Using a Trust-Based Environment Key for Mobile Agent Code Protection

Human activities are increasingly based on the use of remote resources and services, and on the interaction between remotely located parties that may know little about each other. Mobile agents must be prepared to execute on different hosts with various environmental security conditions. The aim of this paper is to propose a trust based mechanism to improve the security of mobile agents and allow their execution in various environments. Thus, an adaptive trust mechanism is proposed. It is based on the dynamic interaction between the agent and the environment. Information collected during the interaction enables generation of an environment key. This key informs on the host-s trust degree and permits the mobile agent to adapt its execution. Trust estimation is based on concrete parameters values. Thus, in case of distrust, the source of problem can be located and a mobile agent appropriate behavior can be selected.

Authors:

• Salima Hacini
• Zahia Guessoum
• Zizette Boufaïda

Keywords:

• Internet security
• malicious host
• mobile agent security
• trust management

References:

[1] S. Braynov and T. Sandhol, "Trust revelation in multiagent interaction,"
in Proceedings of CHI'02 Workshop on the Philosophy and Design of Socially Adept Technologies, Minneapolis, 2002.
[2] V. Cahill et al., "Using trust for secure collaboration in uncertain environment," in IEEE Pervasive Computing, 2(3), pp. 52-61, 2003.
[3] C. Castelfranchi, R. Falcone, "Trust is much more than subjective probability: mental components and sources of trust," 32nd Hawaii
International Conference on System Sciences - Mini-Track on Software Agents, Maui, Hawaii (2000).
[4] T. Dimitrakos, "A service-oriented trust management framework," in R. Falcone, S. Barber, L. Korba, and M. Singh, editors, Trust,
Reputation, and Security: Theories and Practice, LNAI 2631. Springer, pp. 53-72, 2003.
[5] S. Hacini, "Using adaptability to protect mobile agents code," in IEEE
International Conference on Information Technology ITCC 2005, Las Vegas, pp. 49-53, 2005.
[6] F. Hohl, "Time limited blackbox security: protecting mobile agents from
malicious hosts," in G.Vigna (Ed.), Mobile Agents and Security. Lecture
Notes in Computer Science, Vol. 1419, Springer-Verlag, pp. 52-59,1998.
[7] A. Josang, S. Lo Presti, "Analyzing the relationship between risk and trust," in T. Dimitrakos (editor) the Proceedings of the Second
International Conference on Trust Management, Oxford, 2004.
[8] N. Karnik, "Security in mobile agents systems," PhD thesis, Department
of Computer Sciences and Engineering, University of Minnesota, Minneapolis, USA, 1998.
[9] D.W. Manchala, "E-Commerce trust metrics and models," in IEEE
Internet Computer, pp. 36-44, 2000.
[10] Y. Mu, C. Lin, V. Varadharajan, Y. Wang, "On the design of a new trust
model for mobile agent security, trust and privacy in digital business,"
Lecture Notes in Computer Science, Vol. 3184. Springer-Verlag, Berlin
Heidelberg Germany, pp. 60-69, 2004.
[11] J. Riordan, B. Schneier, "Environment key generation towards clueless
agents," Lecture Notes in Computer Science Vol. 1419, pp. 15-24, 1998.
[12] S. Rouvrais, "Utilisation d-agents mobiles pour la construction de services distribués," thèse de doctorat de l-université de Rennel, 2002.
[13] T. Sander, C. Tschudin, "Protecting mobile agent against malicious
hosts," in G.Vigna (Ed.), Mobile agents and security, Lecture Notes in Computer Science Vol.1419, ┬®Springer-Verlag Berlin Heidelberg, pp.44-60, 1998.