|
|
Journal of Zhejiang University SCIENCE A
ISSN 1673-565X(Print), 1862-1775(Online), Monthly
2005 Vol.6 No.5 P.405-413
Instance-oriented delegation: A solution for providing security to Grid-based mobile agent middleware
Abstract: New challenges are introduced when people try to build a general-purpose mobile agent middleware in Grid environment. In this paper, an instance-oriented security mechanism is proposed to deal with possible security threats in such mobile agent systems. The current security support in Grid Security Infrastructure (GSI) requires the users to delegate their privileges to certain hosts. This host-oriented solution is insecure and inflexible towards mobile agent applications because it cannot prevent delegation abuse and control well the diffusion of damage. Our proposed solution introduces security instance, which is an encapsulation of one set of authorizations and their validity specifications with respect to the agent’s specific code segments, or even the states and requests. Applications can establish and configure their security framework flexibly on the same platform, through defining instances and operations according to their own logic. Mechanisms are provided to allow users delegating their identity to these instances instead of certain hosts. By adopting this instance-oriented security mechanism, a Grid-based general-purpose MA middleware, Everest, is developed to enhance Globus Toolkit’s security support for mobile agent applications.
Key words: Mobile agent, Grid, Trust model, Delegation
References:
[1] Borselius, N., 2002. Mobile agent security. Electronics & Communication Engineering Journal, 14(5):211-218.
[2] Chander, A., Mitchell, J.C., Shin, I., 2001. Mobile Code Security by Java Bytecode Instrumentation. Proceedings of the DARPA Information Survivability Conference & Exposition, DISCEX-II 2001, Anaheim, CA.
[3] Farmer, W.M., Guttman, J.D., Swarup, V., 1996. Security for Mobile Agents: Authentication and State Appraisal. Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS), Springer-Verlag, p.118-130.
[4] Foster, I., Kesselman, C., Tsudik, G.., Tuecke, S., 1998. A Security Architecture for Computational Grids. Proc. 5th ACM Conference on Computer and Communications Security Conference, ACM Press, NY, p.83-92.
[5] Foster, I., Kesselman, C., Tuecke, S., 2001. The anatomy of the grid: enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 15(3):200-222.
[6] Jansen, W., 2001. A Privilege Management Scheme for Mobile Agents. Workshop on Security of Mobile Multi-Agent Systems: Proceedings of the 5th International Conference on Autonomous Agents.
[7] Necula, G.., Lee, P., 1996. Safe Kernel Extensions Without Run-Time Checking. Proceedings of the 2nd Symposium on Operating System Design and Implementation (OSDI’96), Seattle, p.229-243.
[8] Sander, T., Tschudin, C.F., 1998. Protecting Mobile Agents Against Malicious Hosts. In: Vigna, G. (Ed.), Mobile Agents and Security. Springer-Verlag, p.44-60.
[9] Schneider, F.B., 1997. Towards Fault-Tolerant and Secure Agentry. Proceedings of 11th International Workshop on Distributed Algorithms, Saarbrucken, Germany.
[10] Vigna, G., 1997. Protecting Mobile Agents Through Tracing. Proceedings of the 3rd ECOOP Workshop on Mobile Object Systems, Jyvälskylä, Finland.
[11] Wilhelm, U.G.., Staamann, S., Buttyàn, L., 1999. Introducing Trusted Third Parties to the Mobile Agent Paradigm. In: Vitek, J., Jensen, C. (Eds.), Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Springer-Verlag, p.471-491.
[12] Wong, H.C., Sycara, K., 1999. Adding Security and Trust to Multi-Agent Systems. Proceedings of Autonomous Agents’99 (Workshop on Deception, Fraud and Trust in Agent Societies), Seattle, Washington, p.149-161.
Open peer comments: Debate/Discuss/Question/Opinion
<1>
DOI:
10.1631/jzus.2005.A0405
CLC number:
TP393
Download Full Text:
Downloaded:
2964
Clicked:
5735
Cited:
0
On-line Access:
Received:
2004-02-02
Revision Accepted:
2004-05-08
Crosschecked: