Securing mobile agents control flow using opaque predicates

Authors:
Anirban Majumdar;Clark Thomborson
Affiliations:
Department of Computer Science, The University of Auckland, Auckland, New Zealand;Department of Computer Science, The University of Auckland, Auckland, New Zealand
Venue:
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part III
Year:
2005

Citing 9
Cited 1

Precise flow-insensitive may-alias analysis is NP-hard

ACM Transactions on Programming Languages and Systems (TOPLAS)
Manufacturing cheap, resilient, and stealthy opaque constructs

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Pointer analysis for multithreaded programs

Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Compositional pointer and escape analysis for Java programs

Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Interprocedural pointer alias analysis

ACM Transactions on Programming Languages and Systems (TOPLAS)
Pointer and escape analysis for multithreaded programs

PPoPP '01 Proceedings of the eighth ACM SIGPLAN symposium on Principles and practices of parallel programming
Protection of Software-Based Survivability Mechanisms

DSN '01 Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS)
Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts

Mobile Agents and Security
Protecting Mobile Agents Against Malicious Hosts

Mobile Agents and Security

Opaque predicates detection by abstract interpretation

AMAST'06 Proceedings of the 11th international conference on Algebraic Methodology and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Mobile agent technology is an evolving paradigm that combines the inherent characteristics of intelligent agents, namely, adaptability, reactivity and autonomy with mobility. These characteristics of mobile agents provide an excellent means of meeting the distributed and heterogeneous requirements for many electronic commerce applications involving low bandwidth and intermittently connected networks. However, the lack of security in the form of code confidentiality renders this paradigm unsuitable for commercial software. In this paper, we address the problem of mobile agent security by proposing a novel method of mobile agent obfuscation using the concept of opaque predicates to prevent adversaries from observing the control flow of agent code. We discuss about the efficiency of our proposed methodology by demonstrating that to an adversary, the problem of determining the outcome of such opaque predicates is often intractable.