Research Doctorate - Doctor of Philosophy (PhD) / Mobile agents are programs that travel autonomously through a computer network in order to perform some computation or gather information on behalf of a human user or an application. In the last several years numerous applications of mobile agents have emerged, including e-commerce. However, mobile agent paradigm introduces a number of security threats both to the agents themselves and to the servers that they visit. This thesis gives an overview of the main security issues related to the mobile agent paradigm. The first part of the thesis focuses on security of mobile agent itself. In this part, we propose a new coupling technique based on trust as a social control to work together with existing traditional security mechanisms. It relies on the “reputation” of the hosts in the itinerary and ensures that the agent succeeds in accomplishing its task with a high probability. Due to the fact that the coupling technique requires an agent’s itinerary to be known in advance, we introduce two new concepts: a “Scout mobile agent”, whose primary purpose is to determine the itinerary required for accomplishing a given task, and a “Routed mobile agent”, which operates with an itinerary known in advance. This enables the Routed agent to incorporate various security mechanisms, including our new coupling technique. Our Routed agent technique is also applicable independently of the Scout agent, whenever the itinerary and the trust values of the platforms in the itinerary are known. We also proposed a Petrol Station as an entity that would provide a service to other entities, in the form of certifying mobile agents and equipping them with safe itinerary based on trust score and applying the Routed agent. In the second part of the thesis, we shed some light on the security of mobile agent platforms as it is considered more critical than the security of agents. In particular, we consider a scenario where a platform hosts a database containing confidential individual information and allows mobile agentstoquery the data base. This mobile agent maybe behave maliciously which is similar to an intruder in the Statistical Disclosure Control(SDC), where measuring disclosure risk is still considered as a difficult and only partly solved problem[111]. We introduce a scenario that is not adequately covered by any of the previous discloser risk measures. Shannon’s entropy can be considered a satisfactory measure for the disclosure risk that is related to the exact compromise. However, in the case of approximate compromise, we argue that Shannon’s entropy does not express precisely the intruder’s knowledge about a particular confidential value. We introduce a novel disclosure risk measure that is based on Shannon’s entropy but covers both exact and approximate compromise. The main advantage of our measure over previously proposed measures that it gives careful consideration to the attribute values in addition to the probabilities with which the values occur. We use a dynamic programming algorithm to calculate the disclosure risk for various levels of approximate compromise. Importantly, our proposed measure is independent of the applied SDC technique. Finally, we show how this measure can be used to evaluate the security mechanisms for protecting privacy in statistical databases and data mining. We conduct extensive experiments and apply our proposed security measure to three different data sets protected by three different SDC techniques, namely Sampling, Query Restriction, and Noise Addition.
Identifer | oai:union.ndltd.org:ADTP/243407 |
Date | January 2009 |
Creators | Alfalayleh, Mousa |
Source Sets | Australiasian Digital Theses Program |
Language | English |
Detected Language | English |
Rights | Copyright 2009 Mousa Alfalayleh |
Page generated in 0.0013 seconds