1 / 13

Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems

Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park LTC Paul Walczak U.S. Army Research Lab (301) 394-3862 DSN 290 pwalczak@arl.mil. Outline. Our definitions...

floria
Download Presentation

Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park LTC Paul Walczak U.S. Army Research Lab (301) 394-3862 DSN 290 pwalczak@arl.mil

  2. Outline • Our definitions... • Why ARL is pursuing agent technology • INFOSURV perspective • Agent system survivability/security • Insight for resolving security concerns • Agent-based security/survivability

  3. Mobile code is a program that traverses a network during its lifetime and executes at the destination machine(s). • IMPACT: software agent is a program that can : • specify what services it provides • specify required input from customers • specify service customers and use terms/conditions • specify the when and how it uses services from other agents • understand specifications provided by other agents • A mobile software agent is a program that can specify its services, service inputs and conditions, accepted customers, and can negotiate services provided by other agents, while executing on target hosts across a network.

  4. Global Perspective / Impetus • As processes become increasingly distributed, yet interdependent, mobile code will play an increasingly important role in coordinating and controlling events that lead to desired outcomes.

  5. Warfare Systems • Control of disparate systems and devices • Data manipulation • Composed Trustworthiness • Security (policy, IDR, prevent agents)* • Reliability • Performance

  6. Survivability [An overarching requirement: • /|\ a collection of • / | \ emergent properties] • / | \ • / | \ • / | \ • / | \ • / | \ • / | \ • / | \ • / | \ • / | \ • Security Reliability Performance [Major subrequirements] • /|\ /|\ /|\ • / | \ / | \ / | \ • / | \ / | \ / | \ • / | \ / | \ / | \ [Subtended • Inte- Conf- Avail FT Fail RT NRT Avail requirements: • grity id'ity * |\ modes /\ /|\ * FT=fault tolerance • /| |\ |\ | \ /| \/ /|\ RT=real-time • / | | \ | \ | \ / | Prior- / | \ NRT=non-real-time] • / # | \ | \ # ities / • MLI No MLS Dis- MLA \ No / [More detailed • / change | cret- | \ change / requirements] • / /| | ion- | \ / • / / | | ary | * Unified * • / / | | | | availability • X Sys Data X X requirements • /| |\ [X = Shared components of MLX!!] • / | | \ [* = Reconvergence of availability] • / | | \ [# = Reconvergence of data integrity] Hierarchy of Survivability Requirements

  7. Survivability Relationships Implicit in Mobile Software Systems Survivability of the Host Protection for hosts from foreign code Protection of hosts from malicious agents Survivability of the Agent Protection of agents from malicious hosts Protection against malicious agentization Protection of agents from other agents Agent privacy Survivability of the Network Agent termination Protection of a group of hosts from malicious agents Agent based countermeasures to security risks

  8. Violated Security Assumptions *CHESS • Identity Assumption • Identifiable and generally trusted sources • “do no harm” - use with the intent of accomplishing authorized results • one security domain corresponding to each user • administrative boundaries • program runs entirely on one machine *Chess, David M., "Security in Mobile Code Systems" in G. Vigna (Ed.) Mobile Agents and Security Vigna, Giovanni (Editor) Springer, 1998.

  9. Challenges for Mobile Code Security *CHESS • Determining originator of incoming code • deciding trustworthiness of code’s originator • deciding how much to trust originator if it foreign • protecting systems x-scale against malicious programs • preventing uncontrolled replication of mobile code objects • protecting mobile programs themselves • Authentication in mobile code systems *Chess, David M., "Security in Mobile Code Systems" in G. Vigna (Ed.) Mobile Agents and Security Vigna, Giovanni (Editor) Springer, 1998.

  10. Meeting Security Challenges for Mobile Code Systems *Neumann • controls to prevent unanticipated effects • repeated re-authentication, validation • revocation or cache deletion as needed *Neumann, Peter G., "Practical Architectures for Survivable Systems and Networks," Army Research Lab Contract DAKF11-97-C0200, 1999.

  11. Requisite Agent System Security Services *IMPACT • Authentication of agents • Network security services to ensure agent communications • Agent Privacy *Data-Security in Heterogeneous Agent Systems, VS et al, 14 Feb 1998

  12. Current Agent-based Approaches for IA • Vulnerability Assessment (ARL) • Intrusion Detection (many) • Active, Intelligent Networks (NSA, DARPA, Telcordia...)

  13. Conclusion • composable architectures • configuration management • middleware • practical education • DC Agent SIG

More Related