applying trust policies for protecting applying trust
play

Applying Trust Policies for Protecting Applying Trust Policies for - PowerPoint PPT Presentation

Sep 14, 2023 •283 likes •511 views

Applying Trust Policies for Protecting Applying Trust Policies for Protecting Mobile Agents Against DoS Mobile Agents Against DoS Biljana Cubaleska 1 , Markus Schneider 2 1 University of Hagen, Dept. Of Communication Systems, Germany 2

  1. Applying Trust Policies for Protecting Applying Trust Policies for Protecting Mobile Agents Against DoS Mobile Agents Against DoS Biljana Cubaleska 1 , Markus Schneider 2 1 University of Hagen, Dept. Of Communication Systems, Germany 2 Fraunhofergesellschaft, Darmstadt, Germany

  2. Overview ❒ Motivation: Security problems with mobile code ❒ Denial of Service (DoS) attacks ❒ Detection of malicious hosts ❒ Trust policy and cost reduction ❒ Conclusion 2 “Trust Policies for Protecting Mobile Agents Against DoS”

  3. Security problems with mobile code ❒ Mobile agents autonomous programs which migrate through a network of sites to accomplish tasks on behalf of their owners ❒ Security threats ❒ Both the visited hosts and the agents are exposed to serious dangers ❒ Malicious agent can attack the host platform ❒ E.g. unauthorized access to resources, altering or deleting it, Trojan horse functionality ❒ Malicious host platform can attack the agent ❒ E.g. Extract private information, steel digital goods, modify agent data, denial of service 3 “Trust Policies for Protecting Mobile Agents Against DoS”

  4. Denial of Service from malicious Host Normal case: The hosts in the network offer their services to the agents „Denial of Service“ in this context: Some host reject to give its ❒ services to the agent The agent owner can have benefits of using the agent system only if it ❒ works properly and if the visited hosts are willing to serve the agents, i.e. these hosts make their services available Mechanisms which enable detecting the hosts performing DoS ❒ are important! 4 “Trust Policies for Protecting Mobile Agents Against DoS”

  5. Types of Denial of Service Partial Denial of Service Total ❒ Partial DoS: A visited host does not execute the agent, or ❒ does not execute it properly, or ❒ put in the mobile data false results (Problem of integrity of computation) ❒ but , allows the agent to continue his journey! ❒ Total DoS ❒ A visited host is not willing to let an agent to continue its route, it deletes or „kills“ the agent ❒ The agent cannot return to his home ❒ All results collected by the agent so far will be lost A mechanism which tackles these problems is required! 5 “Trust Policies for Protecting Mobile Agents Against DoS”

  6. Our solution against total DoS ❒ Deleting agents (total DoS) cannot be a priori prevented ❒ We propose a mechanism for a posteriori identification of the attacking Host ❒ Combination of cryptographic primitives and a fixed set of rules ❒ Personal trust policy ❒ The information WHO was the attacking host is used from the agent owner to build a trust model for the hosts he is dealing with ❒ Preventive effect ❒ This knowledge is used from the owner when composing the future agent routes ❒ Assumption: Independent results (a computation does not require the results produced at any other host as input) 6 “Trust Policies for Protecting Mobile Agents Against DoS”

  7. Agent components Agent another binary logbook mobile data uid route infos code # ( c ) agent = j j ( bc , md , uid , r , vc ) j j agent c - Agent residing at host after being executed j bc - Binary code of the Agent − 1 ⊂ j j c md md j md - mobile data contained in the agent after execution at j 0 md h ( could be control data given from ) uid - Unique Identifier of the Agent r = ( ip ( c ), ... , ip ( c ), ... , ip ( c ) ) - Agent route (hosts to be visited) given from h 1 j n j = # ( c ) vc ip ( c ), ... , ip ( c ) i ∈ { 1 , ... , n } - Sequence of already visited hosts i j 1 1 0 vc is empty (before the first migration) # ( c ) elements j - number of already visited hosts # ( c ) j 7 “Trust Policies for Protecting Mobile Agents Against DoS”

  8. Towards the solution ❒ Idea: Usage of undeniable proofs ❒ When an agent owner does not receive his agent after some waiting time, there arouses suspicion that the agent suffered DoS by a malicious host ❒ The agent owner asks all hosts contained in the route to show him a proof that they correctly dispatched the agent ❒ The attacking host is not able to show such a proof ❒ Undeniable proofs can be realized with the technique of digital signatures 8 “Trust Policies for Protecting Mobile Agents Against DoS”

