1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.

Slides:

Advertisements

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Advertisements

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

McAfee One Time Password

Software Security & Privacy Risks in Mobile E-Commerce Kartikeya Kakarala CSCI 5939-Independent Study Wireless Application Protocols.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Java security (in a nutshell)

Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

The road to reliable, autonomous distributed systems

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

1 Extensible Security Architectures for Java Authors: Dan S.Wallch, Dirk Balfanz Presented by Moonjoo Kim.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

3 September INBOSA workshop 1 Raul Fonseca, Paulo Marques, Paulo Simões, Luís Silva, João Silva CISUC, University of Coimbra, Portugal

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

WNT Client/Server SDK Tony Vaccaro CS699 Project Presentation.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Fraser Technical Solutions, LLC

A Framework for Smart Proxies and Interceptors in RMI Nuno Santos P. Marques, L. Silva CISUC, University of Coimbra, Portugal

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

1 Secure Distributed Objects for Grid Applications Laurent Baduel, Arnaud Contes, Denis Caromel OASIS team ProActive

W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.

Security in Java Sunesh Kumra S

Java Security Shmuel Babad CEO MidLink Computing LTD

Enterprise JavaBeans. What is EJB? l An EJB is a specialized, non-visual JavaBean that runs on a server. l EJB technology supports application development.

Enterprise Java Beans Java for the Enterprise Server-based platform for Enterprise Applications Designed for “medium-to-large scale business, enterprise-wide.

15/06/1999HP OVUA Workshop - Bologna - Italy1 An Integrated Environment for the Management of Network Resources and Services Paolo Bellavista, Antonio.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

SEC835 Practical aspects of security implementation Part 1.

BLU-ICE and the Distributed Control System Constraints for Software Development Strategies Timothy M. McPhillips Stanford Synchrotron Radiation Laboratory.

The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005 Raju Kumar CS598C: Virtual Machines.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.

Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Transparent Mobility of Distributed Objects using.NET Cristóbal Costa, Nour Ali, Carlos Millan, Jose A. Carsí 4th International Conference in Central Europe.

Jaas Introduction. Outline l General overview of Java security Java 2 security model How is security maintained by Java and JVM? How can a programmer.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.

Jini Architectural Overview Li Ping

Dyalog’08. Conga, SSL and WebServices Morten Kromberg Dyalog’08 - Elsinore.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.

Module 10: Windows Firewall and Caching Fundamentals.

Institute for Visualization and Perception Research 1 © Copyright 1999 Haim Levkowitz Java-based mobile agents.

Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.

TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.

Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

Java security (in a nutshell)

Topic: Java Security Models

Seraphim : A Security Architecture for Active Networks

Knowledge Byte In this section, you will learn about:

Presentation transcript:

1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal

2 22 August 2001 Outlook  M&M Overview  Java and Mobile Agents security  M&M Security Requirements Challenges/Problems Architecture

3 22 August 2001 M&M Overview  M&M Overview  Java and Mobile Agents security  M&M Security Requirements Challenges/Problems Architecture  Conclusion

4 22 August 2001 M&M Overview M&M Programming Model HOST AHOST B other app objects Application B other app objects Application A Middleware Mobility Components

5 22 August 2001 M&M Overview The component approach  Component approach: mobile agent support built as a set of components  Applications become agent-enabled by using binary software components (JavaBeans and ActiveX)  Easy to program (Visual Builder Tools)  Security is integrated into the application security framework  Agents can be application specific  Only the required components are included in each application

6 22 August 2001 Java and Mobile Agents security  M&M Overview  Java and Mobile Agents security  M&M Security Requirements Challenges/Problems Architecture  Conclusion

7 22 August 2001 Java and Mobile Agents security The good  Dynamic class loading  Object serialization  Fine-grained security framework  Sandbox model  Many powerfull APIs  Simple to program

8 22 August 2001 Java and Mobile Agents security The bad  Notion of thread but no notion of process All classes are loaded to the same JVM A mis-behaving agent may deadlock the JVM No standard and correct way of killing a thread.  No resource control mechanism  The standard security model has no notion of user Authentication and authorization based on who signed the code and where it came from Java was designed for single-user environments. No operating-system like features!

9 22 August 2001 M&M Security  M&M Overview  Java and Mobile Agents security  M&M Security Requirements Challenges/Problems Architecture  Conclusion

10 22 August 2001 M&M Security Requirements  General security models are hard to implement How to protect agents from hosts?  Limited model: agent- accountable environments Infrastructure owned by cooperating organizations Contract: do not attack any agent executing on their hosts Useful in the real world  This model assumes: Hosts do not attack agents Agents may mis-behave and attack hosts and other agents

11 22 August 2001 M&M Security Requirements  Protect the agent runtime from agents Unauthorized access or operation Excessive resource consumption Overflow by agents  Protect agents from agents Tampering or eavesdropping Killing  Limited protection of agents from hosts Cryptography to hide secrets from hosts

12 22 August 2001 M&M Security Challenges  How to establish the notion of user Agent permissions should be granted based on its owner. The same agent code may be used by several different entities  But, in the standard Java model: Each class can only have one ProtectionDomain The policy files do not support the notion of user.  How to have different ProtectionDomains for the same agent code?

13 22 August 2001 M&M Security Challenges  Integration with applications M&M components should integrate seamlessly with existing applications If the application has already instantiated a SecurityManager the M&M must work with it.  But, before JDK 1.2 Security policy coded in the SecurityManager Each application had a specific SecurityManager.  After JDK 1.2 Security policy in external files The SecurityManager need not be changed

14 22 August 2001 M&M Security Architecture

15 22 August 2001 M&M Security Architecture  Works with Java 2 security model. Only requires that a standard SecurityManager be instantiated.  Uses standard Java 2 policy files.  Principals: agent owner, agent programmer and hosts  Each principal has a pair of private/public keys  Strong isolation between agents and system resources Proxies avoid direct communications between agents and other mobility components. The Java 2 AccessController protects accesses to the Java API

16 22 August 2001 M&M Security Architecture  Authentication Each agent is given an AgentIdentity at creation: agent name, owners, hash of the code, creation and expiration dates. Signed by the agent owners’ private keys. Hosts use the agent owners’ public keys to validate migrations Virtual signers: the authenticated owners of the agent.  Authorization For each agent a new ClassLoader is created: AgentClassLoader ProtectionDomain defined with the virtual signers In the policy files the virtual signers are specified in the “ signedBy ” field.

17 22 August 2001 M&M Security Architecture Standard Java ClassloadingM&M agents ClassLoading

18 22 August 2001 M&M Security Architecture  Remote Management Interfaces (via RMI) Authentication of the client Server code runs with the permissions of the client  Remote Instalable services Run with the permissions of the principal who installed it.  More features: Extensive logging facilities Cryptographic primitives for agents: confidentiality and integrity Migrations protected by SSL sockets

19 22 August 2001 M&M Security Architecture  Limitations Resource control. Some solutions modified JVM JVM Profiling Interfaces Integration with existing applications If the SecurityManager is modified it may not work. In practise: most modified SecurityManagers still work with the Mobility components. Logging of API calls The agent calls the API directly. How to log them? Changing the SecurityManager is not an option.

20 22 August 2001 Conclusions  Right now it is not possible to define a perfect security model for mobile agents. Most applications can deal with the risk of the current models: Accept the risk, if cost is reasonable Use external security mechanisms  The Java language is good for programming mobile agents, but has some limitations: lack of processes, lack of resource control mechanisms, lack of multi-user support

21 22 August 2001 Questions?