Abstract
An outstanding security problem in mobile agent systems is resource access control, or authorization in its broader sense. In this paper we present an authorization framework for mobile agents. The system takes as a base distributed RBAC policies allowing the discretionary delegation of authorizations. A solution is provided to assign authorizations to mobile agents in a safe manner. Mobile agents do not need to carry sensitive information such as private keys nor they have to perform sensitive cryptographic operations. The proposed framework makes extensive use of security standards, introducing XACML and SAML in mobile agent system. These are widely accepted standards currently used in Web Services and Grid.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, A., (ed.): Core and Hierarchical Role Based Access Control (RBAC) profile of XACML, Version 2.0. OASIS XACML-TC, Committee Draft 01 (September 2004)
Bandmann, O., Dam, M., Sadighi-Firozabadi, B.: Constrained delegation. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 131–140. IEEE Computer Society Press, Los Alamitos (2002)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote Trust Management System. RFC 2704, IETF (September 1999)
Bradshaw, J.M., Dutfield, S., Benoit, P., Woolley, J.D.: KAoS: Toward an industrial-strength open agent architecture. Software Agents (1997)
Cartrysse, K., van der Lubbe, J.C.A.: Privacy in mobile agents. In: First IEEE Symposium on Multi-Agent Security and Survivability (2004)
David, W.: The PERMIS X.509 role based privilege management infrastructure. In: SACMAT 2002: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies. ACM Press, New York (2002)
Chess, D.: Security issues of mobile agents. In: Rothermel, K., Hohl, F. (eds.) MA 1998. LNCS, vol. 1477, Springer, Heidelberg (1998)
Clarke, D., Elien, J., Ellison, C., Fredette, M., Morcos, A., Rivest, R.: Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9(9), 285–322 (2001)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: RFC 2693: SPKI certificate theory. The Internet Society (September 1999)
Erdos, M., Cantor, S.: Shibboleth architecture v05. Internet2/MACE (May 2002)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4 (2001)
FIPA TC Ad Hoc. Fipa agent discovery service specification (November 2003)
JADE Board. Jade security guide. JADE-S Version 2 add-on (2005)
Karjoth, G., Lange, D.B., Oshima, M.: Mobile Agents and Security. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, Springer, Heidelberg (1998)
Lepro, R.: Cardea: Dynamic access control in distributed systems. Technical report, NASA Advanced Supercomputing (NAS) Division (2003)
Lorch, M., Adams, D.B., Kafura, D., Koneni, M.S.R., Rathi, A., Shah, S.: The prima system for privilege management, authorization and enforcement in grid environments. In: Fourth International Workshop on Grid Computing (2003)
Navarro, G., Robles, S., Borrell, J.: Role-based access control for e-commerce sea-of-data applications. In: Information Security Conference 2002 (September/October 2002)
Robles, S., Mir, J., Ametller, J., Borrell, J.: Implementation of secure architectures for mobile agents in MARISM-A. In: Karmouch, A., Magedanz, T., Delgado, J. (eds.) MATA 2002. LNCS, vol. 2521, pp. 182–191. Springer, Heidelberg (2002)
Cantor, S., Kemp, J., Philpott, R., Maler, E., ed.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS XACML-TC, Committee Draft 04 (March 2005)
Firozabadi, B.S., Sergot, M.J., Bandmann, O.: Using authority certificates to create management structures. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2001. LNCS, vol. 2467. Springer, Heidelberg (2002)
Suri, N., Bradshaw, J., Breedya, M., Groth, P., Hill, G., Jeffers, R., Mitrovich, T.: An overview of the NOMADS mobile agent system. In: Proceedings of 14th European Conference on Object-Oriented Programming (2000)
Moses, T. (ed.): eXtensible Access Control Markup Language (XACML), Version 2.0. OASIS XACML-TC, Committee Draft 2004 (December 2004)
Tripathi, A., Karnik, N.: Protected resource access for mobile agent-based distributed computing. In: Proceedings of the ICPP workshop on Wireless Networking and Mobile Computing (1998)
Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: AAA Authorization Framework. RFC-2904, The Internet Society (August 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Navarro, G., Borrell, J. (2006). An XML Standards Based Authorization Framework for Mobile Agents. In: Burmester, M., Yasinsac, A. (eds) Secure Mobile Ad-hoc Networks and Sensors. MADNES 2005. Lecture Notes in Computer Science, vol 4074. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11801412_6
Download citation
DOI: https://doi.org/10.1007/11801412_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36646-1
Online ISBN: 978-3-540-37863-1
eBook Packages: Computer ScienceComputer Science (R0)