Abstract
Security is a very important challenge in mobile agent systems due to the strong dependence of agents on the platform and vice versa. According to recent studies, most current mobile agent platforms suffer from significant limitations in terms of security when they face Denial of Service (DOS) attacks. Current security solutions even provided by the mobile agent platforms or by the literature focus essentially on individual attacks and are mainly based on static models that present a lack of the permissions definition and are not detailed enough to face collaborative DOS attacks executed by multiple agents or users. This paper presents a security framework that adds security defenses to mobile agent platforms. The proposed security framework implements a standard security model described using MA-UML (Mobile Agent-Unified Modeling Language) notations. The framework lets the administrator (of agents’ place) define a precise and fine-grained authorization policy to defend against DOS attacks. The authorization enforcement in the proposed framework is dynamic : the authorization decisions executed by the proposed framework are based upon run-time parameters like the amount of activity of an agent. We implement an experiment on a mobile agent system of e-marketplaces. Given that we focus essentially on the availability criterion, the performance of the proposed framework on a place is evaluated against DOS and DDOS attacks and investigated in terms of duration of execution that is the availability of the place.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
All data generated or analyzed during this study are included in this published article [and its supplementary information files].
References
Alami-Kamouri, S., Moukafih, N., Orhanou, G., Elhajji, S.: Mobile agent security based on cryptographic trace and SOS agent mechanisms. J. Commun. 15(3), 221–230 (2020)
Alfalayleh, M., Brankovic, L.: An overview of security issues and techniques in mobile agents. In: Communications and Multimedia Security, pp. 59–78. Springer (2005)
Alluhaybi, B., Alrahhal, M.S., Alzahrani, A., Thayananthan, V.: Dummy-based approach for protecting mobile agents against malicious destination machines. IEEE Access 8, 129320–129337 (2020)
Alluhaybi, B., Alrahhal, M.S., Alzhrani, A., Thayananthan, V.: A survey: agent-based software technology under the eyes of cyber security, security controls, attacks and challenges. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 10(8) (2019)
Bagga, P., Hans, R., Sharma, V.: A biological immune system (bis) inspired mobile agent platform (map) security architecture. Expert Syst. Appl. 72, 269–282 (2017)
Belghiat, A., Kerkouche, E., Chaoui, A., Beldjehem, M.: Mobile agent-based software systems modeling approaches: a comparative study. J. Comput. Inf. Technol. 24(2), 149–163 (2016)
Bellifemine, F., Caire, G., Poggi, A., Rimassa, G.: Jade A software framework for develo** multi-agent applications lessons learned. Inf. Softw. Technol. 50, 10–21 (2008)
Berguig, Y., Laassiri, J., Hanaoui, S., Krit, S.d.: Mobile agent security based on mutual authentication and elliptic curve cryptography. Int J Innov Technol Explor Eng 8 (2019)
Beydoun, G., Low, G., Mouratidis, H., Henderson-Sellers, B.: A security-aware metamodel for multi-agent systems (mas). Inf. Softw. Technol. 51(5), 832–845 (2009)
Beydoun, G., Low, G.C., Mouratidis, H., Henderson-Sellers, B.: Modelling mas-specific security features (2007)
Bhamra, G.S., Verma, A., Patel, R.: Intelligent software agent technology: an overview. Int. J. Comput. Appl. 89(2), 19–31 (2014)
Bürkle, A., Hertel, A., Müller, W., Wieser, M.: Evaluating the security of mobile agent platforms. Auton. Agent. Multi-Agent Syst. 18(2), 295–311 (2009)
Cao, C., Lu, J.: Path-history-based access control for mobile agents. Int. J. Parallel, Emerg. Distrib. Syst. 21(3), 215–225 (2006)
