[an error occurred while processing this directive]
Agents and security
[an error occurred while processing this directive]
- Simulated
Social Control for Secure Internet Commerce, Lars Rasmusson
Sverker Jansson, Swedish Institute of Computer Science, 1 April, 1996.
ABstract: In this paper we suggest that soft security such as
social control has to be used to create secure open systems. Social
control means that it is the participants themselves who are
responsible for the security, as opposed to leaving the security to
some external or global authority. Social mechanisms don't deny the
existence of malicious participants. Instead they are aiming at
avoiding interaction with them. This makes them more robust than hard
security mechanisms such as passwords, who reveal everything if they
are bypassed. We describe our work in progress of constructing a
workbench to run simulations of electronic markets. By examining the
success of different security mechanisms to avoid maliciously behaving
actors we hope to gain insight into how to create electronic
markets. The idea of creating reputations for the participants is
discussed. Finally some legal aspects on using social control and
reputation as security mechanisms are discussed. 3/5/97
- Paper:
Simulated Social Control for Secure Internet Commerce, by Lars
Rasmusson and Sverker Janson, April 1996. Abstract: In this paper we
suggest that soft security such as social control has to be used to
create secure open systems. Social control means that it is the
participants themselves who are responsible for the security, as
opposed to leaving the security to some external or global
authority. Social mechanisms don't deny the existence of malicious
participants. Instead they are aiming at avoiding interaction with
them. This makes them more robust than hard security mechanisms such
as passwords, who reveal everything if they are bypassed.
We
describe our work in progress of constructing a workbench to run
simulations of electronic markets. By examining the success of
different security mechanisms to avoid maliciously behaving actors we
hope to gain insight into how to create electronic markets. The idea
of creating reputations for the participants is discussed. Finally
some legal aspects on using social control and reputation as security
mechanisms are discussed. 4/17/96
- Paper:
Personal Security Assistance for Secure Internet Commerce, Andreas
Rasmusson and Sverker Janson, April, 1996. Abstract: In this paper we
discuss the approach of using a personal security assistant for
interacting with mobile agents visiting your computer. We argue that
instead of trusting an external authority to guarantee that the agent
is correct/benign or that your local resources have all been assigned
correct access-restrictions, a more rewarding security policy is to
grant the visiting agent access to resources on the assumption that it
will do useful work for you and behave as expected.
Not
disqualifying agents from doing useful work for you on the grounds
that you have no previous experience from them facilitates the
introduction of new agents into the market, since trusting the sender
is less crucial.
The paper contains a discussion on the security
approach taken in most of today's agent systems and how security is
enforced by Intrusion Detection Systems. We give a rationale for using
an interactive Personal Security Assistant as an aid for detecting
malicious agents visiting end-user agent environments and sketch the
architecture and design criteria of such an assistant. We discuss how
malicious programs could be identified and mention some preliminary
experiments with Java-applets. 4/17/96
- Paper: Colusa Software Whitepaper: Omniware: A
Universal Substrate for Mobile Code Colusa Software, Pittsburgh
PA. Colusa Software's (founded
in March 94, acquired by Microsoft in March 96) principal product,
Omniware, enables software developers to take code components written
in existing programming languages such as C and C++ and create highly
efficient, processor-independent client-side components for the
Internet and intranet environments. Colusa's unique method for memory
protection, known as Software Fault Isolation, allows users to
download programs safely from the Internet and run the programs in a
fully protected memory space (even when pointers are used). Microsoft
plans to incorporate the Colusa technologies in future versions of its
Internet and development tools products. 3/28/96
- Joeseph Tardo and Luis Valente. Mobile agent
security and Telescript , IEEE CompCon, 1996. 1/16/96
- Sun Labs has built most of the concepts of Safe-Tcl into Tcl 7.5 , now
available in as an alpha release. In addition to running on PCs and
Macs (with a Motif look and feel), this new version lets you
dynamically load binaries and create additional interpreters and
execute untrusted scripts using a generalization of Borenstein's and
Rose's Safe-Tcl. Ray Johnson (Raymond.Johnson@Eng.Sun.COM) reports
that they have some examples of it running with a web browser and are
considering creating a Netscape Plug-in to run safe Tcl scripts (See
http://www.sunlabs.com:80/research/tcl/java.html for a discussion
of the relationship between Tcl/Tk and Java) and planning on doing
some work with Safe-Tk. 1/16/95
-
Secret Agents
-- A Security Architecture for the KQML Agent Communication
Language, Chelliah Thirunavukkarasu (EIT), Tim Finin (UMBC) and
James Mayfield (UMBC), October 1995. 200K bytes postscript. (Draft
submitted to the CIKM'95 Intelligent Information Agents Workshop,
Baltimore, December 1995.)
- The Things
that Go Bump in the Net -- an informal survey of some of the more
colorful beasts in the menagerie of security and related problems in
networky and agenty systems. 7/13/95
[an error occurred while processing this directive]
Wednesday, 05-Mar-1997 21:20:07 EST