  9. Important step: Exchange of Agent and confirmation Rule: Upon receiving an agent, each host must send a ❒ confirmation to its predecessor The confirmation is signature from c J : sig cj (uid) Protocols ❒ Sender protocol ❒ Receiver protocol ❒ Investigation Procedure ❒ The agent owner want to see the confirmations of all hosts that they properly ❒ dispatched the agent The agent owner modifies his personal trust policy ❒ 9 “Trust Policies for Protecting Mobile Agents Against DoS”

  10. Example: Agent journey without DoS r = ( ip ( c ), ip ( c ), ip ( c ), ip ( c ) ) 1 2 3 4 10 “Trust Policies for Protecting Mobile Agents Against DoS”

  11. Example: Agent journey with DoS r = ( ip ( c ), ip ( c ), ip ( c ), ip ( c ) ) 1 2 3 4 - c 3 performs DoS - In an investigation procedure from h , c 3 cannot show him an evidence that it dispatched the agent to c 4 11 “Trust Policies for Protecting Mobile Agents Against DoS”

  12. Enhancing the simple solution ❒ But, what in the case when some hosts does not „play“ according to the rules? ❒ E. g. Some host does not send confirmation to its predecessor although it successfully received the agent, some host skip the next one, etc. ❒ The exchanging of agent and confirmation was built in a protocols which enable correct results in all cases ❒ Some agent components must be modified and new system parameter must be added: ❒ E.g. buf (each host has a buffer for each agent to be processed) m (maximum number of hosts that should try to contact ~ = m ( m , sig ( m ) ) another host which is not answering properly) h # ( c ) = # ( c ) # ( c ) vc vc , ip ( c ), sig ( vc , ip ( c )) l k k (nested signatures) l c l l # ( c ) sig ( uid , vc ) k (list of visited hosts included in the confirmation) c l 12 “Trust Policies for Protecting Mobile Agents Against DoS”

  13. Sender and receiver protocol Sender protocol: (executed at c j after the execution of the agent) Receiver protocol: 13 “Trust Policies for Protecting Mobile Agents Against DoS”

  14. Selecting the next host to be visited - Subroutine of the sender protocol - When the next host in the route is not reachable or when it doesn‘t send a confirmation, then the next host to be visited is determined from this algorithm. 14 “Trust Policies for Protecting Mobile Agents Against DoS”

  15. Investigation Procedure h � c j Request c j � h Evidence ❒ Consists of consecutive application of investigation protocol ❒ Agent owners request ❒ Answer in which a host shows ist evidence ❒ The hosts are quered in the order in which they were visited, ~ r which is not necessarily the same as those given in 15 “Trust Policies for Protecting Mobile Agents Against DoS”

  16. Trust Values ❒ The agent owner uses the output of the investigation procedure ❒ Definition ❒ The agents owner trust value trust(c i ) that host c i will NOT perform DoS to his agents is given by trust(c i )=P(c i ) ❒ The collection of trust values represents its trust policy ❒ The initial values are estimated ❒ Then, after each modification procedure the trust values are modificated (increased or decreased) ❒ The trust values are used to compose the future routes 16 “Trust Policies for Protecting Mobile Agents Against DoS”

  17. Cost parameter = communication cost ❒ We consider the average number of migrations an agent really requires when its route contains n entities ❒ Let r = (c 1 , c 2 , ....... c n ) trust(c i ) = P(c i ) = p i for i = 1, ... n X – discrete random variable that specifies the number of migrations that have been made during the agent journey (The sample space can consist of all values from X=1 to X=n+1 ) ❒ P(X=i) for i=1, ... ,n probability that the agent migrate until host c i , but not further ❒ P(X=n+1) probability that the agent returns home P(X=1) = 1-p 1 P(X=i) = p 1 ..... p i-1 (1-p i ) for 1 < i <= n P(X=n+1) = p 1 p 2 .... p n 17 “Trust Policies for Protecting Mobile Agents Against DoS”

