1 Security and Agent Based Computing Environment Presented by: Feng Zhang, Markus Kaiser, Hien Nguyen, and Shu Wang

2 Outline  Motivation.  Objectives.  System architecture.  Implementation.  Empirical results.  Related work.  Conclusion and Future work.

3 Motivation  Addressing the security threats in agent computing paradigm is a challenging problem.  Our ongoing work of multi-agent distributed goal satisfaction project (MADGS) currently is not employing any security mechanism:  Unauthorized access:  Unauthorized access: No control over the agent communication, migration, resource allocation  Denial of services: No control over who can create agents and use resources  Disclosure of information: No protection over the communication among agents.

4 Objectives  Address security issues in MADGS by two models:  Use role-based security approach through JINI.  Implement role-based security inside MADGS.  Empirically evaluate these two models based on their performances, integrity, and scalability.

5 Objectives (cont.)  Allow any MADGS agents to access JINI resources such as university database.  Research:  Literature search of agent security, replication.

6 Overview of the current MADGS system Carolina server AgentManager ResourceManager PlanHandler agent Prodigy AgentTool Agent Environment Tool for creation & deployment agents Planning tool

7 Architecture of combining JINI Security Service with MADGS JINI Lookup Role-Based Privileges Security Registration Authorization List UniversityDB JINI Security Client MADGSJiniClient AgentManagerResourceAgent PlanHandlerAgent Carolina Server Prodigy AgentTool SecurityHandler

8 Architecture of combining JINI Security Service with MADGS

9 Architecture of building a security component in MADGS AgentManager ResourceAgent PlanHandlerAgent Carolina Agent Server Prodigy AgentTool SecurityHandler MADGS Security Client SecurityManager

10 Architecture of building a security component in MADGS

11 Implementation of using JINI Security Service  JINI Security Service  MADGSJiniClient  JINI Security Client  Integration between MADGSJiniClient and SecurityHandler

12 Implementation of using JINI Security Service +checkPrivileges() +createRole() +deleteRole() +createClient() +deleteClient() +Grant(Revoke)_UR_Client() +Grant(Revoke)_UR_Resource() …….. JINI Security Service Role Management +createRole() +deleteRole() Client Management +createClient() +deleteClient() AuthRoleToClient +Grant_UR_Client() +Revoke_UR_Client() ResourceManagement +appendResource() +deleteResource() GrantRevokeRSM +Grant_UR_Resource() +Revoke_UR_Resource()

13 Implementation of MADGSJiniClient MADGSJiniClient Capability:long +accessJiniResource( role,resc,inObj,outObj ) +checkResourceRequest() +createResource() +deleteResource() +findResource() -locateLookup() +discovered() +discarded() JINI Security Service +checkPrivileges() +createRole() +deleteRole() +createClient() +deleteClient() +appendResource() +deleteResource() +Grant_UR_Client() +Grant_UR_Resource() +Revoke_UR_Client() +Revoke_UR_Resource() 0..* 1

14 Implementation of JINI Security Client  Builds a more organized, easy to use graphical user interface compared to the existing one  Includes:  Role management, client management, resource management panels  Client and resource authorization panels

15 Implementation of JINI Security Client Role management panel

16 Implementation of JINI Security Client

17 Integration between MADGSJiniClient and SecurityHandler in MADGS  Add some translation code in MADGSJiniClient to retrieve information from JINI SS.  Each Carolina server is considered as a client of JINI environment.  JINI Security Service must keep each server’s information in the client table ahead of time.

18 Implementation of a security component in MADGS  MADGS Security Manager  SecurityHandler  MADGS Security Client  Making changes in Agent Manager and Message Manager

19 Implementation of MADGS Security Manager Role +roleId +roleDescription Resource +resourceId +serviceId Agent +agentId +agentName Privilege +resourceId +serviceId +methodId +privilegeId … Security Manager +getResourceList(..) +getServiceList(..) +createRole(..) +deleteRole(..) +getRoleById(..) +grantPrivilege(..) +revokePrivilege(..) +getRolePrivilege(..) +getAgentList(…) +grantRoleToAgent(..) +revokeRoleFromAgent(…) ……. *1*1 *1*1 *1*1 *1*1

20 Implementation of SecurityHandler in MADGS  Is a common interface for SecurityManager, AgentManager, MessageManager and MADGSJiniClient  Contains a set of public methods of SecurityManager  Each method in SecurityHandler will direct the call to the corresponding method in SecurityManager and MADGSJiniClient.

