Skip to main content
SpringerLink
Log in

MobileTrust: a trust enhanced security architecture for mobile agent systems

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

While offering many practical benefits for distributed applications, mobile agent systems pose some fundamental security challenges. In this paper, we present a new approach to mobile agent security which helps to address some of these challenges. We present a new technique, which we refer to as trust enhanced security, and apply it to mobile agent-based systems; this new technique advocates a shift in security solutions from security-centric to trust-centric. This extends the traditional security mechanisms by enabling trust decisions through explicit specification and management of security-related trust relationships. The integration of the trust decisions into security decision-making process leads to our trust enhanced security performance. A formal trust model is proposed and is incorporated into the development of a novel trust management architecture—MobileTrust for mobile agent-based applications. We have conducted detailed practical investigations to evaluate and validate the emergent properties of the trust enhanced security technique. We present and discuss the key results in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdul-Rahman, A., Hailes, S.: Using recommendations for managing trust in distributed systems. In: Proceedings of IEEE Malaysia international conference on communication’97 (MICC’97), Kuala Lumpur, Malaysia (1997)

  2. Abdul-Rahman, A., Hailes, S.: Relying on trust to find reliable information. In: Proceedings of 1999 international symposium on database, web and cooperative systems (DWACOS’99), Baden- Baden, Germany, August (1999)

  3. Balacheff B., Pearson S.: Trusted computing platforms, TCPA technology in context. Prentice Hall, Englewood Cliffs, NJ (2003)

    Google Scholar 

  4. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 1996 IEEE conference on security and Privacy, Oakland, CA, pp. 164 –173, May (1996)

  5. Chess, D.M.: Security issues in mobile code systems. In: Mobile agents and security, Editor Vigna, volume LNCS1419. Springer-Verlag (1998)

  6. Christianson, B., Harbison, W.S.: Why isn’t trust transitive?. In: Proceedings of the 4th security protocols international workshop, Cambridge, UK, April (1996)

  7. Grandison, T., Sloman, M.: A survey of trust in Internet applications. IEEE Communications Surveys, Fourth Quarter, (2000)

  8. Grandison, T., Sloman, M.: Specifying and analysing trust for Internet applications. Second IFIP Conference on e-Commerce, e-Business, e-Government, October (2002)

  9. Gray, R.S.: A flexible and secure mobile agent system. 4th Annual Tcl/Tk Workshop Proc, (1996)

  10. Hu, Y.-J.: Some thoughts on agent trust and delegation. In: Proceedings of Autonomous Agents 2001 (2001)

  11. IEEE. (ed.): IEEE Security and Privacy, volume 3 of economics of information security. IEEE Computer Society (2005)

  12. Jansen, W.: Mobile agents and security. NIST (1999)

  13. Jansen, W.: Countermeasures for mobile agent security. Comupter Communications, Special Issue on Advances of Network Security, November (2000)

  14. Jøsang, A.: A subjective metric of authentication. In: Quisquater, J. et al. (eds.) Proceedings of ESORICS’98, Louvain-la-Neuve, Belgium (1998)

  15. Jøsang A.: A logic for uncertain probabilities. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 9(3), 279–311 (2001)

    Google Scholar 

  16. Karjoth, G., Lang, D., Oshima, M.: A security model for aglets. IEEE Internet Computing, July (1997)

  17. Karnik N., Tripathi A.: Security in Ajanta Mobile System. Software Practice and Experience. John Wiley and Sons, New York (2000)

    Google Scholar 

  18. Kohlas, R., Jonczy, J., Haenni, R.: A trust evaluation method based on logic and probability theory. In: Karabulut, Y., Mitchell, J., Herrmann, P., Jensen, C.D. (eds.) IFIPTM’08, 2nd joint iTrust and PST conferences on privacy trust management and security, volume II of trust management, pp. 17–32. Trondheim, Norway

  19. Krukow K., Nielsen M., Sassone V.: A bayesian model for event-based trust, vol. 172, pp. 499–521. Elsevier Science Publishers B. V, Amsterdam, The Netherlands (2007)

    Google Scholar 

  20. Lampson B., Abadi M., Burrows M., Wobber E.: Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst. 10(4), 265–310 (1992)

    Article  Google Scholar 

  21. Lange, D.B., Oshima, M.: Programming and Deploying Java Mobile Agents with Aglets. Addison-Wesley, (1998)

  22. Lange D.B., Oshima M.: Seven good reasons for mobile agents. Commun ACM 42(3), 88–89 (1999)

    Article  Google Scholar 

  23. Lin, C.: Trust Enhanced Security for Mobile Agent. Phd thesis, Information and Communication Sciences Division, Macquarie University, Sydney, Australia, May (2007)

  24. Lin, C., Varadharajan, V.: A hybrid trust model for enhancing security in distributed systems. In: The second international conference on availability, reliability and security (AReS 2007), pp. 35–42, Vienna, Austria, April, 10–13, 2007. IEEE Computer Society Press. ISBN 0-7695-2775-2

  25. Lin, C., Varadharajan, V.: Modeling and evaluating trust relationships in mobile agent based systems. In: Proceedings of first international Conference on applied cryptography and network security (ACNS03), volume LNCS 2846, pp. 176–190, Kunming, China, Springer-Verlag (2003)

  26. Lin, C., Varadharajan, V., Wang, Y.: Maximizing utility of mobile agents based e-commerce applications with trust enhanced security. In: 2nd international conference on trust, privacy, and security in digital business (TrustBus05), in conjunction with the 16th international conference on database and expert systems applications (DEXA 2005), volume LNCS 3592, pp. 151–160, Copenhagen, Denmark, August 22–26, Springer–Verlag (2005)

  27. Lin, C., Varadharajan, V., Wang, Y., Pruthi, V.: Trust enhanced security for mobile agents. In: 7th international IEEE conference on E-commerce technology 2005, Technische Universitt Mnchen, Germany, July 19–22, IEEE Computer Society Press (2005)

  28. Lin, C., Varadharajan, V.: Trust enhanced security—a new philosophy for secure collaboration of mobile agents. In: International workshop on trusted collaboration (TrustCol-2006). In conjunction with the 2nd international conference on collaborative computing: networking, applications and worksharing (CollaborateCom-2006), Atlanta, Georgia, USA, November 17–20, IEEE Computer Society (2006)

  29. Marsh, S.: Formalizing trust as a computational concept. PhD thesis, University of Stirling (1994)

  30. Mises R.Von.: Mathematical Theory of Probability and Statistics. Academic Press, New York (1964)

    MATH  Google Scholar 

  31. Moore D.S., McCabe G.P.: Introduction to the Practice of Statistics. 3rd edn. W. H. Freeman and Company, New York (1998)

    Google Scholar 

  32. Rasmusson, L., Jansson, S.: Simulated social control for secure internet commerce: position paper at the new security paradigms workshop (1996)

  33. Raven F.H.: Automatic Control Engineering. 5th edn. McGraw-Hill, New York (1998)

    Google Scholar 

  34. Resnick P., Zeckhauser R., Friedman E., Kuwabara K.: Reputation systems: facilitating trust in internet interactions. Commun ACM 43(12), 45–48 (2000)

    Article  Google Scholar 

  35. Schelderup, K., Olnes, J.: Mobile agent security—issues and directions. In: Proceedings of the 6th international conference on intelligence and services in networks, Barcelona, Spain, April (1999)

  36. Shafer G.: A Mathematical Theory of Evidence. Princeton University Press, Princeton, NJ (1976)

    MATH  Google Scholar 

  37. Tan, H.K., Moreau, L.: Trust relationships in a mobile agent system. In: Picco, G.P. (ed.) Fifth IEEE international conference on mobile agents, volume LNCS2240, Atlanta, Georgia, December, Springer-Verlag (2001)

  38. Varadharajan, V.: Security enhanced mobile agents. In: Proceedings of 7th ACM conference on computer and communication security, (2000)

  39. Varadharajan, V., Foster, D.: A secure architecture and demonstration of a secure mobile agent based application. In: Proceedings of IASTED international conference on networks, parallel and distributed processing and applications 2002 (2002)

  40. Wilhelm, U.G., Staamann, S., Buttyn, L.: On the problem of trust in mobile agent systems. In: Proceedings of 1998 network and distributed security symposium, San Diego, California, Internet Society, March 11–13 (1998)

  41. Yahalom, R., Klein, B., Beth, T.: Trust relationships in secure systems—a distributed authentication perspective. In: Proceedings of IEEE conference on research in security and privacy (1993)

  42. Yahalom R., Klein B., Beth T.: Trust-based navigation in distributed systems. Comput Syst 7(1), 45–73 (1994)

    Google Scholar 

  43. Yu, B., Singh, M.P.: A social mechanism of reputation management in electronic communities. In: Klusch, M., Kerschberg, L. (eds.) CIA-2000 workshop on cooperative information agents, 1860 of LNAI, Springer (2000)

  44. Yu, B., Singh, M.P.: Distributed reputation management for electronic commerce. In: First international joint conference on autonomous agents and multiagent systems, Bologna, Italy (2002)

Download references

Author information

Authors and Affiliations

  1. Macquarie University, Sydney, NSW, Australia

    Ching Lin & Vijay Varadharajan

Authors
  1. Ching Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vijay Varadharajan.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lin, C., Varadharajan, V. MobileTrust: a trust enhanced security architecture for mobile agent systems. Int. J. Inf. Secur. 9, 153–178 (2010). https://doi.org/10.1007/s10207-009-0098-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-009-0098-x

Keywords

Search

Navigation