2. Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000

3. Brief Background of Mobile Agents It is used currently to refer to everything from robotic systems to e-mail filters to mobile code. But it do has certain characteristics: They provide an agent server of some kind. Agents can migrate across the internet. Agents can load their code from a variety of sources.

4. Brief Background of Mobile Agents (Cont.) Stationary vs. Mobile Cooperating vs. isolated Is a solution for the automation of many tasks in network configuration and management that today must be done by hands.

5. Problem Description Mobile agent technologies are going to change way we live and work. But they also exasperated the internet security problem. Over a miniscule security hole in a mobile agent system can turn into a gaping flaw in a corporate network.

6. Danger Agents can carry virus from host to host. Agents can be modified by malicious hosts.

7. Objectives This project is to test various means of assuring hosts and agents protection. Determine which are most effective on a given system.

8. Literature Review Tschudin, C. F. (1999) discussed many of the security issues related to agents and their host. Minar, Kramer, and Maes (1999) at MIT Media Lab discussed a way to model a computer system in order to simulate attempted attack and test counter- measures.

9. The Importance of The Research If the security issues on mobile agents can be adequately hand out the benefits software mobility would be great. Program code could decide on its own where to run and many processes could be automatic and distributed.

10. Research Design In order to control as many potential variables as possible, an isolated test system will be set up, allowing us to simulate attacks against hosts and agents, collecting data on the effectiveness of different counter- measures.

11. Research Design (Cont.) A strictly controlled model system will allow us to isolate variables to insure the purity of test results care for testing will identify the usefulness and effectiveness of different tools for different types of agents tasks.

12. Method Different types of security protection to be tested include. Protections of hosts. Proof-carrying code (like check sum) shipped with run-time check verification. Authentication, authorization, allocation authenticate source, verify authorization, allocate only limited resources. Execution environment-agents run on interpreter, which acts as protective “ sandbox. ”

13. Method (Cont.) Protecting agents Extending trusted computing base Use agents only with trusted hosts-limited. Detecting agents tampering Good if restoration available, but after the fact Interlocking Distributing keys and data over multiple agents Distributed shelter for data Agents replicate to backup data Clueless agents Agents code incrusted until environmental conditions meet Handling in the masses Agents broken up and set in data stream then resembled

14. Data Analysis Many trials will be run with only one variable changed and data will be collected and analyzed to determine the most appropriate from of protection for each task or environment, based on effectiveness.

15. Data Analysis (Cont.) Ratio data will be collected according to overall percentage of total attacks detected and/or prevented.

16. Schedule Stage 1 Model design Stage 2 Model construction Stage 3 Run testing Stage 4 Data analysis

17. Facilities and Special Resources Several types of computers, networks, hardware, and operating systems will be incorporated into the physical model, to test the agents under a variety of conditions.

18. Conclusion Agents can provide the software mobility of the future, but will not gain widespread acceptance until security concerns can be safety addressed. This research will address these concerns, and provide data to help protect both agents and hosts in the real world.