Abstract
Mobile agents are software entities consisting of code, data, state and itinerary that can migrate autonomously from host to host executing their code. Despite its benefits, security issues strongly restrict the use of code mobility. The protection of mobile agents against the attacks of malicious hosts is considered the most difficult security problem to solve in mobile agent systems. In particular, collusion attacks have been barely studied in the literature. This paper presents a mechanism that avoids collusion attacks based on code passing. Our proposal is based on a Multi-Code agent, which contains a different variant of the code for each host. A Trusted Third Party is responsible for providing the information to extract its own variant to the hosts, and for taking trusted timestamps that will be used to verify time coherence.
This work is funded by the Spanish Ministry of Science and Education under the projects CONSOLIDER-ARES (CSD2007-00004), SECCONET (TSI2005-07293-C02-01), ITACA (TSI2007-65393-C02-02), P2PSEC (TEC2008-06663-C03-01) and, by the Government of Catalonia under grant 2005 SGR 01015 to consolidated research groups.
Chapter PDF
Similar content being viewed by others
References
Benachenhou, L., Pierre, S.: Protection of a mobile agent with a reference clone. Computer Communications 29(2), 268–278 (2006)
Borrell, J., Robles, S., Serra, J., Riera, A.: Securing the Itinerary of Mobile Agents through a Non-Repudiation Protocol. In: IEEE International Carnahan Conference on Security Technology (1999)
Westhoff, D., Schneider, M., Unger, C., Kaderali, F.: Methods for Protecting a Mobile Agent’s Route. In: Zheng, Y., Mambo, M. (eds.) ISW 1999. LNCS, vol. 1729, p. 57. Springer, Heidelberg (1999)
Esparza, O., Muñoz, J.L., Soriano, M., Forné, J.: Punishing Malicious Hosts with the Cryptographic Traces Approach. New Generation Computing 24(4), 351–376 (2006)
Esparza, O., Muñoz, J.L., Soriano, M., Forné, J.: Secure brokerage mechanisms for mobile electronic commerce. Computer Communications (Elsevier) 29(12), 2308–2321 (2006)
Esparza, O., Soriano, M., Muñoz, J.L., Forné, J.: Implementation and Performance Evaluation of a Protocol for Detecting Suspicious Hosts. In: Horlait, E., Magedanz, T., Glitho, R.H. (eds.) MATA 2003. LNCS, vol. 2881, pp. 286–295. Springer, Heidelberg (2003)
Haridi, S., Van Roy, P., Brand, P., Schulte, C.: Programming languages for distributed applications. New Generation Computing 16(3), 223–261 (1998)
Hohl, F.: Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 92–113. Springer, Heidelberg (1998)
Hohl, F.: A Framework to Protect Malicious Hosts Attacks by Using Reference States. In: International Conference on Distributed Computing Systems, ICDCS (2000)
Jansen, W.: Countermeasures for Mobile Agent Security. In: Computer Communications, Special Issue on Advanced Security Techniques for Network Protection (2000)
Jansen, W., Karygiannis, T.: Mobile Agent Security. Special publication 800-19, National Institute of Standards and Technology, NIST (1999)
Kinny, D.: Reliable agent communication - a pragmatic perspective. New Generation Computing 19(2), 139–156 (2001)
Leung, K.-K., Ng, K.: Detection of Malicious Host Attacks by Tracing with Randomly Selected Hosts. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 839–848. Springer, Heidelberg (2004)
Maña, A., Lopez, J., Ortega, J.J., Pimentel, E., Troya, J.M.: A framework for secure execution of software. International Journal of Information Security 3(2), 99–112 (2004)
Mir, J., Borrell, J.: Protecting Mobile Agent Itineraries. In: Horlait, E., Magedanz, T., Glitho, R.H. (eds.) MATA 2003. LNCS, vol. 2881, pp. 275–285. Springer, Heidelberg (2003)
Oppliger, R.: Security issues related to mobile code and agent-based systems. Computer Communications 22(12), 1165–1170 (1999)
Ouardani, A., Pierre, S., Boucheneb, H.: A security protocol for mobile agents based upon the cooperation of sedentary agents. J. Network and Computer Applications 30(3), 1228–1243 (2007)
Riordan, J., Schneier, B.: Environmental Key Generation Towards Clueless Agents. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 15–24. Springer, Heidelberg (1998)
Roth, V.: Mutual protection of cooperating agents. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603. Springer, Heidelberg (1999)
Sander, T., Tschudin, C.F.: Protecting mobile agents against malicious hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 44–60. Springer, Heidelberg (1998)
Vigna, G.: Cryptographic traces for mobile agents. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 137–153. Springer, Heidelberg (1998)
Wilhelm, U.G., Staamann, S., Buttyán, L.: Introducing trusted third parties to the mobile agent paradigm. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603. Springer, Heidelberg (1999)
Yee, B.S.: A sanctuary for mobile agents. In: DARPA workshop on foundations for secure mobile code (1997)
Yu, C.M., Ng, K.W.: A flexible tamper-detection protocol for mobile agents on open networks. In: International Conference of Information and Knowledge Engineering (IKE 2002) (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Jaimez, M., Esparza, O., Muñoz, J.L., Alins-Delgado, J.J., Mata-Díaz, J. (2009). A Mechanism to Avoid Collusion Attacks Based on Code Passing in Mobile Agent Systems. In: Markowitch, O., Bilas, A., Hoepman, JH., Mitchell, C.J., Quisquater, JJ. (eds) Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks. WISTP 2009. Lecture Notes in Computer Science, vol 5746. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03944-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-03944-7_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03943-0
Online ISBN: 978-3-642-03944-7
eBook Packages: Computer ScienceComputer Science (R0)