The Mobile Code Paradigm and Its Security Issues Anthony Chan September 13, 1999.

Slides:



Advertisements
Similar presentations
--- IT Acumens. COMIT Acumens. COM SNMP Project. AIM The aim of our project is to monitor and manage the performance of a network. The aim of our project.
Advertisements

Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
Agents & Mobile Agents.
By Olga Gelbart Mobile Agents By Olga Gelbart
Mobile Agents Mouse House Creative Technologies Mike OBrien.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
A Survey Of Web Security Aviel D. Rubin Daniel E. Geer Jr. “...with an internationally connected user network and rapidly expand Web functionality, reliability.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
LYU9905 Security in Mobile Agent E- Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor : LYU Rung Tsong Michael.
Context-based Information Sharing and Authorization in Mobile Ad Hoc Networks Incorporating QoS Constraints Sanjay Madria, Missouri University of Science.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
LYU9905 Security in Mobile Agent E-Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor :LYU Rung Tsong Michael.
1 ©2007, University of Pisa, Dip. Ingegneria dell’Informazione – Andrea Bacioccola Survey on Database Architectures A. Bacioccola.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
LYU9905 Security in Mobile Agent E-Commerce Systems Prepared by : Wong Ka Ming, Caris Wong Tsz Yeung, Ah Mole Supervisor :LYU Rung Tsong Michael Date :
AgentOS: The Agent-based Distributed Operating System for Mobile Networks Salimol Thomas Department of Computer Science Illinois Institute of Technology,
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.
Security Modeling and Evaluation for Mobile Agents Anthony Chan and Michael Lyu The Chinese University of Hong Kong.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Client-Server Computing in Mobile Environments
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.
MADE Mobile Agents based system for Distance Evaluation Vikram Jamwal KReSIT, IIT Bombay Guide : Prof. Sridhar Iyer.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.
Data Analysis using Java Mobile Agents Mark Dönszelmann, Information, Process and Technology Group, IT, CERN ATLAS Software Workshop Analysis Tools Meeting,
Source: George Colouris, Jean Dollimore, Tim Kinderberg & Gordon Blair (2012). Distributed Systems: Concepts & Design (5 th Ed.). Essex: Addison-Wesley.
1 Chapter 1 The need for security Computerized trend (all kind of information are in the database) Information passing through Internet.
Chapter 18 Networking F Client/Server Communications F Simple Client/Server Applications F Serve Multiple Clients F Create Applet Clients F Send and Retrieve.
RELATIONAL FAULT TOLERANT INTERFACE TO HETEROGENEOUS DISTRIBUTED DATABASES Prof. Osama Abulnaja Afraa Khalifah
Chapter 21 Distributed System Security Copyright © 2008.
1 MAIN TABLE OF CONTENTS Definition: SOFTWARE AGENT HOW MANY TYPES OF AGENT? DEFINITION OF MOBILE AGENT: SOFTWARE AGENTS PROPERTIES, WORKING OF MOBILE.
Chapter 2: System Models. Objectives To provide students with conceptual models to support their study of distributed systems. To motivate the study of.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
MOBILE AGENTS What is a software agent ? Definition of an Agent (End-User point of view): An agent is a program that assists people and acts on their behalf.
Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.
EVALUATING SECURITY OF SMART PHONE MESSAGING APPLICATIONS PRESENTED BY SUDHEER AKURATHI.
Mobile Agents Babak Esfandiari. Types of Applications Dynamic load balancing. Dynamic service deployment. Intermittently connected systems.
Code Migration Russell T. Potee, III. Overview Why Code Migration? Code Migration Models Migration and Handling Resources Heterogeneous Systems Migration.
Architecture Models. Readings r Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 m Note: All figures from this book.
DATABASE CONNECTIVITY TO MYSQL. Introduction =>A real life application needs to manipulate data stored in a Database. =>A database is a collection of.
Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
Client/Server Computing
Agent Based Transaction System CS790: Dr. Bruce Land Sanish Mondkar Sandeep Chakravarty.
Web Technologies Lecture 8 Server side web. Client Side vs. Server Side Web Client-side code executes on the end-user's computer, usually within a web.
Application Communities Phase II Technical Progress, Instrumentation, System Design, Plans March 10, 2009.
Seminar on Service Oriented Architecture Distributed Systems Architectural Models From Coulouris, 5 th Ed. SOA Seminar Coulouris 5Ed.1.
Features Of SQL Server 2000: 1. Internet Integration: SQL Server 2000 works with other products to form a stable and secure data store for internet and.
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
Mobile Analyzer A Distributed Computing Platform Juho Karppinen Helsinki Institute of Physics Technology Program May 23th, 2002 Mobile.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
Process-to-Process Delivery:
Module 8: Networking Services
Alternatives to Mobile Agents
Chapter 18 Networking Client/Server Communications
Chapter 9.3 Security Access Control
Outline Overview Development Tools
Tiers vs. Layers.
Mobile Agents M. L. Liu.
Lecture 2 - SQL Injection
A Component-based Architecture for Mobile Information Access
Presentation transcript:

The Mobile Code Paradigm and Its Security Issues Anthony Chan September 13, 1999

Presentation Outline Drawbacks of client/server paradigm Classification of mobile code paradigm Mobile code applications and technologies Security concerns of mobile code paradigm Attack model of malicious hosts against mobile agents Conclusion

Client/Server Paradigm The most common paradigm being used for distributed application design Two problems: –high network bandwidth requirement (large number of message transfer) –requirement for user-computer interactivity Mobile code emerges as a more efficient alternative

Classification of Mobile Code Ghezzi and Vigna’s classification of mobile code paradigms

Mobile Code Applications Examples of mobile code systems: –remote evaluation: rsh utility, SQL queries –code on demand: Java applets –mobile agents: not common yet, but a lot of platforms for mobile agents being developed worldwide (e.g., Aglets from IBM, Concordia from Mitsubishi) Hurdle: SECURITY

Security Concerns of Mobile Code A basic requirement: –an application developed using the mobile code paradigm can be as secure as the same application developed using the client/server paradigm –otherwise mobile code could not be used for security-critical applications, which are very common

Security Attacks Actions that compromises security requirements of an application Attacks to Client/server: masquerading, forging, etc. Additional attacks to remote evaluation/code-on-demand: Trojan horses Additional attacks to mobile agents: agent tampering (data/execution)

Security Mechanisms Mechanisms designed to prevent, detect or recover from security attacks Security mechanisms for client/server: –Kerberos, Secure Socket Layer (SSL), etc. –very well established Security mechanism for REV/COD: –sandboxing and code verification Security mechanism for mobile agents: –not established at all

Attack model of malicious hosts against mobile agents (Other agents) Environment Malicious Host Agent System call Read/manipulate properties; control execution Read/manipulate Model proposed by Fritz Hohl: Attacks scenarios that can be described: spy out and modify the whole data part of an agent spy out and modify the code part of an agent manipulate the code execution sequence of an agent manipulate the execution environment of an agent

A mobile agent application Handheld PC (running Windows CE) System analyzes the request and asks the server for data Proxy Server Get the request from client and send agents to database servers Network agent Databases (Oracle server) Agents get appropriate data here and bring back to proxy server CLIENT SERVER A Traveling Information Agent system agent Network

Attacks to the sample agents Possible attacks to the system described: –a malicious host may spy out and modify data collected by the agent, thus false information is reported to user –a malicious host may spy out the code of the agent, thereby get to learn what information the particular user is interested in –a malicious host may manipulate the execution sequence of the agent, and make the agent request some information for it illegitimately –a malicious host may manipulate the information obtained from the databases, and report false information to the agent

Conclusion Mobile code as an alternative to client/server for distributed applications Security as a major hurdle to mobile code Mobile code (especially mobile agents) faces more attacks than client/server do, while the corresponding security mechanisms are not well established An application to illustrate attacks to agents Efforts should be devoted to secure agents

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.