholar 

  5. Bellavista, P., Corradi, A., Frederici C., Montanari R., Tibaldi D.: Security for mobile agents: issues and challenges. In: Mahgoub, I., Ilyas, M. (eds) The Book Handbook of Mobile Computing. CRC, Boca Raton (2004)

  6. Bierman, E., Cloete, E.: Classification of malicious host threats in mobile agent computing. In: Proceedings of SACICSIT2002, pp. 141–148 (2002)

  7. Borselius N. (2002). Mobile agent security. Electron. I Commun. Eng. J. IEEE Lond. 14(5): 211–218

    Article  Google Scholar 

  8. Braynov, S., Sandhol, T.: Trust revelation in multiagent interaction. In: Proceedings of CHI’02, Workshop on the Philosophy and Design of Socially Adept Technologies, Minneapolis (2002)

  9. Cahill V. (2003). Using trust for secure collaboration in uncertain environment. IEEE Pervasive Comput. 2(3): 52–61

    Article  Google Scholar 

  10. Castelfranchi, C., Falcone, R.: Trust is much more than subjective probability: mental components and sources of trust. In: The 32nd Hawaii International Conference on System Sciences—Mini-Track on Software Agents, Maui, Hawaii (2000)

  11. Chess, D., Grosof, B., Harrison, C., Levine, D., Parris, C., Tsudik, G.: Itinerant agents for mobile computing. Technical Report, IBM T.J. Watson Research Center, NY (1995)

  12. D’Anna, L., Matt, B., Reisse, A., Van Vleck, T., Schwab, S., LeBlanc, P.: Self-protecting mobile agents obfuscation report. Network Associates Laboratories Report (2003)

  13. Dimitrakos, T.: A service-oriented trust management framework. In: Falcone, R., Barber, S., Korba, L., Singh, M. (eds) Trust, reputation, and security: theories and practice, LNAI 2631. Springer, Heidelberg, pp. 53–72 (2003)

  14. Farmer, W.M., Guttman, J.D., Swarup, V.: Security for mobile agents: authentication and state appraisal. In: Proceedings of the European Symposium on Research in Computer Security (ESORICS), pp. 118–130 (1996)

  15. Filiol, E.: Strong cryptography armoured computer viruses forbidding code analysis: the bradley virus. In: Proceedings of the 14th EICAR Conference (2005)

  16. Filiol E. (2007). Techniques virales avancees (chapter 8), collections IRIS. Springer, Janvier

    Google Scholar 

  17. Filiol, E.: Malware pattern scanning schemes secure against black-box analysis. EICAR 2006 Special Issue, Broucek I, V., Turnee, P. (eds) J. Comput. Virol. 2(1), (2006)

  18. Gambetta, D.: Can we Trust Trust? Trust: Making and Breaking Cooperative Relations. In: Gambetta, D. (ed) Basil Blackwell, Oxford (1990)

  19. Grandison, T., Sloman, M.: A survey of trust in internet applications. IEEE Commun. Surv. Tutor., Fourth Quarter (2000)

  20. Gong, L.: Secure java class loading. IEEE Internet Comput. 56–61 (1998)

  21. Guessoum, Z., Ziane, M., Faci, N.: Monitoring and organizational-level adaptation of multi-agent systems. In: AAMAS’04. ACM, New York, pp. 514–522 (2004)

  22. Hacini, S., Guessoum, Z., Boufaida, Z: Using a trust-based key to protect mobile agent code. In: Transactions on Engineering, Computing and Technology, vol. 16, ISSN 1305-5313, World Enformatika Society, CCIS’2006, Venice, Italy, pp. 326–332 (2006)

  23. Hacini, S.: Using adaptability to protect mobile agents code. In: IEEE International Conference on Information Technology ITCC 2005, Las Vegas, USA, pp. 49–53 (2005)

  24. Herzberg, A., Pinter, S.S.: Public Protection of Software. Advances in Cryptology: Crypto 85, pp. 158–179. Springer, Berlin (1985)

  25. Hohl, F.: Time limited blackbox security: protecting mobile agents from malicious hosts. In: Vigna, G. (ed) Mobile agents and security. Lecture Notes in Computer Science, Vol. 1419, pp. 52–59. Springer, Heidelberg (1998)

  26. Jansen, W., Karygiannis, T.: Mobile agent security. NIST Special Publication 800-19, National Institute of Standard and Technology (2000)

  27. Josang, A.: Trust-based decision making for electronic transactions. In: The fourth Nordic Workshop on Secure ITSystems (NORDSEC’99), Stockholm University Report 99-005, Stockholm (1999)

  28. Josang A. (2001). A Logic for Uncertain Probabilities. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 9(3): 279–311

    MathSciNet  Google Scholar 

  29. Josang, A., Lo Presti, S.: Analyzing the relationship between risk and trust. In: Dimitrakos, T. (ed) The Proceedings of the Second International Conference on Trust Management, Oxford (2004)

  30. Karnik, N.: Security in mobile agents systems. PhD thesis, Department of Computer Sciences and Engineering, University of Minnesota, Minneapolis, USA (1998)

  31. De Lara, E., Wallach, D.S., Zwaenepoel, W.: Puppeteer: component based adaptation for mobile computing. In: Proceedings of the Third USENIX Symposium on Internet Technologies and Systems, pp. 159–170 (2001)

