skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: SAS: A Secure Aglet Server

Abstract

Despite the fact that mobile agents have received increasing attention in various research efforts, the use of the paradigm in practical applications has yet to fully emerge. With the presence of infrastructure to support the development of mobile agent applications, security concerns act as the primary deterrent against such trends. Numerous studies have been conducted to address the security issues of mobile agents with a strong focus on the theoretical aspect of the problem. This work attempts to bridge the gap from theory to practice by analyzing the security mechanisms available in Aglet. We herein propose several mechanisms, stemming from theoretical advancements, intended to protect both agents and hosts in order to foster the development of business applications that fully exploit the benefits of agent technology. The proposed mechanisms lay the foundation for implementation of application specific protocols dotted with access control, secured communication and ability to detect tampering of agent data. We demonstrate our contribution through application scenarios of a prototyped Information Retrieval system.

Authors:
 [1];  [2];  [1];  [2]
  1. Pennsylvania State University
  2. ORNL
Publication Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
Work for Others (WFO)
OSTI Identifier:
931527
DOE Contract Number:
DE-AC05-00OR22725
Resource Type:
Conference
Resource Relation:
Conference: Computer Security Conference 2007, Myrtle Beach, SC, SC, USA, 20070411, 20070413
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; BUSINESS; COMMUNICATIONS; COMPUTERS; IMPLEMENTATION; INFORMATION RETRIEVAL; SECURITY

Citation Formats

Jean, Evens, Jiao, Yu, Hurson, Ali R., and Potok, Thomas E. SAS: A Secure Aglet Server. United States: N. p., 2007. Web.
Jean, Evens, Jiao, Yu, Hurson, Ali R., & Potok, Thomas E. SAS: A Secure Aglet Server. United States.
Jean, Evens, Jiao, Yu, Hurson, Ali R., and Potok, Thomas E. 2007. "SAS: A Secure Aglet Server". United States. doi:.
@article{osti_931527,
title = {SAS: A Secure Aglet Server},
author = {Jean, Evens and Jiao, Yu and Hurson, Ali R. and Potok, Thomas E},
abstractNote = {Despite the fact that mobile agents have received increasing attention in various research efforts, the use of the paradigm in practical applications has yet to fully emerge. With the presence of infrastructure to support the development of mobile agent applications, security concerns act as the primary deterrent against such trends. Numerous studies have been conducted to address the security issues of mobile agents with a strong focus on the theoretical aspect of the problem. This work attempts to bridge the gap from theory to practice by analyzing the security mechanisms available in Aglet. We herein propose several mechanisms, stemming from theoretical advancements, intended to protect both agents and hosts in order to foster the development of business applications that fully exploit the benefits of agent technology. The proposed mechanisms lay the foundation for implementation of application specific protocols dotted with access control, secured communication and ability to detect tampering of agent data. We demonstrate our contribution through application scenarios of a prototyped Information Retrieval system.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = 2007,
month = 1
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • There is an increasing rise in attacks and security breaches on computer systems. Particularly vulnerable are systems that exchange user names and passwords directly across a network without encryption. These kinds of systems include many commercial-off-the-shelf client/server applications. A secure technique for authenticating computer users and transmitting passwords through the use of a trusted {open_quotes}broker{close_quotes} and public/private keys is described in this paper.
  • The IRCD is an IRC server that was originally distributed by the IRCD Hybrid developer team for use as a server in IRC message over the public Internet. By supporting the IRC protocol defined in the IRC RFC, IRCD allows the users to create and join channels for group or one-to-one text-based instant messaging. It stores information about channels (e.g., whether it is public, secret, or invite-only, the topic set, membership) and users (who is online and what channels they are members of). It receives messages for a specific user or channel and forwards these messages to the targeted destination.more » Since server-to-server communication is also supported, these targeted destinations may be connected to different IRC servers. Messages are exchanged over TCP connections that remain open between the client and the server. The IRCD is being used within the Pervasive Computing Collaboration Environment (PCCE) as the 'chat server' for message exchange over public and private channels. After an LBNLSecureMessaging(PCCE chat) client has been authenticated, the client connects to IRCD with its assigned nickname or 'nick.' The client can then create or join channels for group discussions or one-to-one conversations. These channels can have an initial mode of public or invite-only and the mode may be changed after creation. If a channel is public, any one online can join the discussion; if a channel is invite-only, users can only join if existing members of the channel explicity invite them. Users can be invited to any type of channel and users may be members of multiple channels simultaneously. For use with the PCCE environment, the IRCD application (which was written in C) was ported to Linux and has been tested and installed under Linux Redhat 7.2. The source code was also modified with SSL so that all messages exchanged over the network are encrypted. This modified IRC server also verifies with an authentication server that the client is who he or she claims to be and that this user is authorized to ain access to the IRCD.« less
  • No abstract prepared.
  • No abstract prepared.
  • The CORAL software is widely used at CERN by the LHC experiments to access the data they store on relational databases, such as Oracle. Two new components have recently been added to implement a model involving a middle tier 'CORAL server' deployed close to the database and a tree of 'CORAL server proxies', providing data caching and multiplexing, deployed close to the client. A first implementation of the two new components, released in the summer 2009, is now deployed in the ATLAS online system to read the data needed by the High Level Trigger, allowing the configuration of a farmmore » of several thousand processes. This paper reviews the architecture of the software, its development status and its usage in ATLAS.« less