Japan Advanced Institute of Science and Technology

Japan Advanced Institute of Science and Technology

JAIST Repository

https://dspace.jaist.ac.jp/

Title

護するセキュリティ機構の提案と実装

Author(s)

Citation

Issue Date

Type

Text version

URL

Rights

Description

Shinichi Murata

School of Information Science,

Japan Advanced Institute of Science and Technology

February 15, 2001

Keywords: mobile agent, security, application framework, electronic commerce,

security policy, malicioushost, connement.

1 Security Threats Considered

Thepurposeofthis studyistoconstructaframeworkthatprotects mobileagentsagainst

read attacks frommalicious hosts, and to realize itas an application framework. Mobile

agents are programs that migrate from host to host and execute tasks at each host.

Programmers can make exible application by using mobile agents, because they can

migrate with their internal states. However, when we use mobile agent technologies in

real-world applications, we must resolve reliability and security problems. In this paper,

we deal with one of the security problems. The security problems are divided into two

categories: (1)threatsby maliciousagents whoattackhosts and (2) threatsby malicious

hosts whoattack agents. In existing mobileagent systems, (1)have been considered,but

(2)isnot. Thoughthereare severalattackscategorizedas(2),wecopewithathreatthat

conned data of agentsare stolen by read attacks frommalicioushosts.

Electroniccommerceisoneofapplicationareathatisexpectedtousemobileagents. If

weusemobileagentsforthisarea,theycancollectinformation,makeelectronicsettlement

and negotiate priceautomatically. However, malicioushosts can read theirconned data

like information about a credit card and personal information. So in this area, it is

importanttocopewiththereadattacks. Inthispaper,wedealwithElectronicCommerce

Agentwhomigratesfromhosttohostand communicates withavirtual shopateachhost

and does electronic commerce.

2 A Connement Framework

Several security techniques against the threats of malicious hosts have been suggested.

However they have not been practical techniques to protect mobile agents against the

Copyrightc 2001byShinichiMurata

Thesehosts must knowthe code and internalstates toexecutemobileagents. Even ifwe

encrypt informationabout the agents, they must decrypt it. Soit is diÆcultproblem to

protectconned data of the agents againstthe read attacks. To cope with this problem,

wesuggestaconnementframeworkthatprotectsmobileagentsagainstthe readattacks.

In this framework, conned data is separated from the main part of an agent. We call

anagent who managesconned data at auser's host a SecretData Manager Agent,and

an agent who migratesfrom host to host an Itinerary Agent. Though they are executed

atdierenthosts, they communicatewith eachother through the network and workas a

singleElectronic CommerceAgent. The ItineraryAgent migratesand executestasksand

sends requests tothe SecretData Manager Agent to get conned data. The Secret Data

Manager Agent receives these requests, and returns conned data only to the Itinerary

Agentwhohaspermissions toaccesstoit. Thepermissionsaredistinguishedbyfollowing

items.

A host by whom the Itinerary Agentis executed.

An identier of a virtual shop where the Itinerary Agent is communicating.

Executive phase of the Itinerary Agent.

Kind of access.

An identier of the Itinerary Agent.

3 An Application Framework

Inthis connementframework,the ItineraryAgentmigrateswithouthavingconned da-

ta;somalicioushostscan't readit. However, whenconned dataisneeded, the Itinerary

Agent must always send requests. And the Secret Data Manager Agent must identify

correct requests that have the permissions. And furthermore, communications between

these agents must be secure. So the program code tends to become complicated and it

isdiÆcult toimplementthe code forsecurity correctly. Tocope with these problems,we

realizeaconnementframeworkasanapplicationframeworkoftheElectronicCommerce

Agent. The framework makes iteasy to create the Electronic Commerce Agent who can

protectconneddata. Theframeworkconsistsoftemplateclassesofthe ElectronicCom-

merceAgent,aSecurityManagerfunction,aDataStorefunctionandalibraryofsecurity

function. The Security Manager function, that is included in the Secret Data Manager

Agent, receives requests from the Itinerary Agent and checks its permissions. The Data

Store function, that is included in the Itinerary Agent, has functions to communicate

with the Secret Data Manager Agent securely. The template classes have these security

functions and itinerary patterns.

Wemustconsidertworequirementstowhichhostinformationisopenedandtechniques

to protect information. A combination of the requirements diers with each conned

data, processing contents and usage of an agent. For example, we must open member

services. However, informationabout a creditcard for the electronic settlement must be

opened only to a host of a payment gateway and protected by the SET protocol. Sowe

denethe requirements assecurity policies intothe XML les. The policieshave pairsof

conned data and the requirements,and make iteasy toset and change the connement

frameworkexibly. They are readby the Security Manager functionand used to restrict

the permissions.

4 Experiments and Conclusion

Wemadethreeexamples ofthe Electronic CommerceAgents. Eachof themhas dierent

itinerarypatternsbyusingtheapplicationframework. Theconneddatadierswitheach

itinerary pattern. And the techniques to protect information dier with each data. So

eachexampleuses dierenttechniquestoprotectconneddata. Byusingthis application

framework,it was simplicity tocreate the Electronic Commerce Agent each of them has

dierentitinerarypattern. Anditwasless programcodetoprotectconneddata against

the read attacks. Future works are copingwith other security problems likea tampering

and applying the connement frameworkto areas other than electronic commerce.