Mobile agent paradigm appeals to many specialists working in different applications. This is especially true for e-commerce applications, including stock markets,Digital Cash, and electronic auctions. Such applications involve dealing with vast amounts of money and thus users will hesitate to use MAs unless they feel that they are secure and can be trusted. Therefore, the security of mobile agents is an important issue that has triggered much research effort in order to find a suitable solution. The following parts discuss attacks for both mobile agent and mobile agent platform.
------------------------- Threats against Agent platform---------------------------
Unauthorized Access. Malicious mobile agents can try to access the services and resources of the platform without adequate permissions. In order to thwart this attack, a mobile agent platform must have a security policy by specifying the access rules applicable to various agents, and a mechanism to enforce the policy.
Masquerading. In this attack, a malicious agent assumes the identity of another agent in order to gain access to platform resources and services, or simply to cause even serious damage to the platform. Likewise, a platform can claim the identity of another platform in order to gain access to the mobile agent data. In both cases, the malicious agent or platform will not receive any blame for its potentially detrimental actions. Instead, the unsuspecting agent or platform whose identity was misused will be held responsible.
Denial of Service. A malicious platform can cause harm to a visiting mobile agent by ignoring the agent’s request for services and resources that are available on the platform, by terminating the agent without notification, or by assigning continuous tasks to the agent so that it will never reach its goal. Likewise, a malicious agent may attempt to consume the resources of the platform, such as disk space, processing time, delete important files or even the whole hard disk contents, thus causing harm to the platform and launching a denial of service attack against other visiting agents.
Annoyance attack. Examples of this attack include opening many windows on the platform computer or making the computer beep repeatedly. Such attacks may not represent a very serious problem to the platform; however they still need to be prevented.
Eavesdropping. In this attack, a malicious platform monitors the behavior of a mobile agent in order to extract sensitive information from it. This is typically used when the mobile agent code and data are encrypted. Monitoring may include the identity of the entities that mobile agent is communicating with, and the types of services requested by the mobile agent.
Alteration. In the alteration attack, a malicious platform tries to modify mobile agent information, by performing an insertion, deletion and/or alteration to the agent’s code, data, and execution state. Modifying the mobile agent execution code and state may result in the agent performing harmful actions to other platforms, including the agent’s home platform.
No comments:
Post a Comment