More than 3000 engineers find our updates useful. You can get them at your mail box!
Search your paper presentation and project titles:

Department/Area of interest: ( To list the projects / paper presentations)

Mechanical               Scada technology              Communication             Computer science           Alternative energy
Electrical                  Robotics                        Biometrics                     Artificial intelligence             Electronics

Paper presentation: Network management system NMS


Computers offer the possibilities of integrated control, process optimisation, enhanced operator interfaces, data concentration, data storage and systematic approach to Network Management. This led to using programming concepts in various industrial applications. Telecomm industry is one of the widely influenced ones with the idea of computerising various jobs, which otherwise require a large group of technically trained professionals. Telecomm Network Management System (TNMS) is one of such applications dealing with Telecomm Network Manager’s (TNM) duties. TNMS uses the client-server concept, with remote procedure calls as the standard way of interaction. Script languages have emerged that explicitly support agent-oriented programming - in that they make available easy-to-use programming constructs to build autonomous objects. These objects not only may accumulate knowledge and perform reasoning, but also may also migrate between host machines by their own decision. All agent-based systems, impressive as their potential benefits may rightly seem, may, however, be jeopardized in a commercial world by the lack of appropriate security mechanisms. This paper analyses the security aspects of the current state-of-the-art TNMS and shows the problems of using mobile-agents in today’s scenario. Indeed, most agent systems do not address error recovery and auditing, privacy, and various aspects of trust among the participants. The aim of this paper is not to discuss the idea underlying mobile agents in general: only issues related to safety, security, and reliability is considered.

Intelligent agents have become fashionable again in the late nineties, not only within the artificial intelligence community and in the popular press but also in traditional computer science communities. Whereas current commercial solutions for distributed processing are mostly centered on the client-server concept, with remote procedure calls as the standard way of interaction, script languages have emerged that explicitly support agent-oriented programming. Especially in telecommunication applications, where the instant provision of new services and the customization of existing services become critical issues, agents will become to an increasing degree an essential aspect in the design of new networks to handle the ever-increasing complexity.
This paper will focus on the “mobility” attribute of intelligent agents and thus uses the term mobile agent to denote an autonomous mobile object to which a user delegates some or all of her decision-making in the respective problem domain, and that is able to move around an electronic network, communicating with other such active objects by means of message passing. First the evolution of TNMS is described followed by the roles of manager and agent. The next section discusses the security issues of the agent-based systems followed by problems and possible attacks in such systems. These sections also discuss the possible solutions offered and the loopholes existing in these techniques leading to a conclusion that it won’t be a wise step to fully open Telecommunications networks for agents at this point.

1.1    Telecommunications Systems
For today’s communication needs, a Telecommunications networks consisting of just wires and mechanical switches, cannot be sufficient. Today’s systems carry out quite complex functions that are implemented mostly in the form of software. Thus, TNMs are becoming more and more confronted with the challenge of managing a software-based, distributed system of growing complexity.
On the top of it, today’s communication applications are expected to have the following characteristics:
•    Highly distributed and heterogeneous: since Telecommunications networks work worldwide, a large number of operators have to interact; many of them use different equipment and transmission techniques (standard cable, fiber optics, radio communication, satellites, etc.).
•    Safety critical: since our society depends on the proper functioning of these networks. The most efficient way to paralyze an industrial country is probably to interrupt its information infrastructure. Even short-time breakdowns can be disastrous, for instance when failing to process an emergency call.
•    Continuously running: since Telecommunications networks cannot be halted for examination, debugging, or rebooting.
•    Fault-tolerant:  since faults and malfunctions within the system or at the customer’s site will always happen; such events, however, must not cause the whole network to crash.
•    Meets real-time requirements:  because setting up a (world-wide) call cannot take arbitrarily long.
Setting up and running such a network is a true technical challenge; it actually is getting harder and harder, since the complexity of services is constantly growing: more and more, mostly software-based features and services are being added—in parallel, the problems involved with running those systems increase. This led to the evolution of networks in the direction of large, high-speed networks, consisting of diverse equipment and supporting mobility. The capability to dynamically place control and management software processes at the most appropriate location will have significant impact on the architecture and the related (signaling) protocols of telecommunication systems. So developed the agent-manager concept, a paradigm leading to TNMS. TNMS makes agent and manager as two separate modules. The ability of agents to handle heterogeneous environments, the potentially adjustable (small) footprint of an agent, and the potential to dispatch and activate agents as necessary during problem resolution are properties useful for network management. Telecom companies, and in particular France Telecom, are building infrastructures to allow software agents to provide more and more sophisticated services to multiple users. This strong interest resulted also into an activity to standardize agent systems: the Foundation for Intelligent Physical Agents (FIPA).

1.2 Functions Of Manager And Agent
The TNMS concept of agent-manager relation is similar to Client/Server, but with few clients, and many servers (where the agent acts as a server and the manager acts as a client). It can be viewed as a Manager/Employee relationship in the real world.
The Manager:
•    Makes decisions about what the agents are suppose to do.
•    Gives orders to the various agents in order to make the network function smoothly.
•    Must monitor agents, and administer relational tasks between agents.
Agents are employed in
•    The construction of “smart” networks
•    Routing or filtering messages sent to a user
•    Seeking information or services on the user’s behalf.
All agent-based systems, impressive as their potential benefits may rightly seem, may, however, be jeopardized in a commercial world by the lack of appropriate security mechanisms. Indeed, most agent systems do not address error recovery and auditing, privacy, and various aspects of trust among the participants.

2. Security Issues Of Agent-Based Systems
         Network safety, security, and reliability are crucial issues for a Telecomm Network
Manager (TNM). Mobile agents are certainly a potential security threat. TNMs must therefore critically evaluate agent-based scenarios before actually thinking about introducing them for commercial applications. Although many promoters of mobile agent technology acknowledge that security represents a key factor for the successful employment, they tend to ignore it in their work:
               Security against mobile agents is a very big issue or a red herring
              depending on what one is trying to do (Virdhagriswaran, 1997).
Whereas a first generation of mobile agents has been written in languages such as Telescript and Safe Tcl/Tk, the omni-presence of Java, mainly due to its platform-independent executables fetchable from the network, makes it a prime platform for the implementation of agent systems. Aglets (IBM) (Lange & Oshima, 1998), Concordia (Mitsubishi) (Castillo et al., 1998), Odyssey (General Magic), and Voyager (Open Space), all developed within industry, are examples of recent Java-based agent languages/environments. This means that on the one hand agents have potential access to all Java class files on the host; on the other hand they rely on the security of the Java interpreter for their proper execution. Thus, agent security and Java security go hand in hand. All the security concerns raised about Java also affect the safe execution of agents. A small, local bug in the implementation of the hosting Java interpreter will affect the security of the entire agent system. Even more problematic is the fact that there are also threats that originate in malicious hosts. For example, if there is no mechanism to prevent attacks, a host can implant its own tasks into an agent or modify the agent’s state. This
can lead in turn to theft of the agent’s resources if it has to pay for the execution of tasks or to loss of the agent’s reputation if its state changes from one host to another in ways that alter its behavior in negative ways. Taking together, the problems that arise in an agent-scenario can be divided into three categories:
•    Protecting hosts in a network.
•    Protecting the agents.
•    Protecting the network itself.
The next sections describe and suggest solutions to these three categories of problems.

2.1 Attacks On Hosts By The Visiting Agents
The most important law of system security reads Never, ever run code from un-trusted sources. In most companies this means that employees are not allowed to use software that did not come through the standard channels. A number of new technologies are already contradicting to this principle, for instance Java and ActiveX. The only control such technologies leave over incoming code is that they have to be actively downloaded, but agents can even move by themselves. An agent-based scenario must therefore provide a very convincing solution to the problem of protecting itself from malicious agents.
The suggested remedy for such a problem, currently the most popular one, is the Sandbox Approach. The idea is rather simple: an agent cannot control a machine, if it runs in a “sandbox” that blocks access to the outside (i.e.: the real machine): the sandbox offers as much functionality to a program running inside as one wants to grant. Several approaches like Java, Tele-script or follow this idea, all in somewhat different technical details.
Sandbox approaches aim at protecting a host from foreign code by setting up a restricted execution environment for the incoming code. Although this always trades functionality for security, it is a good approach in principle. It is important that such a sandbox comes with a clear security model and a security policy. This is indispensable for actually judging the risk that is involved with providing the sandbox. The most popular approach today is the Java virtual machine. Thus the efficiency of this approach invariably depends on JVM’s efficiency. While this might be acceptable for settings where the potential damage by abuse is low, for use within a Telecommunications network extra care has to be taken.