Farmer, W.M., Guttman, J.D., Swarup, V.: Security for mobile agents: Issues and requirements. In: Proceedings of the 19th national information systems security conference, vol. 2, pp. 591–597. Baltimore, Md. (1996)
Feng, Y., Hori, Y., Sakurai, K.: A behavior-based online engine for detecting distributed cyber-attacks. In: International Workshop on Information Security Applications, pp. 79–89. Springer (2016)
Group, O., et al.: " unified modeling language", object management group. http://www.uml.org (2001)
Hachicha, H., Loukil, A., Ghedira, K.: Ma-uml: a conceptual approach for mobile agents’ modelling. Int. J. Agent-Oriented Softw. Eng. 3(2/3), 277–305 (2009)
Hachicha, H., Samet, D., Ghedira, K.: A conceptual approach to place security in systems of mobile agents. In: German Conference on Multiagent System Technologies, pp. 154–170. Springer (2015)
Hanaoui, S., Berguig, Y., Laassiri, J.: On the security communication and migration in mobile agent systems. In: International Conference on Advanced Intelligent Systems for Sustainable Development, pp. 302–313. Springer (2018)
JADEBoard: Jade security guide (2005). https://jade.tilab.com/doc/tutorials/JADE_Security.pdf
Jansen, W., Karygiannis, T.: Nist special publication 800-19–mobile agent security, national institute of standards and technology. http://csrc.ncsl.nist.gov/mobilesecurity/Publications/sp800-19.pdf (2000)
Kori, G.S., Kakkasageri, M.S.: Agent driven resource scheduling in wireless sensor networks: fuzzy approach. Int. J. Inf. Technol. 14(1), 345–358 (2022)
Linna, F., Jun, L.: A free-roaming mobile agent security protocol against colluded truncation attack. In: 2010 2nd International Conference on Education Technology and Computer, vol. 5, pp. V5–261. IEEE (2010)
Loulou, M., Jmaiel, M., Kacem, A.H., Mosbah, M.: A conceptual model for secure mobile agent systems. In: 2006 International conference on computational intelligence and security, vol. 1, pp. 524–527. IEEE (2006)
Ma, L., Tsai, J.J.: Formal modeling and analysis of a secure mobile-agent system. IEEE Trans. Syst., Man, Cybern.-Part A: Syst. Humans 38(1), 180–196 (2007)
Marikkannu, P., Jovin, A.: A secure mobile agent system against tailgating attacks. J. Comput. Sci. 7(4), 488 (2011)
Marikkannu, P., Murugesan, R., Purusothaman, T.: Afdb security protocol against colluded truncation attack in free roaming mobile agent environment. In: 2011 International conference on recent trends in information technology (ICRTIT), pp. 240–244. IEEE (2011)
Mishra, P.K., Singh, R., Yadav, V.: Incorporating novel hierarchical secure model for performance and reliability evaluation in mobile agent system. Int. J. Commun. Netw. Distrib. Syst. 22(3), 294–312 (2019)
Mohamed, A.T.: Generate sub-agent mechanism to protect mobile agent privacy. In: 2012 IEEE symposium on computers & informatics (ISCI), pp. 86–91. IEEE (2012)
Montanari, R., Stefanelli, C., Dulay, N.: Flexible security policies for mobile agent systems. Microprocess. Microsyst. 25(2), 93–99 (2001)
Mouratidis, H., Giorgini, P., Manson, G.: Modelling secure multiagent systems. In: Proceedings of the second international joint conference on Autonomous agents and multiagent systems, pp. 859–866. ACM (2003)
Nasr, M.M.: A proposed paradigm for tracing the effect of security threats in various mobile agent systems. In: 2015 5th national symposium on information technology: towards new smart world (NSITNSW), pp. 1–8. IEEE (2015)
van’t Noordende, G.J., Brazier, F.M., Tanenbaum, A.S.: Security in a mobile agent system. In: IEEE First symposium on multi-agent security and survivability, 2004, pp. 35–45. IEEE (2004)
Ordille, J.J.: When agents roam, who can you trust? In: Proceedings of COM’96. first annual conference on emerging technologies and applications in communications, pp. 188–191. IEEE (1996)
Rekik, M., Kallel, S., Loulou, M., Kacem, A.H.: Modeling secure mobile agent systems. In: KES International Symposium on Agent and Multi-Agent Systems: Technologies and Applications, pp. 330–339. Springer (2012)
Samet, D., Ktata, F.B., Ghedira, K.: Security and trust on mobile agent platforms: A survey. In: Jezic, G., Kusek, M., Chen-Burger, Y.H.J., Howlett, R.J., Jain, L.C. (eds.) Agent and multi-agent systems: technology and applications, pp. 42–52. Springer International Publishing, Cham (2017)
Samet, D., Ktata, F.B., Ghedira, K.: Securing mobile agents, stationary agents and places in mobile agents systems. In: KES International symposium on agent and multi-agent systems: technologies and applications, pp. 97–109. Springer (2018)
Samet, D., Ktata, F.B., Ghedira, K.: A comparative study of trust and reputation models in mobile agent systems. In: Agents and multi-agent systems: technologies and applications 2020, pp. 71–82. Springer (2020)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Saxena, A., Soh, B.: Authenticating mobile agent platforms using signature chaining without trusted third parties. In: 2005 IEEE international conference on e-technology, e-commerce and e-service, pp. 282–285. IEEE (2005)
Schäfer, G.: Sabotageangriffe auf kommunikationsinfrastrukturen: Angriffstechniken und abwehrmaßnahmen. Praxis der Informationsverarbeitung und Kommunikation 28(3), 130–139 (2005)
Srivastava, S., Nandi, G.: Protection of mobile agent and its itinerary from malicious host. In: 2011 2nd International conference on computer and communication Technology (ICCCT-2011), pp. 405–411. IEEE (2011)
Srivastava, S., Nandi, G.: Fragmentation based encryption approach for self protected mobile agent. J. King Saud Univer.-Comput. Inform. Sci. 26(1), 131–142 (2014)
Tsiligiridis, T.A.: Security for mobile agents: privileges and state appraisal mechanism. Neural Parallel Scient. Comput. 12(2), 153–162 (2004)
Venkatesan, S., Baskaran, R., Chellappan, C., Vaish, A., Dhavachelvan, P.: Artificial immune system based mobile agent platform protection. Comput. Stand. Interf. 35(4), 365–373 (2013)
Venkatesan, S., Chellappan, C.: Protection of mobile agent platform through attack identification scanner (ais) by malicious identification police (mip). In: 2008 First international conference on emerging trends in engineering and technology, pp. 1228–1231. IEEE (2008)
Venkatesan, S., Chellappan, C., Vengattaraman, T., Dhavachelvan, P., Vaish, A.: Advanced mobile agent security models for code integrity and malicious availability check. J. Netw. Comput. Appl. 33(6), 661–671 (2010)
Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: ACM SIGOPS Operating Systems Review, vol. 27, pp. 203–216. ACM (1994)
**ao, L., Peet, A., Lewis, P., Dashmapatra, S., Saez, C., Croitoru, M., Vicente, J., Gonzalez-Velez, H., i Ariet, M.L.: An adaptive security model for multi-agent systems and application to a clinical trials environment. In: 31st Annual international computer software and applications conference (COMPSAC 2007), vol. 2, pp. 261–268. IEEE (2007)
Yousefi, S., Karimipour, H., Derakhshan, F.: Data aggregation mechanisms on the internet of things: a systematic literature review. Intern. Things 15, 100427 (2021)
Zrari, C., Hachicha, H., Ghedira, K.: Agent’s security during communication in mobile agents system. Procedia Comput. Sci. 60, 17–26 (2015)
lnowski, A.P.Z.: JADE-PKI 1.0 Manual (2012). https://jade.tilab.com/doc/tutorials/PKI_Guide.pdf
Author information
Authors and Affiliations
Contributions
DS wrote the main manuscript text and prepared figures. All authors reviewed the manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Supplementary Information
Below is the link to the electronic supplementary material.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Samet, D., Ktata, F.B. & Ghedira, K. A security framework for mobile agent systems. Autom Softw Eng 31, 12 (2024). https://doi.org/10.1007/s10515-023-00408-7
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10515-023-00408-7