Self-Protecting Mobile Agents .

Uploaded on:
Self-Protecting Mobile Agents. Funded by both OASIS and Active Networks Programs NAI Labs 14 Feb. 2001. Lee Badger Brian Matt Larry Spector Doug Kilpatrick. Malicious Hosts Problem. Mobile agents will need to execute on unfriendly hosts, but a host may: modify an agent’s behavior
Slide 1

Self-Protecting Mobile Agents Funded by both OASIS and Active Networks Programs NAI Labs 14 Feb. 2001 Lee Badger Brian Matt Larry Spector Doug Kilpatrick

Slide 2

Malicious Hosts Problem Mobile specialists should execute on disagreeable hosts, yet a host may: alter an operator\'s conduct take a specialist\'s insider facts (assuming any) deny execution execute disgracefully crash the operator deceive an operator

Slide 3

Technical Objectives Protect programming operators from altering while permitting: High portability. Isolates operation. Augmented arrangement periods. Practical foundation necessities.

Slide 4

Existing Practice Limit Mobility to Trusted Places equipment peripherals, trusted hosts Detect Malicious Execution After it Happens state evaluation (Farmer), recognition objects (Meadows), cryptographic follows (Vigna) , halfway result verification codes (Yee), adaptation to internal failure systems (Schneider) Prevent Malicious Execution encoded capacities (Sander, Bazzi), code/information confusion (Collberg, Low, Hohl, Wang)

Slide 5

Source Code Obfuscation Transform Obfuscated Source code Run for n seconds Stop. Arrangement A Time-restricted Black Box Hohl, Fritz, "An Approach to Solve the Problem of Malicious Hosts" A host can deny execution, or lie, however it can\'t upset the projects\' inside consistency for n seconds. Will this transitory security be utilized into continuous assurance?

Slide 6

Technical Approach (basically) agentlet 1 agentlet 2 agentlet 3 agentlet N operator ... Have Host Traditional Agent Self-Protecting Agent Distribution : imitate specialists over numerous, irrelevant hosts. Introduce a moving target Monitoring/Recovery: recover ruined "agentlets." Code/information Obfuscation: anticipate have based examination Refresh muddling before investigation can be finished

Slide 7

change instrument Strategy New elements and approach for existing specialists. No source code required. Objective: no manual per-operator work required. Appropriation Functions Monitor/Recovery Functions Obfuscating change approach new twofold operator (self-securing) Original (paired) specialist

Slide 8

an a b S c d Bird\'s Eye View time Protected period 1 Protected period 2 ... ... ... an a ... ... ... b ... ... ... c ... ... ... d Agentlets Useful work Agentlets Migration dispatched re-jumble each other First Host Set Originator Host Second Host Set

Slide 9

Applications of Obfuscation "Security through lack of definition." NOT! Seemingly perpetual imperviousness to examination. NOT! In any case, can expand cost of taking. DashO-Pro ( Jcloak ( Elixir ( RetroGuard ( Temporary imperviousness to examination.

Slide 10

Obfuscation (trifling to not really minor) Kinds of Obfuscation Layout Obfuscation Preventive Obfuscation Data Obfuscation Control Obfuscation Language-Breaking Obfuscation

Slide 11

Opaque Predicates Opaque predicate: A reality around a program\'s state known at muddling time that is difficult to decide from the code. Two essential make systems Exploit trouble in moniker examination (demonstrated NP-finish). E.g., implant chart operations Exploit trouble in simultaneousness. E.g., implant threading

Slide 12

Obfuscation "Quality" Potency: Difficulty for a human to figure out. !(programming building rehearses) Resilience: Difficulty of composing an apparatus to invert the jumbling. Taken a toll: Space/time costs. Stealth: Ease of spotting jumbling components. Simplicity of spying out the arrangement. From Douglas Low\'s postulation.

Slide 13

What We\'ve Done So Far Surveyed confusion apparatuses. Picked base innovations: Java, IBM Aglets, ANTLR. Built up an underlying toolbox/testbed. Figured a methodology to exchange innovation. Created introductory apparatuses: spi and spmod First incremental stride in operator change.

Slide 14

Aglets Runtime Layer Security Manager Cache Manager Persistence Manager Aglet Architecture Aglet System Architecture Communications Layer ATP, CORBA RMI and so on

Slide 15

Sandbox aglets to ensure has. Server-server validation. Marked aglets. Express specialist inclinations , to be regarded by servers. Try not to run too long here. Confine me (from calling particular techniques, or getting to assets)! Aglet System Security Model

Slide 16

Aglet Life Cycle Secondary Store Server A Dispatch Dispose Create Aglet Retract Classes Server B Clone

Slide 17

Spmod device Tool-based Approach Transformation connects to life-cycle occasions. Along these lines, change can be non specific. No source code required. Regularly, no manual per-operator work required. "doner" capacities, and factors (and perhaps approach) spma summons (strategy) new double specialist (self-ensuring) Original (twofold) operator

Slide 18


Slide 19

What "Arrangement" Means Here Obfuscation intensity, flexibility, stealth, cost. Self-checking granularity. Replication level. Non-plot schedule rules. Confusion revive rate. Dispersion of touchy state. Telephone home escape home limits. And that\'s just the beginning...

Slide 20

2000 2001 2002 2003 March 14, 2000 Start Date March 15, 2003 End Date Administrative Info (Milestones) April 30, 2001 Prototype Distributed Agent Generation Tool Nov. 15, 2001 Obfuscation Techniques Evaluation Report Jan. 15, 2003 Final Report Feb. 28, 2001 Policy Specification and Architecture Report March 15, 2002 Obfuscated Agentlet Prototype Dec. 15, 2002 Distributed, Self-Healing Obfuscated Agentlet Prototype

Slide 21

Technology Transfer DARPA programs: Active Networks, frameworks, for example, Ultra Log. Open Source circulation. Java. Device construct approach in light of twofold records: no source required! Investigate application to NAI items that utilize specialists.

Slide 22

The End!

View more...