  18. Trust policy exploitation for cost reduction ❒ Expected value: + n 1 ∑ = ⋅ = = − + − E [ X ] i P ( X i ) 1 ( 1 p ) 2 p ( 1 p ) 1 1 2 = i 1 + + − + + ....... n p .... p ( 1 p ) ( n 1 ) p .... p − 1 n 1 n 1 n ❒ We are interested in minimum of E [ X ] ❒ Necessary and sufficient condition E [ X ] ❒ The value of depends on the trust values of the hosts and on the ordering of the hosts in the route ❒ The value that the agent will not suffer denial of service attack does not depend on the ordering: P(X=n+1) = p 1 p 2 .... p n ❒ Number of possible routes: n! E [ X ] ❒ Which of these routes leads to minimum ? 18 “Trust Policies for Protecting Mobile Agents Against DoS”

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust Your Local Mental Health NHS Trust Implementation of Involvement Agenda National accreditation for Memory Service Team (Bloxwich Hospital)

763 views • 14 slides
Final IRS Sect. 67(e) Regs for Estate and Trust Taxpayers: Applying the Required 2% Deduction Floor

Final IRS Sect. 67(e) Regs for Estate and Trust Taxpayers: Applying the Required 2% Deduction Floor

Final IRS Sect. 67(e) Regs for Estate and Trust Taxpayers: Applying the Required 2% Deduction Floor WEDNESDAY, OCTOBER 15, 2014, 1:00-2:50 pm Eastern IMPORTANT INFORMATION This program is approved for 2 CPE credit hours . To earn credit you must:

405 views • 40 slides
The future of identity and trust Chris Eckl, CTO protecting organisations, connecting people

The future of identity and trust Chris Eckl, CTO protecting organisations, connecting people

The future of identity and trust Chris Eckl, CTO protecting organisations, connecting people How is Trust established in a self- sovereign network? Sitekit &amp; Condatis digital Identity (Condatis) healthcare market Trust Trust B A

579 views • 28 slides
PGP web of trust Web of trust From:

PGP web of trust Web of trust From:

PGP web of trust Web of trust From: h2p://pgp.cs.uu.nl/plot/ The PGP web of trust can be viewed as a directed graph where the points are

558 views • 10 slides
Gabriola Island Local Trust Committee BACKGROUND Ten significant policies in the Official

Gabriola Island Local Trust Committee BACKGROUND Ten significant policies in the Official

Gabriola Island Local Trust Committee BACKGROUND Ten significant policies in the Official Policies Community Plan (OCP) related to climate adopted by change and greenhouse gas emission the Local Trust reduction Committee (LTC) in 2010

413 views • 25 slides
Applying to Applying to Universities in the Universities in the USA USA Running order The

Applying to Applying to Universities in the Universities in the USA USA Running order The

Applying to Applying to Universities in the Universities in the USA USA Running order The picture can't be displayed. + + Introduction + + Why the US? + + What are US universities looking for? + + What does the application consist

330 views • 20 slides
Drafting Irrevocable Silent Trusts: Preserving Privacy of Trust Assets from Spendthrift

Drafting Irrevocable Silent Trusts: Preserving Privacy of Trust Assets from Spendthrift

Presenting a live 90-minute webinar with interactive Q&amp;A Drafting Irrevocable Silent Trusts: Preserving Privacy of Trust Assets from Spendthrift Beneficiaries Balancing Fiduciary Duties, Selecting Trust Situs and Type, Protecting Trust

316 views • 20 slides
Applying for Financial Aid National College Fair 2018 Applying for Financial Aid Begin- as

Applying for Financial Aid National College Fair 2018 Applying for Financial Aid Begin- as

Applying for Financial Aid National College Fair 2018 Applying for Financial Aid Begin- as early as possible Get your FSA ID File the FAFSA/MN Dream Act Application Work with the financial aid office to complete verification or

430 views • 15 slides
Chapter 8 Applying Thread Pools Magnus Andersson Execution policies Not all task are

Chapter 8 Applying Thread Pools Magnus Andersson Execution policies Not all task are

Chapter 8 Applying Thread Pools Magnus Andersson Execution policies Not all task are suitable for all execution policies Dependent task Task exploiting thread confinement Response time sensitive tasks ThreadLocal tasks

358 views • 32 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
Turning spaghetti into lasagne Applying the principles of application frameworks to Applying the

Turning spaghetti into lasagne Applying the principles of application frameworks to Applying the

