Modeling Fault Tolerant and Secure Mobile Agent Execution in Distributed Systems - Distributed Artificial Intelligence, Agent Technology, and Collaborative Applications

Information Technology Reference

In-Depth Information

SeCur ITY Mode LIng And eVALuATIon for The MoBILe Agen T

There is no well-established model for mobile agent security. One of the few attempts so far is given

in Hohl (1998). Software reliability modeling is a successful attempt to give quantitative measures of

software systems. In the broadest sense, security is one of the aspects of reliability. A system is likely

to be more reliable if it is more secure. One of the pioneering efforts to integrate security and reliability

is (Brocklehurst, Littlewood, Olovsoon, & Jonsson, 1994). In this chapter, the following similarities

between security and reliability were observed.

Thus, we have security function, effort to next breach distribution, and security hazard rate simi-

lar to the reliability function, time to next failure distribution, and reliability hazard rate respectively

as in reliability theory. One of the works to incorporate system security into a mathematical model is

(Jonsson, 1997), which presents an experiment to model the attacker behavior. The results show that

during the “standard attack phase,” assuming breaches are independent and stochastically identical, the

period of working time of a single attacker between successive breaches is found to be exponentially

distributed.

Now, let us consider a mobile agent traveling through n hosts on the network, as illustrated in Figure

3. Each host, and the agent itself, is modeled as an abstract machine as in Hohl (1998). We consider only

the standard attack phase described in Jonsson (1997)) by malicious hosts. On arrival at a malicious host,

the mobile agent is subject to an attack effort from the host. Because the host is modeled as a machine,

it is reasonable to estimate the attack effort by the number of instructions for the attack to carry out,

which would be linearly increasing with time. On arrival at a non-malicious host, the effort would be

constant zero. Let the agent arrive at host i at time T i , for i = 1, 2, ..., n. Then the effort of host i at total

time t would be described by the time-to-effort function :

E i (t) = k i (t-T i ) , where k is a constant

We may call the constant k i the coefficient of malice . The larger the k i , the more malicious host i is

(ki = 0 if host i i is non-malicious). Furthermore, let the agent stay on host i i for an amount of time t t , then

there would be breach to the agent if and only if the following breach condition holds:

E i (t i +T i ) > effort to next breach by host i

that is, k i t i > effort to next breach by host i

Figure 3. A mobile agent traveling on a network

Search WWH ::

Custom Search

Home