[an error occurred while processing this directive]

Agents and security

[an error occurred while processing this directive]

Simulated Social Control for Secure Internet Commerce, Lars Rasmusson Sverker Jansson, Swedish Institute of Computer Science, 1 April, 1996. ABstract: In this paper we suggest that soft security such as social control has to be used to create secure open systems. Social control means that it is the participants themselves who are responsible for the security, as opposed to leaving the security to some external or global authority. Social mechanisms don't deny the existence of malicious participants. Instead they are aiming at avoiding interaction with them. This makes them more robust than hard security mechanisms such as passwords, who reveal everything if they are bypassed. We describe our work in progress of constructing a workbench to run simulations of electronic markets. By examining the success of different security mechanisms to avoid maliciously behaving actors we hope to gain insight into how to create electronic markets. The idea of creating reputations for the participants is discussed. Finally some legal aspects on using social control and reputation as security mechanisms are discussed. 3/5/97
Paper: Simulated Social Control for Secure Internet Commerce, by Lars Rasmusson and Sverker Janson, April 1996. Abstract: In this paper we suggest that soft security such as social control has to be used to create secure open systems. Social control means that it is the participants themselves who are responsible for the security, as opposed to leaving the security to some external or global authority. Social mechanisms don't deny the existence of malicious participants. Instead they are aiming at avoiding interaction with them. This makes them more robust than hard security mechanisms such as passwords, who reveal everything if they are bypassed.
We describe our work in progress of constructing a workbench to run simulations of electronic markets. By examining the success of different security mechanisms to avoid maliciously behaving actors we hope to gain insight into how to create electronic markets. The idea of creating reputations for the participants is discussed. Finally some legal aspects on using social control and reputation as security mechanisms are discussed. 4/17/96
Paper: Personal Security Assistance for Secure Internet Commerce, Andreas Rasmusson and Sverker Janson, April, 1996. Abstract: In this paper we discuss the approach of using a personal security assistant for interacting with mobile agents visiting your computer. We argue that instead of trusting an external authority to guarantee that the agent is correct/benign or that your local resources have all been assigned correct access-restrictions, a more rewarding security policy is to grant the visiting agent access to resources on the assumption that it will do useful work for you and behave as expected.
Not disqualifying agents from doing useful work for you on the grounds that you have no previous experience from them facilitates the introduction of new agents into the market, since trusting the sender is less crucial.
The paper contains a discussion on the security approach taken in most of today's agent systems and how security is enforced by Intrusion Detection Systems. We give a rationale for using an interactive Personal Security Assistant as an aid for detecting malicious agents visiting end-user agent environments and sketch the architecture and design criteria of such an assistant. We discuss how malicious programs could be identified and mention some preliminary experiments with Java-applets. 4/17/96
Paper: Colusa Software Whitepaper: Omniware: A Universal Substrate for Mobile Code Colusa Software, Pittsburgh PA. Colusa Software's (founded in March 94, acquired by Microsoft in March 96) principal product, Omniware, enables software developers to take code components written in existing programming languages such as C and C++ and create highly efficient, processor-independent client-side components for the Internet and intranet environments. Colusa's unique method for memory protection, known as Software Fault Isolation, allows users to download programs safely from the Internet and run the programs in a fully protected memory space (even when pointers are used). Microsoft plans to incorporate the Colusa technologies in future versions of its Internet and development tools products. 3/28/96
Joeseph Tardo and Luis Valente. Mobile agent security and Telescript , IEEE CompCon, 1996. 1/16/96
Sun Labs has built most of the concepts of Safe-Tcl into Tcl 7.5 , now available in as an alpha release. In addition to running on PCs and Macs (with a Motif look and feel), this new version lets you dynamically load binaries and create additional interpreters and execute untrusted scripts using a generalization of Borenstein's and Rose's Safe-Tcl. Ray Johnson (Raymond.Johnson@Eng.Sun.COM) reports that they have some examples of it running with a web browser and are considering creating a Netscape Plug-in to run safe Tcl scripts (See http://www.sunlabs.com:80/research/tcl/java.html for a discussion of the relationship between Tcl/Tk and Java) and planning on doing some work with Safe-Tk. 1/16/95
Secret Agents -- A Security Architecture for the KQML Agent Communication Language, Chelliah Thirunavukkarasu (EIT), Tim Finin (UMBC) and James Mayfield (UMBC), October 1995. 200K bytes postscript. (Draft submitted to the CIKM'95 Intelligent Information Agents Workshop, Baltimore, December 1995.)
The Things that Go Bump in the Net -- an informal survey of some of the more colorful beasts in the menagerie of security and related problems in networky and agenty systems. 7/13/95

[an error occurred while processing this directive] Wednesday, 05-Mar-1997 21:20:07 EST