An infrastructure for detecting and punishing malicious hosts using mobile agent watermarking

Mobile agents are software entities consisting of code, data, and state that can migrate autonomously from host to host executing their code. In such scenario there are some security issues that must be considered. In particular, this paper deals with the protection of mobile agents against manipula...

Descripción completa

Detalles Bibliográficos
Autores: Esparza, O, Munoz, JL, Tomas-Buliart, J, Soriano, M
Tipo de recurso: artículo
Estado:Versión publicada
Fecha de publicación:2011
País:España
Institución:Centre Tecnològic de Telecomunicacions de Catalunya (CTTC)
Repositorio:r-CTTC. Repositorio Institucional Producción Científica del Centre Tecnològic de Telecomunicacions de Catalunya (CTTC)
OAI Identifier:oai:cttc.fundanetsuite.com:p1795
Acceso en línea:https://cttc.fundanetsuite.com/Publicaciones/ProdCientif/PublicacionFrw.aspx?id=1795
Access Level:acceso abierto
Palabra clave:mobile agent security
malicious hosts
software watermarking
host revocation
Descripción
Sumario:Mobile agents are software entities consisting of code, data, and state that can migrate autonomously from host to host executing their code. In such scenario there are some security issues that must be considered. In particular, this paper deals with the protection of mobile agents against manipulation attacks performed by the host, which is one of the main security issues to solve in mobile agent systems. This paper introduces an infrastructure for mobile agent watermarking (MAW). MAW is a lightweight approach that can efficiently detect manipulation attacks performed by potentially malicious hosts that might seek to subvert the normal agent operation. MAW is the first proposal in the literature that adapts software watermarks to verify the execution integrity of an agent. The second contribution of this paper is a technique to punish a malicious host that performed a manipulation attack by using a trusted third party (TTP) called host revocation authority (HoRA). A proof-of-concept has also been developed and we present some performance evaluation results that demonstrate the usability of the proposed mechanisms. Copyright (C) 2010 John Wiley & Sons, Ltd.