Turning spaghetti into lasagne Applying the principles of application frameworks to Applying the principles of application frameworks to packaged applications James Couzens Solution Architect, Suncorp JAOO Conference, 2009 What I will be

189 views • 15 slides
Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization creates opportunities and risks Page 2 And its common truth We cant expect people to actively support the digital transformation if we cannot

499 views • 11 slides
The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability

The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability

The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability based upon positive expectations of the intention or behaviour of another. Key components of TRUST include (1) the recognition of vulnerability

471 views • 13 slides
Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust: confidence in, or an assured reliance on, the character, integrity, ability, strength, or truth of someone or something faith: Confidence or

784 views • 33 slides
Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions

Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions

Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions and/or adequate competences of others in situations characterized by dependence, vulnerability and risk.* *Luhmann (1968), Baier (1986, 1992),

573 views • 7 slides
Applying to Medical School 2016-2017 Applying to Medical School Halifax and

Applying to Medical School 2016-2017 Applying to Medical School Halifax and

Applying to Medical School 2016-2017 Applying to Medical School Halifax and New Brunswick Campuses APPLICANT CATEGORIES Maritime (NS, NB, PE)99 = seats

518 views • 30 slides
Suite March 2018 Webinar Instructions Presenters Chris Andrews, The Cloudburst Group

Suite March 2018 Webinar Instructions Presenters Chris Andrews, The Cloudburst Group

Housing Trust Fund and eCon Planning Suite March 2018 Webinar Instructions Presenters Chris Andrews, The Cloudburst Group HUD Staff Beth Hendrix, OBGA Jessica Suimanjaya, OAHP 2 Webinar Instructions Webinar will last

589 views • 39 slides
Behavioral Query 12/12/2019 Jiaping Gui , Xusheng Xiao , Ding Li , Chung Hwan Kim

Behavioral Query 12/12/2019 Jiaping Gui , Xusheng Xiao , Ding Li , Chung Hwan Kim

Progressive Processing of System- Behavioral Query 12/12/2019 Jiaping Gui , Xusheng Xiao , Ding Li , Chung Hwan Kim , and Haifeng Chen NEC Laboratories America, Inc. Case Western Reserve University 1 www.nec-labs.com

629 views • 16 slides
Presentation of the paper Proof-of-Execution: Reaching Consensus through Fault-Tolerant

Presentation of the paper Proof-of-Execution: Reaching Consensus through Fault-Tolerant

Presentation of the paper Proof-of-Execution: Reaching Consensus through Fault-Tolerant Speculation Presenter: Haojun (Howard) Zhu Background Due to time-tested safe design of PBFT and due to the limiting designs of other BFT protocols,

536 views • 26 slides
Educating voters about their options COVID-19 and Election Administration: Approaches for

Educating voters about their options COVID-19 and Election Administration: Approaches for

Educating voters about their options COVID-19 and Election Administration: Approaches for Election Officials June 4, 2020 Housekeeping Be gracious about work-from-home setups Restart Zoom if needed Slides and captioned recordings

942 views • 47 slides
Welcome! Todays Agenda: Introduction Hardware Trust No One / An Efficient

Welcome! Todays Agenda: Introduction Hardware Trust No One / An Efficient

/INFOMOV/ Optimization &amp; Vectorization J. Bikker - Sep-Nov 2018 - Lecture 12: Multithreading Welcome! Todays Agenda: Introduction Hardware Trust No One / An Efficient Pattern Experiments Final

517 views • 31 slides
Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th , 2006 Code from

Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th , 2006 Code from

Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th , 2006 Code from the Web Can I trust the software on my machine, knowing that there are very bad people out there ? risk of malicious code risk of

392 views • 28 slides
The New Uniform Grant Guidance: Executive Level Overview What You Need to Know Shelly L. Hammond

The New Uniform Grant Guidance: Executive Level Overview What You Need to Know Shelly L. Hammond

The New Uniform Grant Guidance: Executive Level Overview What You Need to Know Shelly L. Hammond Vice President, Assurance Services Allen, Gibbs &amp; Houlik, L.C. Administration Slides: The presentation slide link was provided the day

765 views • 63 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 5 Best Frameworks available today

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 5 Best Frameworks available today

Principles of Software Construction: Objects, Design, and Concurrency Part 3: Concurrency Introduction to concurrency, part 4 In the trenches of parallelism Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 5 Best Frameworks

499 views • 36 slides

More recommend