2.2 Attacks On Agents By The Hosts They Visit
A point that is often overlooked in the literature is the need for protecting an agent from the host it visits. Assume one sends out an agent searching a particular product for a best bid with some upper limit. It would, in principle, be possible that some host where the agent comes along reads this information out and manipulates the agent such that it not looks further and reports back that there is only one vendor, namely the one controlling the manipulating site. This vendor could then offer the product for just a little bit below the limit. Such a possibility is certainly not acceptable. Even worse scenarios are possible if agents had themselves some authority, for instance by being able to spend money.
Protecting agents is also closely connected to protecting network hosts to be visited by agents: if such host is supposed to run an agent, it will want to make sure that the mobile code has not been manipulated to try to abuse the host – unless the host has a foolproof runtime system for agents.
Cryptographic methods like digital signatures, authentication, and encryption schemes, particularly those based on public keys, seem like what is needed for protecting agents against manipulation. Unfortunately, such techniques sort of contradict to the spirit of agents. The source of the problem is that an agent must instruct the current host to perform any operations, rather than being able to act on it. Thus an agent cannot carry any secrets on its journey because of two reasons:
                       - the agent must be readable to the host
                       - for using such a secret it had to be passed to the run time environment of                         a visited host.
There is only one possible solution separating an agent into a program part and a data part and use cryptographic techniques to sign the program part. This can be useful only in those scenarios where the data part doesn’t carry any important information.

2.3 Attacks On The Network Itself
It is already very difficult to safely design distributed systems with interacting, concurrent processes; agents make the situation even worse, since processes will also move within the network. As observed by a researcher, as a system becomes more complex and more interconnected, it is more likely to exhibit large-scale behaviors that we would not predict from knowledge of the individual elements. Especially when the elements have a life of their own and the environment is highly real-time like Telecomm we can hardly impart a thorough security. It can be expected that agents running in a large distributed system will cause new problems; little experience in this respect has been gained so far. There is a clear need for basic research in this direction; results from software engineering and formal methods are desperately needed.

3. Conclusion

Agent-based software systems are very problematic with respect to security, since the principle of mobile code brings new problems for system security, reliability, and safety. Not very long ago, there was a widespread belief that an interpreted program is already a safe program. However, over time, mobile agent people became concerned about security and regard it today to be one of the biggest obstacles that have prevented wider employment of mobile agents. There are three basic problems in agent-based systems: firstly, the hosts must be protected from potentially harmful agents, second, the roaming agents must be protected against manipulation from the visited hosts, and third the overall behavior of an agent-based system must be controlled. Although, in principle, it is possible to secure a host against mobile agents, the price might be very high: hardware-based protection, reduced flexibility, and high cost. It is fundamentally impossible to protect an agent against a malicious host if no trusted hardware is available. There is a need for security profiles for agent execution environments to make informed judgments about tradeoffs between security and other desired features. The current state-of-the-art still fails to deliver an acceptable approach to cope with these problems: available technology (like sandbox-approaches, cryptography) can cover only certain aspects, and even fails to solve these aspects sufficiently. A sound overall concept to cope with the problems seems not yet in sight. Mobile agents constitute an active research field and security of mobile code is (still) an area for further research. It seems therefore prohibitive to fully opening Telecommunications networks for agents at this point. Even running only proprietary agents within controlled and isolated networks seems risky, since there is in practice no way to rigorously control a network beyond a certain size. It is not sufficient to come up with attractive applications based on mobile agents. What is also needed is an applicable concept for coping with the inherent security problems. Such an overall concept must meet very strong requirements, otherwise it will not be accepted where real money comes into play.
Clearly, no running system can be 100% secure, and one has to compromise. In companies, however, compromises are governed by economic considerations: the potential earning must (at least in the long run) outweigh the costs, and the risk involved must be assessable. Thus, from a TNM’s perspective, the future of commercial applications of mobile agents is hardly predictable; what is predictable, however, is a promising future for security experts.

•    PLU, M. 1998. Software Technologies for Building Agent Based Systems in Telecommunication Networks.
•    FORD, W. 1994. Computer Communications Security. Prentice-Hall.
•    VIGNA, G. (ed). 1998. Mobile Agents and Security. Lecture Notes in Computer Science,  Springer.
•    TARDO, J.,&VALENTE, L. 1996. Mobile agent security and Telescript IEEE CompCon ’96.
•    SCHOONDERWOERD, R., HOLLAND,O.,&BRUTEN, J. 1997. Ant-like Agents for Load Balancing in Telecommunications Networks. In: Agents’97. ACM Press.
•    VIRDHAGRISWARAN,SANKAR. 1997 (Jan.). Agents–State of The Art & The Incredible Future.,
•    VITEK, J., & JENSEN, C. (eds). 1999. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Lecture Notes in Computer Science, no. 1603. Springer.

Intense Debate Comments