  32. Lin, C., Varadharajan V.: Modelling and evaluating trust relationships in mobile agent based systems. In: Proceedings of First International Conference on Applied Cryptography and Network Security (ACNS03), Lecture Notes in Computer Science, Vol. 2846, pp. 176–190. Springer, Kunming (2003)

  33. Lin, C., Varadharajan V., Wang Y., Mu Y.: On the design of a new trust model for mobile agent security. In: The 1st International Conference on Trust and Privacy in Digital Business (TrustBus04), Lecture Notes in Computer Science, Vol. 3184, pp. 60–69. Springer, Zaragoza (2004)

  34. Lin, C., Varadharajan, V., Wang, Y., Pruthi, V.: Trust enhanced security for mobile agents. Manuscript (2005)

  35. Manchala, D.W.: Trust metrics, models and protocols for electronic commerce transactions. In: The 18th International Conference on Distributed Computing Systems (1998)

  36. Manchala, D.W.: E-commerce trust metrics and models. IEEE Internet Comput. 36–44 (2000)

  37. Mu, Y., Lin, C., Varadharajan, V., Wang, Y.: On the design of a new trust model for mobile agent security, trust and privacy in digital business. Lecture Notes in Computer Science, Vol. 3184, pp. 60–69. Springer, Berlin (2004)

  38. Necula G.C. and Lee P. (1998). Untrusted agents using proof-carring code. Lecture Notes in Computer Science, Vol. 1419. Springer, Heidelberg

    Google Scholar 

  39. Quin, T.: Cherubim agent based dynamic security architecture. Technical Report University of Illinois at Urbana-Champaign (1998)

  40. Reiser, H.: Security requirements for management systems using mobile agents. In: Proceeding of the Fifth IEEE Symposium on Computers and Communications: ISCC 2000, Antibes, France, pp. 160–165 (2000)

  41. Riordan J. and Schneier B. (1998). Environment key generation towards clueless agents. Lect. Notes Comput. Sci. 1419: 15–24

    Article  Google Scholar 

  42. Roth, V.: Secure recording of itineraries through cooperating agents. In: Proceedings of the ECOOP Workshop on Distributed Object Security and fourth Workshop on Mobile Object Systems: Secure Internet Mobile Computations, INRIA, France, pp. 147–154 (1998)

  43. Roth, V.: Mutual protection of cooperating agents. In: Vitek, J., Jensen, C. (eds) Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Springer, Heidelberg (1999)

  44. Rouvrais, S.: Utilisation d’Agents Mobiles pour la Construction de Services Distribues. These de doctorat de l’universite de Rennel, France (2002)

  45. Rutkowska, J.: Red pill... or how to detect VMM using (almost) one CPU instruction, 2006. http://invisiblethings.org/papers/redpill.html

  46. Sander, T., Tschudin, C.: Toward mobile cryptography. IEEE Symposium Security and Privacy, IEEE Computer Soc. Press, Los Alamitos, pp. 215–224 (1998)

  47. Sander T. and Tschudin C. (1998). Protecting mobile agent against malicious hosts. In: Vigna, G. (eds) Mobile Agents and Security, Lecture Notes in Computer Science, Vol. 1419, pp 44–60. Springer, Berlin

    Google Scholar 

  48. Smith, S.W., Austel, V.: Trusting trusted hardware: towards a formal model for programmable secure processors. In: The Third USENIX Workshop on Electronic Commerce (1998)

  49. Tan, H.K., Moreau, L.: Trust relationships in a mobile agent system. In: Picco, G.P. (ed) Fifth IEEE International Conference on Mobile Agents, Lecture Notes in Computer Science, vol. 2240. Springer, Atlanta (2001)

  50. Vigna G. (1998). Mobile Code Security. Lecture Notes in Computer Science, Vol. 1419. Springer, Berlin

    Google Scholar 

  51. Wang T., Guan S. and Khoon Chan T. (2000). Integrity protection for Code-On-Demand Mobile Agents in E-Commerce. J. Syst. Softw. 60: 211–221

    Article  Google Scholar 

  52. Wilhelm, U.G., Staamann, S.M., Buttyan, L.: A pessimistic approach to trust in mobile agent platforms. IEEE Internet Comput. 45, ISSN: 1089–7801, pp. 40–48 (2000)

  53. Wilhelm, U.G., Staamann, S., Buttyan, L.: On the problem of trust in mobile agent systems. In: IEEE Symposium on Network and Distributed System Security, San Diego (1998)

  54. Yahalom, R., Klein, B., Beth, T.: Trust relationships in secure systems—a distributed authentication perspective. In: The Proceedings of IEEE Conference on Research in Security and Privacy (1993)

  55. Yee, B., Tygar, D.: Secure coprocessors in electronic commerce applications. In: The Proceeding of First Usenix Workshop on Electronic Commerce, Usenix Assoc., Berkeley, pp. 155–170 (1995)

Download references

Author information

Authors and Affiliations

  1. LIRE, Mentouri University, Constantine, Algeria

    Salima Hacini & Zizette Boufaida

  2. LIP6, Pierre et Marie Curie University, Paris, France

    Zahia Guessoum

Authors
  1. Salima Hacini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zahia Guessoum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zizette Boufaida
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Salima Hacini.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hacini, S., Guessoum, Z. & Boufaida, Z. TAMAP: a new trust-based approach for mobile agent protection. J Comput Virol 3, 267–283 (2007). https://doi.org/10.1007/s11416-007-0056-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-007-0056-y

Keywords

Search

Navigation