一个基于Java的Mobile Agent安全体系结构模型

与早期分布式计算的范例比较Mobile Agent变得日益流行,但是阻碍其广泛应用的主要原因是与移动代码相伴而来的安全问题.这就要求Mobile agent系统提供一种机制,来完成对服务器资源的访问控制以及保证通信的安全性,并对Mobile Agent自身的进行保护.文章提出了一个基于Java的安全体系结构模型,该模型通过创建资源代理来实现安全策略,为基于Java的Mobile Agent系统提供了一个统一的安全服务接口.     

移动Agent系统中的安全问题和技术研究综述

移动Agent是分布式计算领域中一种新的计算模式。由于其在异步性、自治性以及移动性等方面的优势,移动Agent技术应用范围日益广泛,而随之而来的系统安全性问题也日益突出。拳文对移动Agent系统中的主要安全威胁做了细致的分析;在此基础上,从主机和Agent两技术方面以及社会角度总结了目前主要存在的安全保障措施;描述并比较了几种具代表性的移动Agent系统及各自的安全实现机制。     

Security and privacy: promising advances

The paper discusses some promising advances in computer security. Security system designers and implementers must consider several factors: security policy, privileges, authentication, correctness and auditing. The paper presents an overview of some sub-fields and their successes: trusted systems, operating systems, database management systems, distributed systems, cryptography, protocols, system correctness, intrusion detection and mobile code     

基于数据迷乱和时间核查技术的移动代理保护的研究

移动代理(MA)是能够在异构网络中自主迁移的软件实体,它的迁移性和自治性很好地弥补了分布式技术的不足,具有广阔的应用前景;但移动代理安全性问题的存在,严重阻碍了它在实际中的应用.保护代理免受恶意主机的攻击是移动代理系统独有的安全问题.由于代理必须在主机环境中运行,有效解决该问题比较困难.提出一种基于迷乱代理数据变量和时间核查技术的移动代理保护方案,同时给出获得时间核查技术中主要数据的方法.该方案在实际网络管理环境中进行了验证,能够有效地识别恶意主机,移动代理的保护率达95%以上.     

基于移动Agent的分布式数据库的协同安全模型

随着各种分布式计算的广泛应用,移动Agent技术引起了人们越来越多的关注.在移动Agent的应用环境中,数据传输、服务器资源.移动Agent运行环境和移动Agent自身安全等方面的安全性问题日益突出.同时移动Agent应用系统中各个数据处理Agent之间的自主进行协商和协调也是一个有待解决的问题.针对这些问题,提出了一种基于移动Agent的分布式数据库的协同安全模型,来初步解决移动Agent的分布式数据库安全性和Agent之间协调工作的问题.     

一种新的移动Agent保护方案研究与设计

随着移动Agent技术在分布式计算中的应用,移动Agent系统在安全和软件工程两方面面临着巨大的挑战。为了防止恶意或未授权的第三方实体的攻击,研究了保护移动Agent数据和代码的方法。设计了一种全新的移动Agent结构,由封装了所有要在特定主机平台上执行的代码的数据和负责传送并处理这些数据的显示代码构成,这种数据代码分离结构与其他已有的移动Agent结构互不影响,因而提高了移动Agent平台之间的互操作性。同时描述了公钥解密和Agent验证机制,实现了保护数据免受篡改代码引起的攻击,以及通过进一步改进数据的结构,实现了保护代码免受注入恶意数据引起的攻击。     

MobileTrust: a trust enhanced security architecture for mobile agent systems

While offering many practical benefits for distributed applications, mobile agent systems pose some fundamental security challenges. In this paper, we present a new approach to mobile agent security which helps to address some of these challenges. We present a new technique, which we refer to as trust enhanced security, and apply it to mobile agent-based systems; this new technique advocates a shift in security solutions from security-centric to trust-centric. This extends the traditional security mechanisms by enabling trust decisions through explicit specification and management of security-related trust relationships. The integration of the trust decisions into security decision-making process leads to our trust enhanced security performance. A formal trust model is proposed and is incorporated into the development of a novel trust management architecture—MobileTrust for mobile agent-based applications. We have conducted detailed practical investigations to evaluate and validate the emergent properties of the trust enhanced security technique. We present and discuss the key results in this paper.     

Programmable mobile networks

Existing mobile systems (e.g., mobile IP, mobile ATM and third generation cellular systems) lack the intrinsic architectural flexibility to deal with the complexity of supporting adaptive mobile applications in wireless and mobile environments. We believe that there is a need to develop alternative network architectures from the existing ones to deal with the demands placed on underlying mobile signalling, adaptation management and wireless transport systems in support of new mobile services, e.g. interactive multimedia and web access. In this paper we present the design, implementation and evaluation of mobiware, a middleware technology that enables the introduction of new services in mobile networks. Mobiware provides a toolkit that service providers can utilize to build services that can dynamically exploit the intrinsic scalable properties of mobile multimedia applications in response to time-varying mobile network conditions. Based on an open programmable networking paradigm, mobiware runs on mobile devices, wireless access points and mobile-capable switch/routers providing a set of open programmable interfaces and distributed objects for adaptive mobile networking. Mobiware is software-intensive and is built on CORBA and Java distributed object technologies. The source code for mobiware v1.0 is freely available (comet.columbia.edu/mobiware) for experimentation.     

Supporting reconfigurable security policies for mobile programs

Programming models that support code migration have gained prominence, mainly due to a widespread shift from stand-alone to distributed applications. Although appealing in terms of system design and extensibility, mobile programs are a security risk and require strong access control. Further, the mobile code environment is fluid, i.e. the programs and resources located on a host may change rapidly, necessitating an extensible security model. In this paper, we present the design and implementation of a security infrastructure. The model is built around an event/response mechanism, in which a response is executed when a security-related event occurs. We support a fine-grained, conditional access control language, and enforce policies by instrumenting the bytecode of protected classes. This method enhances efficiency and promotes separation of concerns between security policy and program specification. This infrastructure also allows security policies to change at runtime, adapting to varying system state, intrusion, and other events.     

Delegation of signing rights using certificateless proxy signatures

A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer within a given context. It has lots of practical applications in distributed systems, grid computing, mobile agent applications, distributed shared object systems, global distribution networks, and mobile communications. In the last years, fruitful achievements have been seen in certificateless public key cryptography which has the advantages of no certificate management and no key escrow compared with traditional public key cryptography and identity-based public key cryptography respectively. However, the existing certificateless proxy signature schemes is either insecure or without formal security analysis. In this paper, we formalize the security model of certificateless proxy signature schemes and propose a provably secure certificateless proxy signature scheme with formal security proof under the computational Diffie–Hellman assumption.     

J-SEAL2—A Secure High-Performance Mobile Agent System

Even though the advantages of mobile agents for distributed electronic commerce applications have been highlighted in numerous research works, mobile agent applications are not in widespread use today. For the success of mobile agent applications, secure, portable, and efficient execution platforms for mobile agents are crucial. However, popular mobile agent systems do not meet the high security requirements of electronic commerce applications, are not portable, or cause high overhead. Currently, the majority of mobile agent platforms is based on Java. These systems simply rely on the security model of Java, although it is not suited to protect agents and service components from each other.In contrast, J-SEAL2 is a mobile agent system designed to meet the high security, portability, and performance requirements of large-scale electronic commerce applications. J-SEAL2 extends the Java environment with a model of strong protection domains. The core of the system is a micro-kernel fulfilling the same functions as a traditional operating system kernel: protection, communication, domain termination, and resource control. For portability reasons, J-SEAL2 is implemented in pure Java. This paper focuses on the design of the new communication model in J-SEAL2, which allows convenient, efficient, and mediated communication in a hierarchy of strong protection domains.     

