article

Security architecture and methodology for authorisation of mobile agents

Authors:

Alessandro Giambruno,

Sead MufticAuthors Info & Claims

International Journal of Internet Technology and Secured Transactions, Volume 2, Issue 3/4

Pages 271 - 290

https://doi.org/10.1504/IJITST.2010.037405

Published: 01 December 2010 Publication History

Abstract

One approach to authorisation of mobile agents is to use extensible access control mark-up language (XACML) policies by assigning roles to agents and then enforcing role-based authorisation. In this paper we show how traditional XACML polices, used for user access control in distributed environments, can be used for mobile agents' access control. We use such polices to manage delegation of access rights from users to agents, while at the same time following the core principles of the XACML standard. We also propose a combination of policies that map users to their mobile agents and make access control decisions for mobile agents by evaluating complex policy sets. We have identified all architectural components along with the operations required for enforcement of authorisations of mobile agents during execution.

References

[1]

OASIS eXtensible Access Control Markup Language (XACML) Version 2.0 (2005) (specificiation), February, Vol. 1, available at http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.

[2]

Anderson, A. (2004) XACML Profile for Role Based Access Control (RBAC), Version 2.0, (specification), May, available at http://www. oasis-open.org/committees/download.php/6806/wd-xacml-rbac-profile-02.1.pdf.

[3]

Berners-Lee, T., Fielding, R., Irvine, U.C. and Masinter, L. (1998) RFC 2396 - Uniform Resource Identifiers (URI): Generic Syntax, (specification), August, available at http://www.ietf.org/rfc/rfc2396.txt.

[4]

Ghafoor, A. and Muftic, S. (2010) 'CryptoNET: software protection and secure execution environment', IJCSNS International Journal of Computer Science and Network Security, February, Vol. 10, No. 2.

[5]

Gunter, K., Danny, L. and Mitsuru, O. (1997) 'Security model for aglets', (journal), Internet Computing, IEEE, IEEE Computer Society, Moffett Field, CA 94035, USA, July/August, Vol. 1, No. 4, pp.68-77, 10.1109/4236.612220.

[6]

Karnik, N. and Tripathi, A. (2001) 'Security in the Ajanta mobile agent system', (journal), Software: Practice and Experience, John Wiley & Sons, New York, NY, USA, January 22, Vol. 39, No. 4, pp.301-329, 0038-0644.

[7]

Mubarak, M. et al. (2007) A dynamic policy based security architecture for mobile agents', (book chapter) in New Technologies, Mobility and Security, pp.493-505, Springer Netherlands, available at http://www.springerlink.com/content/h5233404727648g2/.

[8]

National Institute of Standards and Technology (1997) Entity Authentication Using Public Key Cryptography, (specification), Federal Information Processing Standards Publication, US Department of Commerce, February 18, Gaithersburg, Maryland, available at http://csrc.nist.gov/publications/fips/

[9]

Navarro, G. and Borrell, J. (2006) 'An XML standards based authorization framework for mobile agents', (book chapter) in Secure Mobile Ad-hoc Networks and Sensors, August 3, pp.54-66, Springer Berlin/Heidelberg.

[10]

Sandhu, R., Ferraiolo, D.F. and Kuhn, D.R. (2000) 'The NIST model for role-based access control: toward a unified standard', (conference), 5th ACM Workshop on Role Based Access Control, Berlin, July 26-27, pp.47-63, available at http://csrc.nist.gov/rbac/ sandhu-ferraiolo-kuhn-00.pdf.

Digital Library

[11]

Shibli, A. and Muftic, S. (2009) 'MagicNET: security architecture for creation, classification, and validation of trusted mobile agents', (conference), The 11th IEEE International Conference on Advanced Communication Technology, Phoenix Park, Korea, 15-18 February.

[12]

Shibli, A., Giambruno, A., Muftic, S. and Lioy, A. (2009) 'MagicNET: security system for development, validation and adoption of mobile agents', (conference), The 3rd IEEE International Conference on Network & System Security, Gold Coast Australia, 19-21 October.

Digital Library

[13]

Shibli, A., Yousaf, I. and Muftic, S. (2010) 'MagicNET: security system for protection of mobile agents', (conference), 24th IEEE International Conference on Advanced Information Networking and Applications, Perth, Australia, 20-23 April.

Digital Library

[14]

Varadharajan, V. and Foster, D. (2003) 'A security architecture for mobile agent based applications', (journal), World Wide Web, Kluwer Academic Publishers, Hingham, MA, USA, March, Vol. 6, No. 1, pp.93-122, 1386-145X.

[15]

Zhang, X., Parisi-Presicce, F. and Sandhu, R. (2006) 'Towards remote policy enforcement for runtime protection of mobile code using trusted computing', (book section), Advances in Information and Computer Security, Vol. 4266/2006, pp.1611-3349.

Digital Library

Security architecture and methodology for authorisation of mobile agents
1. Computer systems organization
  1. Architectures
    1. Parallel architectures
2. Security and privacy
  1. Security services
  2. Systems security

Recommendations

An XML standards based authorization framework for mobile agents
MADNES'05: Proceedings of the First international conference on Secure Mobile Ad-hoc Networks and Sensors

An outstanding security problem in mobile agent systems is resource access control, or authorization in its broader sense. In this paper we present an authorization framework for mobile agents. The system takes as a base distributed RBAC policies ...
Secure mobile agent environments: modelling role assignments

This article exploits the idea of using the role-based access control model for the mobile agent authorisation problem. In our approach, when an agent migrates to a specific platform, the host assigns it a role from the local role hierarchy. The ...
RB-GACA: an RBAC based grid access control architecture

Grid computing is emerging as a new format of wide area distributed computing. Because the distribution of services and resources in wide-area networks are heterogeneous, dynamic, and multi-domain, security is a critical concern in grid computing. ...

Comments

Information & Contributors

Information

Published In

cover image International Journal of Internet Technology and Secured Transactions

International Journal of Internet Technology and Secured Transactions Volume 2, Issue 3/4

December 2010

194 pages

ISSN:1748-569X

EISSN:1748-5703

Issue’s Table of Contents

Publisher

Inderscience Publishers

Geneva 15, Switzerland

Publication History

Published: 01 December 2010

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents