O'Reilly logo

Mobile Agents by Wilhelm R. Rossak, Peter Braun

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

5.2 Taxonomy of Possible Attacks 167
The interesting question from the technical point of view is, can we reach
anonymity in the digital world, and if so, at what cost?
In the real world, it is not always necessary to identify ourselves to conduct
business. For example, it is not necessary to identify yourself when you want
to buy something and plan to pay in cash. Anonymity in this situation can
be achieved because we have other mechanisms to authenticate ourselves.
This is not so in the digital world. As we have seen, authenticity is a major
concern, especially in electronic commerce. Sure, there are techniques that
enable you to pay for a service without authentication against the seller,
especially for smaller amounts of money—so-called micropayments. Such a
technique introduces a so-called trusted third party. When you want to buy a
newspaper, for example, you must authenticate only against the third party,
which then will give notice to the newspaper. The newspaper itself has no
information about you except for the IP address of your computer. Thus,
browsing the Web is still not completely anonymous. See, for example, the
JAP project at the University of Dresden,
1
in which software was developed
that guarantees anonymity on the level of IP addresses when surfing theWeb.
5.2 Taxonomy of Possible Attacks
In this section we give an overview of possible problems that can occur when
using mobile agents. We use the common classification scheme found in
similar papers, such as Hohl [1998b] and Jansen [2000], which distinguishes
between malicious agents and malicious agencies.
5.2.1 Malicious Agents
Malicious agents are those that try to attack the hosting agency. We further
classify malicious agents according to the target they attack.
Attacking the Hosting Agency
The most obvious example of a malicious agent is one that consumes
resources of the hosting environment in an improper way. Examples of such
1. See anon.inf.tu-dresden.de for more information.
168 Chapter 5 Mobile Agent Security
resources are all computational resources—memory, CPU cycles, or network
bandwidth. These resources are consumed with the result that the agency
eventually is not able to provide its usual service to other agents. Such attacks
are therefore called denial-of-service attacks. In a less severe case the agent
merely wants to annoy the agency’s administrator by opening windows on
its screen. In this case the agent is authorized but does not comply to the
unwritten rules of a benevolently behaving agent. It should be obvious that it
is difficult to decide whether an agent performs a malicious act or not with-
out a clear model of access authorization to resources. The Java programming
language does not yet provide such a model. Consider the following example
of a correct Java code:
1 public void run()
2{
3 synchronized( Thread.class )
4{
5 while( true );
6}
7}
This piece of code holds a lock on the object Thread.class (remember
that every class is an object in Java too). Actually, it prevents other threads
from being executed. An agent that carries this piece of code can freeze the
entire agency.
The second type of attack to the hosting agency is when an agent tries
to gain unauthorized access to the agency. Agents can try to pilfer or alter
sensitive information stored on local hard disks. For example, it may try to
access a local key store file, which includes private keys of the agency or
its users. An agent could also tr y to disclose the agency’s code or even try to
terminate the agency completely. Such attacks are made possible either by an
inadequate access control mechanism or by improper agent authentication
and authorization, which allows any agent to masquerade as an authorized
agent and then (mis)use services or resources of the underlying agency. If, for
example, agent authorization is done only using the agent’s name, then the
attacking agent needs access only to the name of another agent with more
permissions.
At this point, it is worthwhile to compare mobile agent technology with
Java applets—this time from the point of security. In both cases, mobile
code is transmitted to a host that is going to execute it, therefore making
it a possible target of attacks initiated by the mobile code. The decisive

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required