Security for Mobile Agents:Authentication and State Appraisal
William M. Farmer, Joshua D. guttman, Vipin Swarup
The MITRE Corporation
- State appraisal phase
- agent comes to host
- agent determines the set of privileges it needs at that site, as a function of its state
- Authorization phase
- the site determines which of the requested privileges is willing to grant
Not all state alterations can be detected.
- It protects the host from attacks, when the attacker alters the state of the agent in a detectable way.
- it protects the author and the sender from misuse of their agent, when its state is altered in a detectable way.
- it checks for state invariants
- privileges depend on the agent's state
Authentication = deducing which principal has made the request
= use the theory of authentication developed by Lampson and his colleagues
- P1 "speaks for" P2 : P1 says s => P2 says s P1 => P2
- "hand off" : P1 hands off his authority to P2
- P1 "as" p2 : P2 has more limited authority than P1
- P1 "for" P2 : P1 is acting on behalf of P2 (delegation)
Three phases in agent deployment
- program creation: author C signs the code with digest D and adds the state appraisal function max
- agent creation: sender S attches his name, computes digest, and adds state appraisal function req, where req <= max
- agent migration