MobileTrust: a trust enhanced security architecture for mobile agent systems

Regular Contribution
First Online:

Abstract

While offering many practical benefits for distributed applications, mobile agent systems pose some fundamental security challenges. In this paper, we present a new approach to mobile agent security which helps to address some of these challenges. We present a new technique, which we refer to as trust enhanced security, and apply it to mobile agent-based systems; this new technique advocates a shift in security solutions from security-centric to trust-centric. This extends the traditional security mechanisms by enabling trust decisions through explicit specification and management of security-related trust relationships. The integration of the trust decisions into security decision-making process leads to our trust enhanced security performance. A formal trust model is proposed and is incorporated into the development of a novel trust management architecture—MobileTrust for mobile agent-based applications. We have conducted detailed practical investigations to evaluate and validate the emergent properties of the trust enhanced security technique. We present and discuss the key results in this paper.

Keywords

Mobile code security Trust model Trust management Trust architecture Trust enhanced security System integration and implementation Security performance verification 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdul-Rahman, A., Hailes, S.: Using recommendations for managing trust in distributed systems. In: Proceedings of IEEE Malaysia international conference on communication’97 (MICC’97), Kuala Lumpur, Malaysia (1997)Google Scholar
  2. 2.
    Abdul-Rahman, A., Hailes, S.: Relying on trust to find reliable information. In: Proceedings of 1999 international symposium on database, web and cooperative systems (DWACOS’99), Baden- Baden, Germany, August (1999)Google Scholar
  3. 3.
    Balacheff B., Pearson S.: Trusted computing platforms, TCPA technology in context. Prentice Hall, Englewood Cliffs, NJ (2003)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 1996 IEEE conference on security and Privacy, Oakland, CA, pp. 164 –173, May (1996)Google Scholar
  5. 5.
    Chess, D.M.: Security issues in mobile code systems. In: Mobile agents and security, Editor Vigna, volume LNCS1419. Springer-Verlag (1998)Google Scholar
  6. 6.
    Christianson, B., Harbison, W.S.: Why isn’t trust transitive?. In: Proceedings of the 4th security protocols international workshop, Cambridge, UK, April (1996)Google Scholar
  7. 7.
    Grandison, T., Sloman, M.: A survey of trust in Internet applications. IEEE Communications Surveys, Fourth Quarter, (2000)Google Scholar
  8. 8.
    Grandison, T., Sloman, M.: Specifying and analysing trust for Internet applications. Second IFIP Conference on e-Commerce, e-Business, e-Government, October (2002)Google Scholar
  9. 9.
    Gray, R.S.: A flexible and secure mobile agent system. 4th Annual Tcl/Tk Workshop Proc, (1996)Google Scholar
  10. 10.
    Hu, Y.-J.: Some thoughts on agent trust and delegation. In: Proceedings of Autonomous Agents 2001 (2001)Google Scholar
  11. 11.
    IEEE. (ed.): IEEE Security and Privacy, volume 3 of economics of information security. IEEE Computer Society (2005)Google Scholar
  12. 12.
    Jansen, W.: Mobile agents and security. NIST (1999)Google Scholar
  13. 13.
    Jansen, W.: Countermeasures for mobile agent security. Comupter Communications, Special Issue on Advances of Network Security, November (2000)Google Scholar
  14. 14.
    Jøsang, A.: A subjective metric of authentication. In: Quisquater, J. et al. (eds.) Proceedings of ESORICS’98, Louvain-la-Neuve, Belgium (1998)Google Scholar
  15. 15.
    Jøsang A.: A logic for uncertain probabilities. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 9(3), 279–311 (2001)Google Scholar
  16. 16.
    Karjoth, G., Lang, D., Oshima, M.: A security model for aglets. IEEE Internet Computing, July (1997)Google Scholar
  17. 17.
    Karnik N., Tripathi A.: Security in Ajanta Mobile System. Software Practice and Experience. John Wiley and Sons, New York (2000)Google Scholar
  18. 18.
    Kohlas, R., Jonczy, J., Haenni, R.: A trust evaluation method based on logic and probability theory. In: Karabulut, Y., Mitchell, J., Herrmann, P., Jensen, C.D. (eds.) IFIPTM’08, 2nd joint iTrust and PST conferences on privacy trust management and security, volume II of trust management, pp. 17–32. Trondheim, NorwayGoogle Scholar
  19. 19.
    Krukow K., Nielsen M., Sassone V.: A bayesian model for event-based trust, vol. 172, pp. 499–521. Elsevier Science Publishers B. V, Amsterdam, The Netherlands (2007)Google Scholar
  20. 20.
    Lampson B., Abadi M., Burrows M., Wobber E.: Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst. 10(4), 265–310 (1992)CrossRefGoogle Scholar
  21. 21.
    Lange, D.B., Oshima, M.: Programming and Deploying Java Mobile Agents with Aglets. Addison-Wesley, (1998)Google Scholar
  22. 22.
    Lange D.B., Oshima M.: Seven good reasons for mobile agents. Commun ACM 42(3), 88–89 (1999)CrossRefGoogle Scholar
  23. 23.
    Lin, C.: Trust Enhanced Security for Mobile Agent. Phd thesis, Information and Communication Sciences Division, Macquarie University, Sydney, Australia, May (2007)Google Scholar
  24. 24.
    Lin, C., Varadharajan, V.: A hybrid trust model for enhancing security in distributed systems. In: The second international conference on availability, reliability and security (AReS 2007), pp. 35–42, Vienna, Austria, April, 10–13, 2007. IEEE Computer Society Press. ISBN 0-7695-2775-2Google Scholar
  25. 25.
    Lin, C., Varadharajan, V.: Modeling and evaluating trust relationships in mobile agent based systems. In: Proceedings of first international Conference on applied cryptography and network security (ACNS03), volume LNCS 2846, pp. 176–190, Kunming, China, Springer-Verlag (2003)Google Scholar
  26. 26.
    Lin, C., Varadharajan, V., Wang, Y.: Maximizing utility of mobile agents based e-commerce applications with trust enhanced security. In: 2nd international conference on trust, privacy, and security in digital business (TrustBus05), in conjunction with the 16th international conference on database and expert systems applications (DEXA 2005), volume LNCS 3592, pp. 151–160, Copenhagen, Denmark, August 22–26, Springer–Verlag (2005)Google Scholar
  27. 27.
    Lin, C., Varadharajan, V., Wang, Y., Pruthi, V.: Trust enhanced security for mobile agents. In: 7th international IEEE conference on E-commerce technology 2005, Technische Universitt Mnchen, Germany, July 19–22, IEEE Computer Society Press (2005)Google Scholar
  28. 28.
    Lin, C., Varadharajan, V.: Trust enhanced security—a new philosophy for secure collaboration of mobile agents. In: International workshop on trusted collaboration (TrustCol-2006). In conjunction with the 2nd international conference on collaborative computing: networking, applications and worksharing (CollaborateCom-2006), Atlanta, Georgia, USA, November 17–20, IEEE Computer Society (2006)Google Scholar
  29. 29.
    Marsh, S.: Formalizing trust as a computational concept. PhD thesis, University of Stirling (1994)Google Scholar
  30. 30.
    Mises R.Von.: Mathematical Theory of Probability and Statistics. Academic Press, New York (1964)MATHGoogle Scholar
  31. 31.
    Moore D.S., McCabe G.P.: Introduction to the Practice of Statistics. 3rd edn. W. H. Freeman and Company, New York (1998)Google Scholar
  32. 32.
    Rasmusson, L., Jansson, S.: Simulated social control for secure internet commerce: position paper at the new security paradigms workshop (1996)Google Scholar
  33. 33.
    Raven F.H.: Automatic Control Engineering. 5th edn. McGraw-Hill, New York (1998)Google Scholar
  34. 34.
    Resnick P., Zeckhauser R., Friedman E., Kuwabara K.: Reputation systems: facilitating trust in internet interactions. Commun ACM 43(12), 45–48 (2000)CrossRefGoogle Scholar
  35. 35.
    Schelderup, K., Olnes, J.: Mobile agent security—issues and directions. In: Proceedings of the 6th international conference on intelligence and services in networks, Barcelona, Spain, April (1999)Google Scholar
  36. 36.
    Shafer G.: A Mathematical Theory of Evidence. Princeton University Press, Princeton, NJ (1976)MATHGoogle Scholar
  37. 37.
    Tan, H.K., Moreau, L.: Trust relationships in a mobile agent system. In: Picco, G.P. (ed.) Fifth IEEE international conference on mobile agents, volume LNCS2240, Atlanta, Georgia, December, Springer-Verlag (2001)Google Scholar
  38. 38.
    Varadharajan, V.: Security enhanced mobile agents. In: Proceedings of 7th ACM conference on computer and communication security, (2000)Google Scholar
  39. 39.
    Varadharajan, V., Foster, D.: A secure architecture and demonstration of a secure mobile agent based application. In: Proceedings of IASTED international conference on networks, parallel and distributed processing and applications 2002 (2002)Google Scholar
  40. 40.
    Wilhelm, U.G., Staamann, S., Buttyn, L.: On the problem of trust in mobile agent systems. In: Proceedings of 1998 network and distributed security symposium, San Diego, California, Internet Society, March 11–13 (1998)Google Scholar
  41. 41.
    Yahalom, R., Klein, B., Beth, T.: Trust relationships in secure systems—a distributed authentication perspective. In: Proceedings of IEEE conference on research in security and privacy (1993)Google Scholar
  42. 42.
    Yahalom R., Klein B., Beth T.: Trust-based navigation in distributed systems. Comput Syst 7(1), 45–73 (1994)Google Scholar
  43. 43.
    Yu, B., Singh, M.P.: A social mechanism of reputation management in electronic communities. In: Klusch, M., Kerschberg, L. (eds.) CIA-2000 workshop on cooperative information agents, 1860 of LNAI, Springer (2000)Google Scholar
  44. 44.
    Yu, B., Singh, M.P.: Distributed reputation management for electronic commerce. In: First international joint conference on autonomous agents and multiagent systems, Bologna, Italy (2002)Google Scholar

Copyright information

© Springer-Verlag 2009

Authors and Affiliations

  1. 1.Macquarie UniversitySydneyAustralia

Personalised recommendations