Mobile code paradigms and security issues

Programs are no longer constrained to execute on the nodes where they reside, and many systems therefore support code mobility. Although mobile code has yet to fully realize its promise of increased system flexibility, scalability, and reliability, the marketplace has embraced mobile code implementations such as Java.Jini, PostScript, and .NET. Several mobile code paradigms exist, and mobile code use raises many security concerns. Here, we map a taxonomy of mobile code paradigms to a taxonomy of network security vulnerabilities, revealing that many important security issues are being ignored.     

Distributed call-tracking for security

In this paper, we introduce a functional language which facilitates the mobility of code between the sites of a distributed system. We observe that code mobility renders systems with limited resources vulnerable to denial-of-service attacks. Languages which are designed with the objective of preventing these attacks would benefit from static analysis which can expose the resource consumption of programs. In functional computation there is a close connection between the consumption of resources and the flow of control within the system. We show that it is possible to exploit type systems to perform distributed control flow analysis and discuss the potential applications of such analyses in promoting security of resource-sensitive systems.     

一个采用惟密文验证签字的Mobile Agent新方案

在未来分布式计算机环境中移动代理系统起着极为重要的作用,这种采用异步式通信的软件代理应具有许多优点并可使整个网络的效率提高,因而存在广泛的应用。但是,软件编制的移动代理容易受其运行主机上恶意软件的攻击,保护移动代理不受窜扰成为移动代理能正常运行的关键。而一般的加密及签字技术不能直接适用于移动代理环境,因此,需要开发新的签字加密技术。结合洋葱路由技术,提出了一个采用惟密文数字签名验证的移动代理系统新方案,以增强移动代理的安全可靠性。最后对其做了安全分析。     

Data Privacy in Tuple Space Based Mobile Agent Systems

More recently, distributed variants of tuple spaces have been proposed to exploit the Linda model for programming distributed applications over wide area networks, possibly exploiting code mobility. However, the flexibility of the shared tuple space model opens possible security holes; it basically provides no access protection to the shared data. In this paper we investigate some possible scenarios where mobile agents can benefit from our cryptographic tuple space based framework, CryptoKlava, and sketch how to possibly implement such agents in order to keep the privacy of items collected by the mobile agent during its itinerary. The functionalities of the framework are general enough to be applied to other Java frameworks using multiple distributed tuples spaces possibly dealing with code mobility.     

面向Android应用程序的代码保护方法研究

近年来,Android操作系统快速发展,逐渐成为移动设备最常用的操作系统之一.与此同时,Android系统的安全问题也日益明显.由于Android系统自身的安全体系不够健全以及Android应用代码保护方法缺失,大量Android应用面临逆向工程、盗版、恶意代码植入等威胁.文章针对Android应用所面临的这些安全问题进行分析,并指出问题存在的原因.在此基础上,设计了一个完整的Android应用程序代码保护方法,该方法由PC端处理模块、Android端处理模块以及Android代码开发规范构成.为使该方法更具可操作性,文章还给出了一些关键技术的实现,包括基于AES算法的加密保护、伪加密、加壳、代码混淆以及特殊编码规则等.文章提出的面向Android应用程序的代码保护方法借鉴了传统的保护方法,结合Android系统的自身特性,采用文件加密、代码混淆、反动态调试、完整性校验以及加壳等技术,从对抗静态攻击和对抗动态调试两个方面提高了应用抗攻击的能力.因此,该方法不仅具有一定的理论意义,还具有一定的实际应用价值.     

Klava: a Java package for distributed and mobile applications

Highly distributed networks have now become a common infrastructure for wide‐area distributed applications whose key design principle is network awareness, namely the ability to deal with dynamic changes of the network environment. Network‐aware computing has called for new programming languages that exploit the mobility paradigm as a basic interaction mechanism. In this paper we present the architecture of KLAVA , an experimental Java package for distributed applications and code mobility. We describe how KLAVA permits code mobility by relying on Java and present a few distributed applications that exploit mobile code programmed in KLAVA . Copyright © 2002 John Wiley & Sons, Ltd.     

Integrity protection for Code-on-Demand mobile agents in e-commerce

The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent's perspective, mobile agent integrity should be protected against attacks from malicious hosts and other agents. In this paper, we present Code-on-Demand (CoD) mobile agents and a corresponding agent integrity protection scheme. Compared to the traditional assumption that mobile agents consist of invariant code parts, we propose the use of dynamically upgradeable agent code, in which new agent function modules can be added and redundant ones can be deleted at runtime. This approach will reduce the weight of agent programs, equip mobile agents with more flexibility, enhance code privacy and help the recoverability of agents after attack. In order to meet the security challenges for agent integrity protection, we propose agent code change authorization protocols and a double integrity verification scheme. Finally, we discuss the Java implementation of CoD mobile agents and integrity protection.     

Reverse Engineering of Mobile Banking Applications

Software reverse engineering is the process of analyzing a software system to extract the design and implementation details. Reverse engineering provides the source code of an application, the insight view of the architecture and the third-party dependencies. From a security perspective, it is mostly used for finding vulnerabilities and attacking or cracking an application. The process is carried out either by obtaining the code in plaintext or reading it through the binaries or mnemonics. Nowadays, reverse engineering is widely used for mobile applications and is considered a security risk. The Open Web Application Security Project (OWASP), a leading security research forum, has included reverse engineering in its top 10 list of mobile application vulnerabilities. Mobile applications are used in many sectors, e.g., banking, education, health. In particular, the banking applications are critical in terms of security as they are used for financial transactions. A security breach of such applications can result in huge financial losses for the customers as well as the banks. There exist various tools for reverse engineering of mobile applications, however, they have deficiencies, e.g., complex configurations, lack of detailed analysis reports. In this research work, we perform an analysis of the available tools for reverse engineering of mobile applications. Our dataset consists of the mobile banking applications of the banks providing services in Pakistan. Our results indicate that none of the existing tools can carry out the complete reverse engineering process as a standalone tool. In addition, we observe significant differences in terms of the execution time and the number of files generated by each tool for the same file.     

An embeddable mobile agent platform supporting runtime code mobility,interaction and coordination of mobile agents and host systems

Agent technology is emerging as an important concept for the development of distributed complex systems. A number of mobile agent systems have been developed in the last decade. However, most of them were developed to support only Java mobile agents. In order to provide distributed applications with code mobility, this article presents a library, the Mobile-C library, that allows a mobile agent platform, Mobile-C, to be embeddable in an application to support mobile C/C++ codes carried by mobile agents. Mobile-C uses a C/C++ interpreter as its Agent Execution Engine (AEE). Through the Mobile-C library, Mobile-C can be embedded into an application to support mobile C/C++ codes carried by mobile agents. Using mobile C/C++ codes, it is easy to interface a variety of low-level hardware devices and legacy systems. Through the Mobile-C library, Mobile-C can run on heterogeneous platforms with various operating systems. The Mobile-C library has a small footprint to meet the stringent memory capacity for applications in mechatronic and embedded systems. The Mobile-C library contains different categories of Application Programming Interfaces (APIs) in both binary and agent spaces to facilitate the design of mobile agent based applications. In addition, a rich set of existing APIs for the C/C++ interpreter employed as the AEE allows an application to have complete information and control over the mobile C/C++ codes residing in Mobile-C. With the synchronization mechanism provided by the Mobile-C library for both binary and agent spaces, simultaneous processes across both spaces can be coordinated to get correct runtime order and avoid unexpected race condition. The study of performance comparisons indicates that Mobile-C is about two times faster than JADE in agent migration. The application of the Mobile-C library is illustrated by dynamic runtime control of a mobile robot’s behavior using mobile agents.