Security of mobile agent platforms using RBAC based on dynamic role assignment

Abstract

Mobile agent technology is a new trend in the network computing. It succeeds to capture researchers' and industry's interests long time ago, due to its innovative capabilities and attractive applications. Mobile agents are self-contained data and software modules, able to autonomously move from one host to another across the network, in order to perform their tasks and eventually return to their initiators. Despite their several qualities that make them suitable for various disciplines, where autonomy, dynamism and flexibility are strongly recommended, mobile agents still suffer from some limitations mainly related to the security issues raised by mobility. In this paper, we propose a novel approach to address the security problems evoked by platforms hosting mobile agents, particularly those caused by unauthorized access attacks. Our approach introduces a robust security policy for a Hospital, where a flexible role-based access control model (RBAC) is used and simulated as a set of cooperative agents. We implant a privilege management infrastructure (PMI) charged with issuing attribute certificates based on elliptic curve cryptography, in order to provide this model with a dynamic role assignment. Finally, practical experiments are conducted to evaluate our approach and prove its effectiveness, reliability and security.