21 Implementation of MADGS Security Client  Usability criteria  Easy to use, comprehensible, well-organized, iterative design.  Includes  Role services  Authorization services  Agent services  Option to switch to use JINI Security Service or no security.

22 Implementation of MADGS Security Client

23 Implementation of MADGS Security Client Grant privileges to a role in MADGS Security Client

24 Using MADGS Security Manager to control agent migration in MADGS

25 Access JINI resources from any MADGS agents  Chooses university database as the JINI resource in this implementation.  Builds a tool to access this resource (JINI University Database tool).  Creates a MADGS agent to use this tool to access the university database from MADGS.

26 Implementation JINI University Database tool

27 Allow MADGS agents to use JINI UDB  Each Carolina server is considered as a client in JINI environment.  Each Carolina client will be granted a set of roles which is the union of all of the roles assigned to all agents operating on it.  Information of agents’ roles are kept in the agent directory and maintained by Security Manager in MADGS.

28 A MADGS agent access JINI university database resource

29 Objectives of empirical evaluation  To make sure the security enforcement is working properly.  To explore the effects of security on the main functions of MADGS such as agent communication or migration.  To look at the performance issues of using JINI Security Service

30 Empirical evaluation setting  Carolina server was installed on four machines (Lisa, Markus, Hien and Greg).  JINI Lookup Service and JINI Security service was install on Lisa machine  “Stress” agent was created on every machine to monitor the communication process among agents.  Measurement of communication time between  Sender agent with (without GUI) sends messages to Echo agent with(without GUI).  Communication time = receiving time – sending time  Using asynchronous communication

31 Deployment diagram of empirical evaluation

32 Stress agent

33 Empirical evaluation results

34 Empirical evaluation results

35 Empirical evaluation results

36 Empirical evaluation results

37 Empirical evaluation results

38 Related work  Research done in agent security  Mobile agent system built with security  Replication methods.

39 Related work in agent security  Protecting agent platforms  Security threats: masquerading, denial of service and unauthorized service.  Approaches: software-based fault isolation, safe code interpretation, signed code, proof carrying code, state appraisal, path history, role-based access.  Protecting agents  Security threats: spy agent’s communication, invoke agent’s public methods without permissions. Malicious platforms can intercept, update agent’s states  Approaches: environmental key generation, computing with encrypted function, record mutual itinerary with and without replication, tracing execution, role-based access

40 Existing mobile agents system with security  Telescript:  protecting agent platforms only by issuing a permit for each agent.  Concordia  protecting agent platforms: using statistically specified access control lists based on user identities.  protecting agents: using encryption control  Ajanta:  protecting agent platforms: based on concept of proxy interposition  protecting agents: by encryption.

41 Overview on replication approaches  Active replication  client sends its request to all replicas and takes the first incoming result  Passive replication  client sends its request to only one main server. This replica will execute the operation and copy the results to other existing replicas.  Semi active replication, semi passive replication  combine of active and passive replication

42Summary  Incorporated the security using role-based approach into a multiagent distributed goal satisfaction system.  Experienced with using JINI Security Service and implements an separated security component in MADGS.  Did empirical evaluation to see how the security affects the operation of a mobile agent system, which method (JINI or not JINI) is appropriate with MADGS.  Opened many interesting research issues from the implementation and evaluation of the project.

43 Future work  Look at negative privileges as well as positive privileges  Look at combination of an encryption technique with role information to protect role information from being spied and changed.  Replication of security database:  high level: using JINI  low level: using local database on Carolina server

44 Future work  Provide a tool for a security officer to analyze the role hierarchy.  Allow any JINI client to access some resource in MADGS.  Test with an working scenario in the context of distributed planning.