SECURITY FOR MOBILE AGENTS Vipin Swarup The MITRE Corporation, 202 Burlington Road, Bedford, MA 01730-1420 Tel: 617-271-2354; FAX: 617-271-3816; E-mail: swarup@mitre.org Funded by the MITRE-Supported Research Program. Joint work with W. M. Farmer and J. D. Guttman. Currently, distributed systems employ models in which processes are statically attached to hosts. Threats, vulnerabilities, and countermeasures for these systems have been studied extensively and sophisticated distributed system security architectures have been designed. Mobile agent technology extends this model by including mobile processes, i.e., processes which can autonomously migrate to new hosts. Although numerous benefits are expected, this extension results in new security threats from malicious agents and hosts [1]. The primary added complication is this: As an agent traverses multiple machines that are trusted to different degrees, its state can change in ways that adversely impact its functionality. Several security goals for mobile agent systems appear impossible to achieve. For instance, there appears to be no reliable way to authenticate interpreters, to ensure that interpreters will run agents correctly, or to keep the code and data of agents private. Other goals are achievable using familiar techniques for distributed system security. For instance, an interpreter can authenticate the author and sender of an agent, check the integrity of an agent's code, and ensure agent privacy during transmission. Yet other goals appear achievable with the development of special techniques. For instance, special techniques might permit senders to restrict the authority of their agents in a flexible manner and enable interpreters to check that agents are in safe states. We are developing a mobile agent security architecture [2] that extends an existing distributed system security architecture with special mechanisms that provide security in the presence of migrating stateful agents. Events in an agent's life cause complex trust relationships between principals, e.g., the trust placed by an author and a sender in an agent. When an agent requests an operation on a resource, the interpreter uses its access rules and these trust relationships to derive authorization for the request. A novel aspect of our architecture is a "state appraisal" mechanism that protects against attacks via agent state modification and that enables an agent's privilege to be dependent on its current state. Checking the integrity of an agent's state is difficult since the state can change during execution and hence cannot be signed. Our agents carry a state appraisal function that checks whether the agent's state meets expected state invariants; the function returns a set of permits based on the agent's current state. Our emphasis is on agents written by known software developers and our techniques will protect both mobile agent applications and the hosts that support them. As a concrete application of these techniques, we are securing an intrusion protection system under development that uses mobile agents ("cybercops") to collect data, detect electronic attacks, and respond to suspected attacks. The use of mobile agents results in a flexible, dynamic protection system; for instance, the system can alter the amount of data collected depending on its current level of suspicion and can support network management functions that respond to suspected attacks. [1] "Security for Mobile Agents: Issues and Requirements", William M. Farmer, Joshua D. Guttman, and Vipin Swarup; To appear in the Proceedings of the National Information Systems Security Conference (NISSC), October 1996. [2] "Security for Mobile Agents: Authentication and State Appraisal", William M. Farmer, Joshua D. Guttman, and Vipin Swarup; To appear in the Proceedings of the European Symposium on Research in Computer Security (ESORICS), September 1996.