共查询到17条相似文献,搜索用时 203 毫秒
1.
移动代理技术是一种新型的分布式网络计算技术,得到广泛的研究。其中的安全性问题,特别是移动代理遭受恶意主机攻击的问题制约了移动代理技术的广泛应用。人们提出了基于参考状态的思想,但目前提出的方法开销都较大,并且只能检测是否存在攻击,而对攻击行为没有采取任何措施。本文综合运用参考状态、间隔检测和信誉度,提出一个新的检测方法:ADR,该方法能对检测到的攻击行为采取矫正措施,并重生移动Agent的正确状态。 相似文献
2.
3.
4.
5.
移动代理是一种新的分布式计算模式,安全是其必须解决的问题。针对基于Java移动代理系统的恶意代理问题,尝试提出一种解决方案。该方案主要包括两个方面内容:利用Java2安全机制保护主机资源;采用一种基于证书的移动代理迁移协议,拒绝不合法代理迁移至主机的要求。该方案可以防止移动代理重放攻击。 相似文献
6.
7.
提出了一个解决方案,通过消除移动代理在不同主机上的各状态间的依赖性,简化了移动代理的保护工作,并建立一个新的安全协议,能有效保护移动代理并检测恶意主机的攻击。 相似文献
8.
移动代理(MA)是能够在异构网络中自主迁移的软件实体,它的迁移性和自治性很好地弥补了分布式技术的不足,具有广阔的应用前景;但移动代理安全性问题的存在,严重阻碍了它在实际中的应用.保护代理免受恶意主机的攻击是移动代理系统独有的安全问题.由于代理必须在主机环境中运行,有效解决该问题比较困难.提出一种基于迷乱代理数据变量和时间核查技术的移动代理保护方案,同时给出获得时间核查技术中主要数据的方法.该方案在实际网络管理环境中进行了验证,能够有效地识别恶意主机,移动代理的保护率达95%以上. 相似文献
9.
10.
基于移动代理的可变路由安全协议 总被引:5,自引:0,他引:5
移动代理是一种软件程序,它漫游在计算机网络中,经过不同的主机代替用户执行一定的任务,但是它也带来了许多新的有关面临恶意代理与主机安全的问题.路由安全就是移动代理技术面临的主要安全问题之一.通过对已有的移动代理路由方案的分析,可以得出Mir等给出的基于嵌套加密的移动代理安全路由方案是目前计算复杂度最低的方案.基于基本签字加密技术,该文利用Hash函数提出了一个安全高效的移动代理路由协议,并对其安全性和计算复杂度进行了详细的分析.相比Mir等的方案,该协议在保证安全性的同时,计算复杂度得到了显著的降低,使得用户和路由主机的计算复杂度均达到O(n). 相似文献
11.
In this paper,a solution to the Problem of Malicious Hosts,named SPMH,is suggested.At first,Mobile Agent Blackbox Construction Method based on Loureiro‘s Protocol (MABCM-LP)is suggested to convert a mobile agent into a Mobile Agent Blackbox(MAB) which makes the mobile agent difficult to be understood and tampered by malicious hosts.At the same time,a Protocol Tracing the Inputs/outputs and Results(PTIR)is developed to trace the mobile agent running at a host,which can be used to detect and prove the attacks by malicious hosts,It is proved that this solution is secure,correct,and robust.It is found firstly that the detection method and the prevention method are complementary to each other,and this is the first solution that integrated both of these two methods too. 相似文献
12.
《Computer Standards & Interfaces》2006,28(5):600-611
Full-scale adoption of mobile agent technology in untrustworthy network environment, such as Internet, has been delayed due to several security complexities. The protection of mobile agents against the attacks of malicious hosts is considered a very challenging security problem. It has inspired lot of research interest, but very few measures exist to counter blocking attack where a host with malicious intentions refuses to transmit a mobile agent to the next host. It becomes an important requirement for the agent owner to rescue the data collected by the agent under custody and redeem a loss. In this paper, we present two schemes that rescue the offering results from a malicious host's blocking attack, and make a comparison of their performance from several aspects. Our approach has two new features that previous protocols lack. It allows the proper handling of time-sensitive offers and supports the gradual decision-making execution. 相似文献
13.
《Journal of Network and Computer Applications》2007,30(3):1228-1243
Despite its many benefits, mobile agent technology results in significant security threats from agents and hosts. This paper presents a protocol which protects mobile agents from malicious hosts. This protocol combines four concepts: the cooperation between a mobile agent and a sedentary agent; the reference execution (reliable platforms which shelter our cooperating sedentary agents); the cryptography and the digital signature to ensure safe inter-agent communication and time-limited execution (timeout). A dynamic approach which makes use of a timer to make it possible to detect a mobile agent's code re-execution was used. The attack on agent permanent modification was also dealt with. Moreover, the protocol is sufficiently robust so that it is durable and fault tolerant. 相似文献
14.
15.
The use of mobile agents seems the natural way to improve the network conditions to provide an easy access to future services. Unfortunately, there are some security constraints that avoid a massive use of mobile agents systems. The protection of mobile agents against the attacks of malicious hosts is considered by far the most difficult security problem to solve in mobile agent systems.This paper introduces some techniques that aim to solve the problem of the malicious hosts. This paper improves some aspects of the most widely known attack detection technique, the cryptographic traces approach. This approach presents some major drawbacks that can be solved by means of a Suspicious Detection Protocol. Additionally, this paper introduces some other protocols that can be used to punish the malicious host by using a Third Trusted Party, the Host Revocation Authority. 相似文献
16.
When mobile agents do comparison shopping for their owners, they are subject to attacks of malicious hosts executing the agents. We present a family of protocols that protect the computation results established by free-roaming mobile agents. Our protocols enable the owner of the agent to detect upon its return whether a visited host has maliciously altered the state of the agent, thus providing forward integrity and truncation resilience. In an environment without public-key infrastructure, the protocols are based only on a secret hash chain. With a public-key infrastructure, the protocols also guarantee non-repudiability. 相似文献
17.
安全聚合协议在过去的二十年里得到了深入广泛的研究,此类协议的基本设置由多方与一个聚合器协调组成,该聚合器的目标是计算各方输入的总和,而不会泄露除聚合值本身之外的任何有关各方私有输入的信息。在现有文献中有许多安全聚合解决方案,这些解决方案主要关注数据隐私问题,即在使聚合器能够计算和显示输入总和的同时,对各方的个人输入保密;另一方面,在输入的正确性和完整性方面,假定所有涉及聚合协议的各方都是完全可信的,虽然很少有解决方案将聚合器视为潜在的恶意对手,但在本文中,考虑了恶意方的存在,他们可以发送虚假的输入,从而导致计算无用。针对恶意用户可以在不被检测到的情况下生成模型中毒或后门注入攻击,本文提出一个将用户视为潜在恶意的安全聚合协议,这种新协议允许以隐私保护的方式正确计算聚合结果。为了实现该解决方案,作者开发了一个机器学习模型的构造,在这个模型中,多方使用他们的私有局部模型参数协作来训练模型,而不向包括聚合器在内的其他各方透露这些参数,并使用了一个新设计的可编程伪随机函数,在存在潜在后门注入攻击的联邦学习场景下,将解决方案作为概念证明进行了验证,实验结果表明,所提议的安全聚合协议确实可以帮助检测后门攻击,并通过与现有的安全聚合协议比较,所拟议的安全聚合协议是目前性能较好的聚合协议,在网络安全应用中,安全聚合协议用作异常检测是可以值得信赖的。 相似文献