O'Reilly logo

Mobile Agents by Wilhelm R. Rossak, Peter Braun

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

160 Chapter 5 Mobile Agent Security
5.1 Security Requirements and Cryptographic Techniques
Security is one of the most important factors influencing software quality.
It is as impor tant as correctness, reliability, and efficiency. In general, security
as a requirement translates into the ability of a software to prevent unautho-
rized access, be it by mistake or deliberately, to both code and data. Software
designers must ascribe importance to security in the early phases of soft-
ware development and in tight relation to the customer. The goals of this
introductory section are to further break down the general requirement of
secure computer systems and enlist several key issues from the perspective
of a user.
Security cannot be seen in a simple “black and white manner—a
computer system is neither completely secure nor, hopefully, completely
insecure. It must be determined against which security problems or sort of
attacks a specific computer system is safe. It is an invariable attribute of
every computer system that only a subset of all possible security problems
are solved. Some problems may not yet have been foreseen. Others, for exam-
ple, those that are outside system boundaries or that have a low probability
of occurring, are not solved. This must not be viewed as a failure but as an
intention of the developer, who must accept certain types of risks that have a
limited probability.
For example, a commonly used means to protect private data is to
demand a authentication from users such as a password, before granting
access. The software will be able to avouch that only the owner of the data
will have access to it. An example of a type of attack that the software designer
has rated with low probability is a brute-force search for the correct password
of a specific user. Searching through all possible sequences of characters will
take more time than the attacker might find worth spending, making the
probability of a successful attack low. The better the quality of the password,
the better the protection against even dictionary attacks, where the attacker
simply iterates through a list of frequently used passwords. If the software
designer had rated the probability of such an attack as being high, he or
she would have chosen another authentication procedure, such as using
smart-cards or biometric identification.
On the other hand, some types of attacks affect the computer systems
environment instead of the system itself. The important difference here is
that neither the software nor the computer designer is responsible for devel-
oping countermeasures against such an attack. For example, someone may
observe the user entering the password and later try to gain access using

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required