Upload
violet
View
31
Download
0
Embed Size (px)
DESCRIPTION
Security Considerations in Adaptive Middleware. Ajanta – Mobile Agent’s research project papers ( http://www.cs.umn.edu/Ajanta/publications.html ) - PowerPoint PPT Presentation
Citation preview
Security Considerations in Adaptive Middleware
Security and Mobile Agents
Ajanta – Mobile Agent’s research project papers (http://www.cs.umn.edu/Ajanta/publications.html)
H.Spafford and Diego Zamboni, Purdue University - “Intrusion detection using autonomous agents”. (http://www.elsevier.nl/gej-ng/10/15/22/49/30/25/article.pdf)
Sau-Koon Ng “Protecting mobile Agents Against Malicious Hosts”, University of Hong Kong (http://www.informatik.uni-stuttgart.de/ipvr/vs/projekte/mole/security/ngthesis.pdf)
Sander and Tchudin, ICSI/Berkeley"Protecting mobile Agents Against Malicious Hosts" (http://citeseer.nj.nec.com/cache/papers2/cs/16015/http:zSzzSzwww.icsi.berkeley.eduzSz~tschudinzSzpszSzma-security.pdf/sander98protecting.pdf)
• Implementing Intrusion Detection System as a part of Adaptive middleware layer using autonomous Agent’s technology
• Security problems related with the Agent’s mobility
1. Agent’s operation in the hostile environment (securing agents against malicious host)
2. Malicious agents activity (securing host against malicious agents)
Major Directions of Study
Intrusion Detection System – Major Requirements
• Adaptability• Configurability• Minimal system overhead• Fault tolerance• Subversion resistance• Scalability• Dynamic reconfiguration• Compatibility• Graceful degradation of service
Why Autonomous
Agents?
Do we Need
Mobility?
Autonomous Agents - Advantages
• Possibility to add/remove agents to monitor most interesting effects during certain period of time
• An agent can be configured specifically for the host needs where it runs - this gives possibility to implement wide range of security policies
• By dynamically enabling/disabling agents we can use system resources only for the tasks needed and therefore minimize system overhead
• We can enable cross-verification between agents to keep their integrity
• With increasing amount of hosts in the system we can dynamically increase amount of agents therefore making IDS scalable
• If couple of agents are stopped (lets say for maintenance) other can continue working therefore allowing dynamic reconfiguration
• Agents can run on different platforms (like Windows NT family PCs or Sun servers) providing compatibility of IDS with different platforms
• If one agent accidentally stops for any reason only operation of couple of those related with it may be affected
Autonomous Agents - Advantages
Example of Existing IDS Architecture AAFID
Filter
Filter
Filter
AutonomousAgents
AutonomousAgents
AutonomousAgents
Transceiver
Transceiver
Transceiver
Monitors
Monitors
GUI
Can it be improved with the mobility? How?
AAFID Description
Filters – platform and OS specific entities. Their purpose – extract necessary data providing therefore hardware and OS abstraction layer
Autonomous Agents – in AAFID just dynamically enabled and disabled host specific threads with tight purpose (counting amount of opened connections)
Transceivers – host specific entities responsible for collecting data from agents operating on current host and transferring that data to higher entities
Monitors – entities which get information from different hosts, analyze it and can produce alarm in case of attack
GUI – user interface
Issues:• Confidentiality• Integrity
Mobile Agent Operation in the Hostile Environment
Three types of information to protect:
• Static information which is not relevant for Agent’s successful operation (No Read Access, No Write Access)• Static information to which Agent should have an Access (Read Only)• Dynamic information, including Agent’s code (Read and Write Access)
Protection MethodsStatic Data – No access on intermediate hostsAsymmetrical Encryption using public & private key technologyAgent carries public key of the source host (for encryption) and public keys of all nodes it visits (for integrity)
Static Data – Read only Access on intermediate hostsOnly Integrity can be provided with the method mentioned above
Dynamic Data When attacker has complete access to the memory where the code is executed, the protection becomes more difficult and even impossible “theoretically”
How can we made tampering process more difficult?
Dynamic Code Protection Methods
• Special type of Encryption mechanism which leaves code executable
• Adding noisy code in order to increase Agent’s “Entropy” and hide Agent’s real intention
Mathematical model
Problem:
• Alice has an algorithm to compute f
• Bob has an input x and should compute f(x)
• Bob should learn nothing about f
• Bob should not interact with Alice during the computation of f(x)
Solution:
f(x) E(f) (x)
P(E(f)) (x) x
Alice
Bob
1. Alice encrypts f
2. Alice creates a program P(E(f)) which implements E(f)
3. Alice sends P(E(f)) to Bob
4. Bob executes P(E(f)) at x
5. Bob sends P(E(f))(x) to Alice
6. Alice decrypt P(E(f))(x) and obtains f(x)
Some Definitions
Lets consider two rings – R, S and function E: R S
Let’s call encryption function E
- additively homomorphic if there is an efficient algorithm PLUS to compute E(x+y) from E(x) and E(y)
- multiplicatively homomorphic if there is an efficient algorithm MULT to compute E(xy) from E(x) and E(y)
- mixed multiplicatively homomorphic if there is an efficient algorithm MIXED-MULT to compute E(xy) from E(x) and y
Homomorphic Encryption Scheme
Let E: R R be an additively and mixed multiplicatively homomorphic encryption scheme.
s
s
is
iiiii XXXap ...21
21 21...Consider polynomial function
Alice’s operation while creating P(X) for Bob:
1. Replace each coefficient by
2. In all summands replace “multiplication” operation of coefficients by with MIXED-MULT
3. Replace “addition” operation with PLUS
4. Send P to Bob
siiia ...21
siiiaE ...21
siiia ...21
sis
i XX ...11
Homomorphic Encryption Scheme
Operations on Bob’s host:
1. Run P on his private input
and store a list
2. Produce list of summands by calling MIXED-MULT
Note: according to MIXED-MULT definition and properties of E
Bob gets for each summand
3. Elements of M are added by calling PLUS
As the result Bob gets exactly E(p(x))
4. Bob sends result back to Alice
Alice decrypts the result simply by applying E-1 and obtains p(x)
,..........,: 11
sis
i xxL
,.........,: 1
1 1...s
s
is
iii xxaEM
Protecting the Host against Mobile Code
General Steps:
• Verification• Authentication• Authorization• Execution