2000 Project Summary
Self Protecting Mobile Agents
||Link to Quad
Chart provided by the performing organization
||Develop and Prototype practical and effective
techniques that allow mobile agents to protect themselves from malicious
host computers. Such self-protecting agents will perform their missions
with confidence even though they sometimes roam through unknown and possibley-hostile
||Develop tools that translate an individual software
agent into a distributed set of tamper-resistant agentlets that is never
entirely vulnerable to a single host, and that can detect and recover from
compromise of a subset of its elements. Provide strong protection by combining
three core techniques:
This research will be conducted in three phases:
Distributed Agent State. Each agent will be partitioned into a set of communicating
programs (agentlets) executing on independent hosts. Critical information
will be spread across the agentlets, thus limiting vulnerability to any
proper subset of the hosts.
Obfuscation with Periodic Regeneration. Executable code and data of each
agentlet will be obfuscated using a variety of techniques (e.g.,
randomly selected, but equivalent, algorithms and data representations).
Obfuscation will delay, but not prevent, brainwashing of agents via reverse
engineering. Consequently, agentlets will periodically expire and be replaced
by differently obfuscated versions so that a successful attack on an agentlet
cannot be accomplished before the agentlet expires. Regeneration will use
information from multiple agentlets (hosts), and hence will not be vulnerable
to reverse engineering by any single host.
Monitoring and Recovery. Agentlets will be self-monitoring and will also
monitor other agentlets. Using challenge/response
techniques, agents will automatically exclude compromised agentlets, report
the identities of tampering nodes, and replace lost agentlets.
Phase 1: Develop source-code translation tools to convert an individual
software agent into a set of replicated communicating agentlets that collectively
manage their navigation to avoid dependence on possibly-colluding hosts.
In addition to agent source code, our tools will read an agent security
specification that determines a variety of agentlet protection policies,
and will possibly accept manual guidance as well. A key goal of this work
will be to minimize or avoid manual guidance of the tools. To maximize
technology transfer, we will base our work on a freely-available agent
system such as the open-source Kaariboga system. Our tools will extend
the functionality of agents to encompass group navigation (through the
information fabric), protection of secrets, and coordinated state management
(between members of a distributed agent). To maximize flexibility, develop
a simple policy specification language and use specifications to guide
the behavior of the new functional areas generated by our tools, and make
appropriate tradeoffs between security, performance, and functionality.
Using these techniques, this task will reduce the vulnerability of agents
to individual hosts, and will allow agents to carry secrets with relative
Phase 2: Augment our agentlet-generation tools to produce agentlets that
dynamically obfuscate one another as they migrate through the network.
Leverage this capability into ongoing protection by time-limiting the execution
of individual obfuscated agentlets, and dynamically generating and running
new, differently-obfuscated, versions so that a successful attack on an
agentlet cannot be accomplished before the agentlet is replaced. Using
distributed and dynamically-refreshed obfuscation, prevent reverse engineering
and ensure that the obfuscation process itself is protected from tampering.
Ensure that any progress that an attacker makes in reverse-engineering
an old version of an agentlet confers no useful
information about attacking a subsequent version of the agentlet.
Phase 3: Extend agentlets to employ fine-grained monitoring for tamper
detection, and mutually-suspicious agreement protocols to identify and
exclude potentially-subverted agentlets. Because agentlets will be obfuscated,
it will be infeasible for a host to remove or disable monitoring. Agentlets
will both monitor themselves by probing their state for integrity, and
also monitor each other via protocols that are obfuscated and hence impractical
to spoof by hosts. Because of this external monitoring, expired agentlets
will be incompatible with newer versions running on other hosts, and hosts
will therefore be unable to refuse execution to newly-generated agentlets,
or to continue using expired versions without detection. This task will
provide self-healing and group integrity to sets of agentlets.
||This is a new project and has started with a
small amount of initial funding. Our recent accomplishments focus
on initial investigations and the establishment of a source-code
build environment for conducting the research.
Survey of agent systems. This work will be based on an existing (although
possibly extended) agent system. We surveyed a large number of agent systems
available from the Web. To speed the project and to maximize technology
transfer, we established four core criteria for selecting an agent system:
1) Open Source, 2) Java-based, 3) multi-hop code/state distribution, and
4) simple. We will release Self-Protecting Mobile Agents technology under
the GPL, and hence an open source technology base is of great value for
easing technology transfer. Although Java is not a technical necessity
for constructing mobile agents, it is a useful standard, relatively mature,
freely available, and its cross-platform feature will assist with technology
transfer. The multi-hop distribution requirement rules out systems, which
are merely central code servers that send code (in one hop) straight to
executing nodes. Multi-hop systems provide the scalability and generality
that mobile agents require, and that our techniques assume. Our final requirement
is simplicity. Simplicity in the base technology greatly facilitates experimentation.
Surprisingly, only one non-trivial system satisfied all of these goals
simultaneously, Kaariboga. (http://www.physik.uni-bielefeld.de/experi/d3/persons/struve/kaariboga)
We have downloaded, built, and performed some initial tests with Kaariboga,
and it appears to be a suitable base for our experiments.
In addition to surveying generic mobile agent systems, we have begun to
track technology being developed under DARPA’s Active Networks program.
Active Networks are mobile agent systems with a specific application domain
(network infrastructure). Lee Badger attended the Active Nets Principal
Investigator’s meeting in Portland OR in June, 2000. We are examining the
ANTS active networks system from MIT and are considering which Active Networks
Pis to work with in migrating self-protection techniques into the Active
Survey of obfuscation tools. We have begun surveying available Java
obfuscation tools. Most of the current tools are too basic, and are commercial
products. Even so, we may be able to build upon some of the existing tools
and add the sophisticated features we require. For example, Retroguard
(http://www.retrologic.com) has been released under the GPL and could be
a suitable base for extension.
||Analyze the structure of mobile agents in Kaariboga,
and formulate techniques for partitioning agents into separate, replicated,
agentlets. To the extent possible, formulate the techniques to be portable
to other agent systems. Design tools for performing the partitioning. Set
up a mobile agent testbed for running partitioned agents.
Continue surveying available obfuscation tools. Select a tool upon
which to base our work. As with the agent system selection criteria, the
tool will be Open Source and Java-based.
Begin exploration of how to perform the obfuscation task consistently
with the structure and requirements of Phase 1 distributed agentlets.
Continue to track the Active Networks program, and perform an initial
analysis of how to port self-protection techniques into the ANTS Active
||In November, 1999, Lee Badger briefed the commercial
divisions of Network Associates on the problem of protecting mobile agents
and on solution strategies we are now exploring. This was prior to the
start of the contract, but was a useful opportunity raise awareness within
In March 2000, Lee Badger briefed the ISAT study group on Mobility
and Security on the problem of protecting agents from malicious hosts,
and on possible solutions.
In May 2000, Lee Badger attended the DARPA Dynamic Coalitions Policy
Workshop and discussed aspects of security policy in various domains. Self-protecting
agents will have their own specialized view of security policy, and hence
are relevant to the general area of policy specification.
Organization: NAI Labs
3060 Washington Road (Rt. 97)
City, State, ZIP: Glenwood, MD 21738
Organization: NAI Labs
3060 Washington Rd. (Rt. 97)
Glenwood, MD 21738