Architecture supporting security of agent systems

Objectives:

To develop a new, practical method of securing agent based distributed systems, to implement it as a working architecture and to validate its sufficiency.

Contact:

The contact for this research project is here.

PhD Thesis:

The research project has been summarized in a PhD thesis presented at the Gdansk University of Technology in December 2006:

Rafal Leszczyna: "Architecture supporting security of agent systems"

Rationale:

Agent based environments are an alternative to the present approaches of structuring software systems. The main advantage of agents is that they represent an abstraction of the elements of the real world. Other, often recalled advantages of agents are: improvement of system deployment and facilitation of system integration, and allowing a broad range of users to access a broad range of services offered by different and frequently competing organizations. Moreover, agents also offer a number of technological advantages such as: bandwidth conservation, faster task completion, latency reduction, disconnected operation, load balancing and dynamic deployment.

However, with the emergence of this new paradigm, came also the new challenge: agent environments, and especially these which support mobility of agents, are much more difficult to protect from intruders than conventional systems. Agent environments still lack sufficient and effective solutions to assure their security. It is agreed that this is one of the main obstacles preserving wide popularisation of agent based systems.

Approach:

There are three main approaches to secure agent environments:

  • Isolating of critical data (Partial Result Encapsulation, Software-Based Fault Isolation, Safe Code Interpretation, Environmental Key Generation, Computing with Encrypted Functions, Obfuscated Code, Time Limited Blackboxes),

  • Assuring security of agent or platform code (Signed Code, Authorization and Attribute Certificates, Proof Carrying Code),

  • Detecting attacks (intrusions) (Mutual Itinerary Recording, Itinerary Recording with Replication and Voting, Execution Tracing, Path Histories).

The approach taken in this project is to propose an alternative solution supporting security of agent environments based on knowledge of characteristics of agent environments (their strong points, such as diversity, high distribution etc - to use as pillars for security, and week points, e.g. uncontrolled agent execution - to protect) and the knowledge of security protocols and protection methods. The proposed method should also take the best from the analysis of the solutions already proposed for agent systems.

Results:

So far the research resulted in the design of two anonymity protocols. They stem from the observation that in mobile agent environments each platform can easily constitute an anonymizer for an agent, assuring untraceability of the agent sender and the receivers. Comparing to other solutions, the advantage of the protocols is that they support agent's autonomy in choosing the migration path.

Security of the protocols was analyzed against known generic and traffic analysis attacks. The first protocol assures more balanced distribution of processing over all agent platforms but an attacker can compromise untraceability if he/she manages to perform the costly cordoning-off attack. The second eliminates this vulnerability at the cost of putting more computation workload on the source platform and restricting agent autonomy in the beginning of its route.

The future work includes implementation and additional validation of the protocols. The protocols are planned to be implemented upon the JADE platform and embedded as a protection layer in the software platform enabling electronic health counselling (PIPS: 6th EU Framework Project). The further research envisages also discussion and analysis of the solutions alternative to the proposed protocols.

Publications:

  1. Leszczyna R., Gorski J.: Anonymity Architecture for Mobile Agent. Third International Conference on Industrial Applications of Holonic and Multi-Agent Systems, HoloMAS 2007, Regensburg, Germany, September 3-5, 2007.
    Download draft version (226 kB)

  2. Leszczyna R., Gorski J.: An untraceability protocol for mobile agents and its enhanced security study. 15th EICAR Annual Conference, Hamburg-Germany, 29 April - 2 May 2006.
    Download draft version (144 kB)

  3. Leszczyna R., Gorski J.: Performance analysis of untraceability protocols for mobile agents using an adaptable framework. 5th International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS '06), Future University-Hakodate, 8 - 12 May 2006.
    Download draft version (328 kB)

  4. Leszczyna R.: Untraceability I Add-on for JADE. European Commission, Joint Research Centre, Institute for the Protection and security of the Citizen, Via Enrico Fermi 1, Ispra, Italy, 1 edition, September 2005.
    Download draft version (69 kB)
    The add-on is available to download at:
    http://jade.tilab.com/community-3rdpartysw.htm#Untraceability
    (last access: December 16, 2005).

  5. Leszczyna R.: The solution for anonymous access of it services and its application to e-health counselling. In Proceedings of the 1st 2005 IEEE International Conference on Technologies for Homeland Security and Safety (TEHOSS '05), volume 1, pages 161-170, Gdańsk, Poland, September 2005. Gdańsk University of Technology.
    Download draft version (262 kB)

  6. Leszczyna R., Gorski J.: Untraceability of mobile agents. In Proceedings of the 4th International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS '05), volume 3, pages 1233-1234, Utrecht, the Netherlands, July 2005.
    Download draft version (106 kB)

  7. Leszczyna R., Gorski J.: Untraceability of mobile agents. Technical report, European Commission, Joint Research Centre, Institute for the Protection and security of the Citizen, December 2004.
    Download draft version (244 kB)

  8. Leszczyna R.: Agents in PIPS project: the usage scenario and the feasibility study. Technical report, European Commission, Joint Research Centre, Institute for the Protection and security of the Citizen, Ispra, Italy, June 2004.
    Download draft version (448 kB)

  9. Leszczyna R.: Evaluation of agent platforms. Technical report, European Commission, Joint Research Centre, Institute for the Protection and security of the Citizen, Ispra, Italy, June 2004.
    Download draft version (78 kB)