Information Technology Reference
In-Depth Information
Typically agents provide services to users and to other agents, when this is the
case; normally they have their own ACLs for these services, this gets complicated
when there are a big number of services provided by several agents. In this case cen-
tralized administration of service access policies has an advantage and complements
the local ACLs of agents.
3
The Agent Platform Security Manager
The Agent Platform Security Manager (APSM) is responsible for maintaining plat-
form and infrastructure security policies, authentication and run-time activities, such
as, communications, providing transport-level security, and creating audit trails. The
APSM is responsible (i) for negotiating the requested inter- and intra-domain security
services with other APSM's on behalf of the agents and (ii) for enforcing the security
policy of its domain, and can at its discretion, upgrade the level of security requested
by an agent. The APSM cannot downgrade the level of services requested by an
agent, but must inform the agent that the service level requested cannot be provided
[1]. The functionality of the APSM (which is unique in an AP) is divided into three
parts, each of these parts associated with a specific component responsible for it. All
actions concerning the credentials (including management of the credential database)
are handled by the Credential Manager. The CM checks the validity of the certifi-
cates, updates them, maintains the local revocation list, etc. X509v3 certificates are
used as credentials in a heterogeneous environment with a key used as the primary
identification of a principal. In our approach, we assume that users have certificates
and that components of the AP also have certificates. The certificates of course as-
sume the existence of a public key infrastructure with certification authorities (CAs)
implemented in our case inside the CM. The other main activity of the CM is to pro-
vide authentication services for all the agents and components of the platform (for
details of the protocol implementation see [5]. This is a very important function since
as we have seen in the previous sections; authentication is the starting point for almost
all the desired security characteristics.
The Policy Manager (PM) is responsible for managing the policy schemes stored in
the policy database. The security policy defines the access each agent has to resources
and services. Signed agents can run with different privileges based of the identity of
the person who signed it. Thus users can tune their trade-off between security and
functionality (of course within limits given by the administrator).
Notification of malicious agents that have attacked other APs can be distributed in
the network. When the AP receives such a notification, it can add a line to platform's
general policy (that is always checked first) that will not allow agents that bear those
malicious characteristics to get services within the AP.
This way, we have role-based policy, group policy, clearance labels, domains etc.
Furthermore by grouping policies we allow for faster execution times while trying to
enforce the policy. In the CAP, all security checks are identity-based in order for an
agent to enter a platform or request a service from other agents. After an agent suc-
cessfully registers in the CAP, future security checks become role-based. Thus we
don't have each time to verify agent's credentials. We check only to see in which
platform the agent resides and what the appropriate policy for that platform is.
