CN100403750C - Self-splitting cooperation protection scheme for mobile proxy groups - Google Patents

Self-splitting cooperation protection scheme for mobile proxy groups Download PDF

Info

Publication number
CN100403750C
CN100403750C CNB2005100379610A CN200510037961A CN100403750C CN 100403750 C CN100403750 C CN 100403750C CN B2005100379610 A CNB2005100379610 A CN B2005100379610A CN 200510037961 A CN200510037961 A CN 200510037961A CN 100403750 C CN100403750 C CN 100403750C
Authority
CN
China
Prior art keywords
agency
task
mobile agent
agent group
chief creating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2005100379610A
Other languages
Chinese (zh)
Other versions
CN1655554A (en
Inventor
王汝传
黄海平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post & Telecommunication College
Nanjing Post and Telecommunication University
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing Post & Telecommunication College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post & Telecommunication College filed Critical Nanjing Post & Telecommunication College
Priority to CNB2005100379610A priority Critical patent/CN100403750C/en
Publication of CN1655554A publication Critical patent/CN1655554A/en
Application granted granted Critical
Publication of CN100403750C publication Critical patent/CN100403750C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a self-splitting cooperation protection scheme for mobile agency groups, which is a safe solving scheme of distributed computing in open network environment. The scheme is mainly used for solving safety problems of mobile agency, and the scheme is characterized in that the mobile agency is subdivided according to the content and the property of tasks, architecture of the mobile agency groups is formed according to integral modes, corresponding agency or task splitting strategies are embedded, and the scheme is combined with traditional safety mechanism; each auxiliary agency cooperatively generates a self-protection mechanism through the commanding coordination of a main agency, and the dispatched tasks are completed in unsafe network and execution host environment. The scheme comprises three parts, namely a creating scheme of the mobile agency groups, a roaming scheme of the mobile agency groups and a final executive scheme of the mobile agency groups. The scheme solves the safety problem for protecting the mobile agency; the present invention is combined with existing protecting measures in use, and the mobile agency is effectively prevented from being attacked by malicious hosts or other malicious entities.

Description

A kind of mobile agent group cut apart the cooperation guard method certainly
Technical field
The present invention is a kind of in open network environment, the security solution method of Distributed Calculation.Be mainly used in the safety problem that solves mobile agent, belong to the Distributed Calculation technical field of software security.
Background technology
Mobile proxy technology is a kind of emerging technology that occurs along with the development of Internet (internet), and it has adapted to the characteristics of Internet preferably, effectively simplifies design, realization and the maintenance of distributed system.In general, mobile agent is meant one section independently computer program, and it is according to certain rules, can be autonomous on the network of isomery, move, representative of consumer is finished specific task.The advantage of mobile agent mainly contains 2 points: on the one hand, it has realized calculating to the drawing close of resource requirement, and this can save the bandwidth of network and have asynchronous feature; On the other hand, permission program dynamically is published to main frame.
Because the plurality of advantages of mobile agent, it all has application promise in clinical practice at the aspects such as intelligent retrieval of ecommerce, network management, mobile computing, Internet information, and the research of mobile proxy technology is just being become one of focus of academia and industrial quarters.The key technology of mobile agent comprises mobile mechanism, communication mechanism and security mechanism.Fail safe is one of widely used key factor of restriction mobile proxy technology, and the safety problem of therefore studying mobile agent is significant.
The safety problem of mobile agent mainly comprises three aspects: the mobile agent (2) in (1) protection transmission is to the protection of protection (3) mobile agent self of other execution environment.At present to the research of preceding two aspects existing many achievements, for example methods such as sandbox model, encrypted signature, check transmission code.Yet the research to the mobile agent autoprotection also is in the elementary step; because mobile agent and the safety requirements of carrying out between the main frame should be symmetrical; but the control to separately resource, data and service is asymmetric---agency entrained content and information be controlled and be easy to grasp to main frame can fully to the agency; also just emitting the danger of being distorted, scanning or even stop by malicious host, these have brought certain degree of difficulty obviously for the solution of problem.The general strategy that adopts mainly is to use cryptographic method.
But be inadequate only, still need new technology, method and guarantee that mobile agent is not subjected to the attack that malice is carried out main frame with cryptographic method.
Malicious host attack is analyzed:
Mobile agent must move on destination host, so its code and data all are visible for destination host.If destination host is a malice, perhaps victim is occupied or pretended, and it may carry out following several attack to mobile agent: the task of 1. can only destroy or stop mobile agent is carried out; 2. malicious host can be stolen the entrained key information of mobile agent entrained useful information, especially mobile agent etc.; 3. malicious host can be revised the entrained data of mobile agent; Or the like.
Essential distinction between mobile agent group and the many intelligent agents:
Mobile agent group in this method comprises polytype mobile agent, and they and many intelligent agents have significant difference, and the former emphasizes the realization technology that code moves, and is more common in distributed network and calculates; The latter then lays particular emphasis on the intelligent and social of main body, is applied to artificial intelligence (Artificial Intelligence is called for short AI) field more.Mobile agent group is not the simple addition of a plurality of mobile agents, and it relates to the problems such as mode of operation, architecture, division of tasks, cooperation and communication mechanism, security mechanism of mobile agent, is an important expansion to mobile proxy technology.
Summary of the invention
Technical problem: what the purpose of this invention is to provide a kind of mobile agent group (Mobile Agent Group) cuts apart the cooperation guard method certainly, solves the safety problem of protection mobile agent.Be used in combination with existing safeguard measure, effectively protect mobile agent to avoid the attack of malicious host or other malicious entities.
Technical method: the present invention is a kind of method of tactic, based on mobile agent group, by from partitioning algorithm and strategy, independently or the task of finishing source host of collaborative and realize self-protection.The notion of several relevant " mobile agent securities " has completely newly been proposed.
Mobile agent group (Mobile Agent Group): by the integral body that all multi-mobile agents are formed, these agencies are equipped with identical or different data, function and task, cut apart with cooperating process in playing the part of the role of different position.Generally speaking, chief creating agency (Original-Master Mobile Agent) is the manager of group, for the chief creating agency, all the other mobile agents are attached agency (Attached MobileAgent), what be worth emphasizing is, may also have secondary chief creating agency in the mobile agent group, it is specified by the chief creating agency, and its function is to help the chief creating agency that attached agency is managed;
From cutting apart (Autonomous Separation): in view of task executions character and process, according to certain partitioning algorithm or strategy, by the self-contained splicing mechanism of chief creating agency or mobile agent group, coordinate whole the cutting apart of group of acting on behalf of, it is independently individual to make that attached agency becomes, and they are with task collaborative or that independently finish the source host assignment.
Chief creating agency (Original-Master Mobile Agent): the manager of mobile agent group, it is directly created by source host, generally has more function, carries even more important data message, be responsible for acting on behalf of cutting apart of group, and the collaborative harmonious work of attached agency of commander; The chief creating agency has the function of nullifying attached agency, and it can be divided into high intelligent chief creating agency and little intelligent chief creating agency again.
High intelligent chief creating agency (Intelligent Original-Master Mobile Agent): create by source host, have complicated framework and function, this agency's high intelligence mainly is embodied in it and can independently creates the simple attached agency of function according to the character and the implementation status of task, is responsible for cutting apart certainly and commanding its co-ordination of mobile agent group.
Little intelligent chief creating agency (Tiny-intelligent Original-Master Mobile Agent): create by source host, have than the attached more function of acting on behalf of, do not possess the ability of creating attached agency, that just is responsible for mobile agent group cuts apart work with coordinative command certainly.
Attached agency (Attached Mobile Agent): be responsible for establishment by source host or high intelligent chief creating agency; be attached to the chief creating agency; the numerous species type is arranged; can be task agent (for example being responsible for the task agent of search commercial articles optimum price quotation), supervision agency (agency of tracking and monitoring malicious host information), communication agent (being responsible for the communication between chief creating agency or other task agent) and guard agency (safety verification of responsible main frame is protected the safety of chief creating agency in roaming simultaneously).
One, architecture
Fig. 1 has provided the architecture of a kind of typical mobile agent group.Mobile agent group is not the simple combination of various mobile agents, but an organic whole, the chief creating agency is the core and the soul of mobile agent group, it will be commanded, and attached agency is harmonious to finish the work.There are special integration mechanism and division of tasks mechanism in mobile agent group.
Two, integration mechanism
Integration mechanism can adopt classification tree pattern formula, net type compositional model and the tree net type combined group three kinds of structures that become the mode.(a) and (b) among Fig. 2, (c) figure describe these three kinds of compositional models respectively.Tree type intergration model: chief creating agency is overall goals, the complexity that will finish the work, interior each the attached agency's of group of this group the enriching one's knowledge of the current environment of living in of ability and group clearly, may there be secondary chief creating agency, can according to each mobile agent behavior and they in the group each other influence and the influence of entire system behavior worked in coordination with and organizes, have central controlled mechanism; Net type intergration model: this pattern is easy to the expansion of group, and the chief creating agency of high intelligence can independently create a plurality of simple attached agencies, and each agency's communication cooperation can freedom be carried out easily in the group simultaneously; Tree net type intergration model: this hybrid structure of organizing is owing to the advantage that combines tree type, two kinds of patterns of net type, thereby has tree net duality, the execution performance of group is improved, the chief creating agency can utilize auxiliary its of secondary chief creating agency to manage, thereby avoided chief creating to act on behalf of central controlled usefulness bottleneck problem, but do not weaken the centralized control of group, and net type topology is of value to the expansion of group, has increased independence and flexibility.So tree net type intergration model is a kind of intergration model of the tool potentiality of mobile agent group.
Three, from splicing mechanism
From splicing mechanism be guarantee mobile agent group safety, efficiently, the key technology of rationally executing the task.Source host can according to the content of task and character arrange in advance mobile agent group from segmentation strategy; Also can create the chief creating agency of high intelligence, make it on the basis of some segmentation strategies, select the combination of the most rational strategy or strategy according to the task executions situation.Below introduce the segmentation strategy of three kinds of mobile agent groups of the present invention's suggestion.
(1) finds the solution formula mobile agent group segmentation strategy
This segmentation strategy is merged into a linear programming problem to the assigning process of each attached agency's separation and subtask, for the distribution of complex task provides a feasible method.Its juche idea is according to each attached agency's function and characteristics, the condition form that should satisfy in the Task Distribution process is turned to one group of constraints, execution and communication overhead with group is defined as group's expense function again, ask the minimum value of overhead function under one group of constraints with linear programming method at last, the task execution plan that obtains under this minimum value is exactly final Task Distribution result, that is to say that each attached agency becomes how to cooperate behind the independent individual to coordinate the result that finishes the work.
(2) based on the mobile agent group segmentation strategy of queueing theory
The queueing theory dispatching method is suitable for concentrating synergistic mechanism, and this method both can be selected task executions person effectively, the complexity of group is reduced, be easy to realize.Its main thought is: according to each attached agency's function and characteristics, allow its queuing of executing the task, be referred to as service queue, the principle of attached agency's basis that function is identical or close " service earlier first " is carried out the task in the own formation successively.The basis parameter (for example order, degree of secrecy etc.) relevant with its attached agency service formation acted on behalf of in chief creating, between a plurality of attached agency who carries out identical or close service, select the agency of a queue parameter optimum as certain task executions person, and this task is put into chosen agency's service queue end, should attached agency separate again.
The queueing theory scheduling strategy, according to selected queue parameter difference, algorithm also has nothing in common with each other, and more representational have following three kinds: minimum formation algorithm, minimum latency algorithm, historical information algorithm.They serve as the scheduling foundation with length, stand-by period and the attached utilance of acting on behalf of of formation respectively.Certainly, the chief creating agency can be weighted comprehensively these three kinds of algorithms as the case may be.
(3) mark is distinguished mobile agent group segmentation strategy
The segmentation strategy of this mobile agent group is applicable to the distribution between the attached agency of task.Chief creating agency and the attached agency (for example guard agency, communication agent and supervision agency) with specific function no longer participate in the assignment of task.This allocation strategy is paid attention to fail safe especially, and its basic thought is except guaranteeing task assignment and acting on behalf of the reasonability of separating, and is main also in order to protect the safety of the attached agency of the task of carrying confidential information in carrying out main frame.
Step 1: source host (or high intelligent chief creating agency) will be classified to the attached agency of task according to safety requirements, for example be divided into the attached agency of the task of carrying confidential information, must visit carry out host file system (or database etc.) the attached agency of task, transmit attached agency of task of intermediate data information or the like.
Step 2: source host (or high intelligent chief creating agency) will be according to the intergration model (for example setting net type intergration model) of mobile agent group, rejecting has after the attached agency of specific function, is converted into topology diagram in the graph theory according to certain changing the mechanism.
Step 3: source host (or high intelligent chief creating agency) carries out mark according to step 1 sorting result to the attached agency of dissimilar tasks, purpose is the attached agency of the task of same kind to be made a distinction make its energy when carrying out separate, that is to say and reduce the continuity that the similar information of executing the task is transmitted, make that execution is safer; Especially for the attached agency of the task of carrying confidential information, the method for independent subset that can be by seeking maximum weights in the topology diagram (weights can be represented executive overhead) is reduced to its polymerism minimum; Be aided with the method that secret cuts apart and greatly strengthen fail safe, effectively avoid carrying out the malice attempt of main frame.
Four, cooperation protection security mechanism
Cooperation protection security mechanism will be by means of some traditional guard methods, for example cryptographic method.
At first be encryption and the digital signature protection mechanism of source host to mobile agent group.The chief creating agency may carry the confidential information of source host, so encryption mechanism is indispensable; Mobile agent group also may roam to the destination host of the relation of breaking the wall of mistrust and execute the task, so need the digital signature of source host to realize the authentication of identity.Also may involve the encryption of some mission bit streams, for example secret task executions.
Next is that the guard acts on behalf of the protection mechanism to mobile agent group.Guard agency is the important component part of mobile agent group, is a kind of specifically functional attached agency of ensureing that mobile agent is executed the task of being used to, and its essence can be a kind of Proxy (agency) framework.The security service that it provided is the transparent security service of system-level, the storehouse level or object level.The guard agency is created and is closely followed the chief creating agency when creating mobile agent group by source host, can be by expanding to satisfy more needs.It must verify and monitor the host node that mobile agent group will visit, and guarantees the consistency of workflow by the state of differentiating task agent.
Be supervision agency and chief creating agency's cooperation protection mechanism once more.Main tracking and the supervision of being responsible for afterwards of supervision agency though be a kind of passive protected mode, can effectively be followed the trail of the conduct of malicious host, for source host is striven for legal rights and interests.
The 4th is chief creating agency and the attached agency's of task cooperation protection mechanism.By means of methods such as traditional encryption and digital signature, take multiple strategy, can effectively resist the attack of malicious host.For example confidential information is disperseed to be loaded on the attached agency of each task, perhaps make the attached agency of task of same kind when carrying out, keep independence, avoid the independence of communication data and information by specific segmentation strategy; For example in ecommerce, the parallel search of a plurality of mobile agents can solve the safety problem that malicious host is distorted quotation for the sole placing agency pattern; Again for example, in routing safety, the multirouting mobile agent can guarantee finishing smoothly of task in hostile network.
Concrete complete guard method is:
Mobile agent is segmented according to the content and the character of task, the architecture of forming mobile agent group according to intergration model, embed corresponding agency or division of tasks strategy, and combine with traditional security mechanism, orchestration by the chief creating mobile agent, make the generation self-protective mechanism of each attached proxy collaboration, at unsafe network with carry out in the hosted environment and finish assigned tasks; Its method is divided into three parts, that is: the final manner of execution of the loaming method of the creation method of mobile agent group, mobile agent group and mobile agent group is specific as follows:
The creation method of mobile agent group:
1) content, character and the complexity that set the tasks according to self-demand (demand of for example purchasing demand, search information etc.) of source host, this task is the single task role or the combination of a plurality of tasks;
2) according to the character and the complexity of task, source host is created the chief creating mobile agent, this agency is high intelligent chief creating mobile agent or little intelligent chief creating mobile agent, the former creates simple attached agency voluntarily according to task implementation status midway, and the latter only is responsible for cutting apart certainly and orchestration work of mobile agent group;
3) attached agency's establishment: generally speaking, source host need add the guard agency in mobile agent group, is responsible for the safety of the mobile agent group in the protection roaming; The task agent of being responsible for finishing assigned tasks is a most important parts in the mobile agent group, and the attached agency of the type carries the data and the information of source host, and they will be finished the work under chief creating agency's coordination; The attached agency of communication agent and supervision agency and other type then can determine whether sending according to specific circumstances;
4) three kinds of integration mechanisms of the integrated employing of mobile agent group---tree type intergration model, net type intergration model and tree net type intergration model, in these intergration models, source host or chief creating agency will specify secondary chief creating agency;
5) source host is loaded on data necessary information after the mobile agent group, to carry out encryption to the important information in the group, must load digital signature when needing authentication, but simultaneously by of the vital task information encryption of simple encryption and decryption function to function to indicate, to finish the safety protecting mechanism of phase I, send it to roam to destination host at last;
The loaming method of mobile agent group:
1) agency of the chief creating in the mobile agent group will isolate the guard agency, be responsible for the safety of mobile agent group in roam procedure; The All hosts node that it will be visited task agent carries out safety verification, detects the intention of carrying out main frame by the state of differentiating task agent;
2) mobile agent group collects some information of intermediate host node, chief creating the agency will station on a certain trusted main frame of shaking hands in this net territory, if there is not the trusted main frame of shaking hands in this net territory, then select the highest main frame of degree of belief according to the trust degree of guard's agent security checking;
3) the chief creating agency will be according to the attached agency of the autonomous creation task of the character of task, or according to from the segmentation strategy algorithm the attached agency of existing task being distributed to these host node execution information search tasks, the chief creating agency should pay attention to fail safe, validity and the reasonability that task assignment is carried out when cutting apart certainly;
4) when the attached agency of task when intermediate node is executed the task, keep communicate by letter with communication agent in the mobile agent group, act on behalf of to chief creating and report without delay implementation status;
5) after the attached agency of task has collected the information of intermediate node, will return mobile agent group, the chief creating agency will carry out combined analysis to these information, obtain some intermediate object programs; If the attached agency's of task task terminates, the chief creating agency will nullify these agencies;
The final manner of execution of mobile agent group:
1) mobile agent group roam to target carry out main frame near, only send the necessary attached destination host of acting on behalf of of task to carry out corresponding task, or directly move into the execution main frame;
2) chief creating agency will select for use suitable for segmentation strategy, in view of the entrained secret information of task agent, adopt specific algorithm, task assignment is reasonably disperseed secret information simultaneously, produce digital signature if desired, the parameter that produces signature is cut apart and be loaded on attached agency, prevent that malice from carrying out the attack of main frame;
3) chief creating agency will be responsible for the attached agency's of each task harmony and collaborative all the time, and the consistency of assurance workflow is so that the finishing smoothly of task;
4) after task was finished, the chief creating agency was with the combined analysis data and obtain final result, except guard agency and supervision agency, nullified other attached agency, finally returned source host.
Beneficial effect: use this method that following advantage is arranged:
1. realize the segmentation of task, reduced development difficulty
Character that source host can set the tasks according to demand and content, be different from traditional method, various types of agencies will share different roles in the mobile agent group, for example the chief creating agency is responsible for cutting apart and coordinating, the guard acts on behalf of and is responsible for safety verification or the like, the segmentation of task has increased the reasonability that task is carried out and assigned, and has reduced the integrated development difficulty of traditional mobile agent task.
2. multi-functional
There is more complete function in mobile agent group for the sole placing agency pattern---and safety detection, task assignment, attached agency create, follow the trail of supervision, communication session or the like.
3. centralized control is easy to expansion
For the simple addition of a plurality of mobile agents, mobile agent group carries out centralized control by the chief creating agency, and the intergration model of tree net type makes this group be easy to expansion.
4. independence and flexibility
Mobile agent group does not need the participation of source host fully, and chief creating agency's independence has guaranteed that each attached agency can harmonious finishing the work, and integration mechanism and also embodied the flexibility of acting on behalf of group simultaneously from splicing mechanism.
5. fail safe and high efficiency
Mobile agent group is for the sole placing agency pattern, have more fail safe, guard agency and supervision agency are easy to detect the malicious host of cheating, danger when task and secret cutting apart have disperseed the agency to carry out, the communication flows of the distributed parallel of task, rapid solving problem, minimizing and remote source main frame has then improved the efficient when carrying out.
Description of drawings
Fig. 1 is a kind of typical mobile agent architectural framework figure of group.Other attached agencies such as chief creating agency, communication agent, guard agency, supervision agency, task agent have been comprised among the figure.
Fig. 2 is the intergration model of mobile agent group.(a) figure represents the tree type intergration model of mobile agent group among the figure, owing to be hierarchy, the chief creating agency has also specified secondary chief creating agency to carry out the attached agency's of lower floor management, and this is typical focus control mode; (b) figure represents the net type intergration model of mobile agent group, is easy to the expansion of group; (c) figure represents the tree net type intergration model of mobile agent group,
Fig. 3 is the flow process that the guard method of cooperating is cut apart certainly in concrete mobile agent group.
Embodiment
One, the creation method of mobile agent group:
1) content and the character that set the tasks according to self-demand of source host, this task can be a single task role, can be the combination of a plurality of tasks also, for the latter, is more suitable in mobile agent group;
2) according to the character and the complexity of task, source host is created the chief creating mobile agent, this agency can be high intelligent chief creating mobile agent, it also can be little intelligent chief creating mobile agent, the former can create simple attached agency (for example agency of search quotation and average information) voluntarily according to task implementation status midway, and the latter only is responsible for cutting apart certainly and orchestration work of mobile agent group;
3) attached agency's establishment: generally speaking, source host need add guard agency (Police Mobile Agent) in mobile agent group, is responsible for the safety of the mobile agent group in the protection roaming; The task agent of being responsible for finishing assigned tasks is a most important parts in the mobile agent group, and the attached agency of the type carries the data and the information of source host, and they will be finished the work under chief creating agency's coordination; The attached agency of communication agent and supervision agency and other type then can determine whether sending according to specific circumstances;
4) mobile agent group integrated adopts three kinds of integration mechanisms, generally speaking, the existing centralized control mechanism of tree net type intergration model is easy to the expansion of group's topology again, if adopt tree net type intergration model, source host (or chief creating agency) may be specified secondary chief creating agency;
5) source host is loaded on data necessary information after the mobile agent group, will be to the weight in the group
Want information to carry out encryption, must load digital signature when needing authentication, but,, send it to roam to destination host at last to finish the safety protecting mechanism of phase I simultaneously by of the vital task information encryption of simple encryption and decryption function to some function to indicate;
Two, the loaming method of mobile agent group:
1) agency of the chief creating in the mobile agent group will isolate the guard agency, be responsible for the safety of mobile agent group in roam procedure; It must carry out safety verification to the All hosts node that task agent will be visited, and detects the intention of carrying out main frame by the state of differentiating task agent, guarantees the consistency of workflow;
2) mobile agent group may need to collect some information of intermediate host node, chief creating the agency will station on a certain trusted main frame of shaking hands in this net territory, if there is not the trusted main frame of shaking hands in this net territory, then select the highest main frame of degree of belief according to the trust degree of guard's agent security checking;
3) the chief creating agency will be according to the attached agency of the autonomous creation task of the character of task, or according to from the segmentation strategy algorithm the attached agency of existing task being distributed to these host node execution information search tasks, the chief creating agency should pay attention to fail safe, validity and the reasonability that task assignment is carried out when cutting apart certainly;
4) when the attached agency of task when intermediate node is executed the task, may keep communicate by letter with communication agent in the mobile agent group, act on behalf of to chief creating and report without delay implementation status, this has also effectively prevented the attack of malicious host to mobile agent;
5) after the attached agency of task has collected the information of intermediate node, will return mobile agent group, the chief creating agency will carry out combined analysis to these information, obtain some intermediate object programs; If the attached agency's of task task terminates, the chief creating agency will nullify these agencies, thereby alleviate the burden of mobile agent group;
Three, the final manner of execution of mobile agent group:
1) mobile agent group may roam near (a certain trusted main frame in for example same net territory that target is carried out main frame, act on behalf of responsible safety verification by the guard), only distribute the necessary attached destination host of acting on behalf of of task and carry out corresponding task, also may directly move into the execution main frame;
2) chief creating agency will select for use suitable for segmentation strategy, for example in view of the entrained secret information of task agent, adopt specific algorithm, task assignment is reasonably disperseed secret information simultaneously, make that carrying out main frame can't catch the core information of respectively acting on behalf of when carrying out, for example produce digital signature again, just the parameter that produces signature can be cut apart and be loaded on attached agency, prevent that malice from carrying out the attack of main frame;
3) chief creating agency will be responsible for the attached agency's of each task harmony and collaborative all the time, and the consistency of assurance workflow is so that the finishing smoothly of task;
4) after task was finished, the chief creating agency was with the combined analysis data and obtain final result, except guard agency and supervision agency, nullified other attached agency, finally returned source host.
We utilize mobile agent group to realize a concrete case about e-commerce transaction from cutting apart the cooperation guard method.This case is described below:
Source host need arrive the optimum price quotation of a certain high commodity of search in a certain net territory and finish the reservation task, this net territory has multiple host or server that this commodity and service is provided, but must on order, produce digital signature timely and effectively when requiring to subscribe, deny trading activity after subscribing to prevent source host.
Source host is created mobile agent group, comprise high intelligent chief creating agency, key parameter agency and (carry some key parameters that produce the significant digits signature, belong to resident agency, reside in forever in the mobile agent group), guard agency and communication agent, the attached agency of task is independently created according to implementation status by the chief creating agency.The integration mechanism of mobile agent group has adopted net type intergration model, mainly is the expansion of creating the back topological structure for the ease of the attached agency of task.
We utilize local area network (LAN) and six PC main frames to realize this transaction flow, and have adopted SSL security mechanism (encryption and the digital signature that have comprised source host necessity) in the transmission course of mobile agent group.It mainly is to carry out safety verification and safe Route Selection to carrying out main frame that the guard acts on behalf of; The chief creating agency will independently create a plurality of simple search agencies that do not contain any confidential information when the optimum price quotation of search commercial articles, its executed in parallel is efficient more and safety than the traversal of sole placing agency, solve the potential safety hazard of malicious host modification formal quotation; After the chief creating agency obtains having the host information of optimum price quotation,, roam to destination host or near a certain trusted main frame of shaking hands with nullifying the attached agency who is responsible for search; The process that produces digital signature reservation commodity is acted on behalf of the united and coordinating commander by chief creating, the chief creating agency will read key parameter from the key parameter agency, be dispersed among the attached agency of a plurality of signatures by secret splicing mechanism, steal the attempt of complete key information by avoiding malicious host cutting apart of key; The segmentation strategy that the attached agency's of task assignment can adopt mark to distinguish, a plurality of signatures attached agency execute the task unique spacer, effectively avoided the continuity of information flow, and communication agent then is responsible for the security situation of report executing; After signature produces, the chief creating agency will nullify attached agency of signature and key parameter agency, finally return source host.

Claims (1)

1. a mobile agent group is from cutting apart the cooperation guard method, it is characterized in that mobile agent is segmented according to the content and the character of task, the architecture of forming mobile agent group according to intergration model, embed corresponding agency or division of tasks strategy, and combine with traditional security mechanism, by chief creating agency's orchestration, make the generation self-protective mechanism of each attached proxy collaboration, at unsafe network with carry out in the hosted environment and finish assigned tasks; Its method is divided into three parts, that is: the final manner of execution of the loaming method of the creation method of mobile agent group, mobile agent group and mobile agent group is specific as follows:
The creation method of mobile agent group:
1) content, character and the complexity that set the tasks according to self-demand of source host, this task is the single task role or the combination of a plurality of tasks;
2) according to the character and the complexity of task, source host is created the chief creating agency, this agency is high intelligent chief creating mobile agent or little intelligent chief creating mobile agent, the former creates simple attached agency voluntarily according to task implementation status midway, and the latter only is responsible for cutting apart certainly and orchestration work of mobile agent group;
3) attached agency's establishment: source host need add the guard agency in mobile agent group, is responsible for the safety of the mobile agent group in the protection roaming; The task agent of being responsible for finishing assigned tasks is a most important parts in the mobile agent group, and the attached agency of the type carries the data and the information of source host, and they will be finished the work under chief creating agency's coordination; The attached agency of communication agent and supervision agency and other type then can determine whether sending according to specific circumstances;
4) three kinds of intergration models of the integrated employing of mobile agent group---tree type intergration model, net type intergration model and tree net type intergration model, in these intergration models, source host or chief creating agency will specify secondary chief creating agency;
5) source host is loaded on data necessary information after the mobile agent group, to carry out encryption to the important information in the group, must load digital signature when needing authentication, but simultaneously by of the vital task information encryption of simple encryption and decryption function to function to indicate, to finish the safety protecting mechanism of phase I, send it to roam to destination host at last;
The loaming method of mobile agent group:
1) agency of the chief creating in the mobile agent group will isolate the guard agency, be responsible for the safety of mobile agent group in roam procedure; The All hosts node that it will be visited task agent carries out safety verification, detects the intention of carrying out main frame by the state of differentiating task agent;
2) mobile agent group collects some information of intermediate host node, chief creating the agency will station on a certain trusted main frame of shaking hands in this net territory, if there is not the trusted main frame of shaking hands in this net territory, then select the highest main frame of degree of belief according to the trust degree of guard's agent security checking;
3) the chief creating agency will be according to the autonomous creation task agency of the character of task, or according to from the segmentation strategy algorithm existing task agent being distributed to these host node execution information search tasks, the chief creating agency pays attention to fail safe, validity and the reasonability that task assignment is carried out when cutting apart certainly;
4) when task agent when intermediate node is executed the task, keep communicate by letter with communication agent in the mobile agent group, act on behalf of to chief creating and report without delay implementation status;
5) after task agent has been collected the information of intermediate node, will return mobile agent group, the chief creating agency will carry out combined analysis to these information, obtain some intermediate object programs; If the task of task agent terminates, the chief creating agency will nullify these agencies;
The final manner of execution of mobile agent group:
1) mobile agent group roam to target carry out main frame near, only send necessary task agent to carry out corresponding task, or direct garrison execution main frame to destination host;
2) chief creating agency will select for use suitable for segmentation strategy, in view of the entrained secret information of task agent, task assignment is reasonably disperseed secret information simultaneously, produce digital signature if desired, the parameter that produces signature is cut apart and be loaded on attached agency, prevent that malice from carrying out the attack of main frame;
3) chief creating agency will be responsible for the harmony and the collaborative of each task agent all the time, and the consistency of assurance workflow is so that the finishing smoothly of task;
4) after task was finished, the chief creating agency was with the combined analysis data and obtain final result, except guard agency and supervision agency, nullified other attached agency, finally returned source host.
CNB2005100379610A 2005-03-04 2005-03-04 Self-splitting cooperation protection scheme for mobile proxy groups Expired - Fee Related CN100403750C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005100379610A CN100403750C (en) 2005-03-04 2005-03-04 Self-splitting cooperation protection scheme for mobile proxy groups

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005100379610A CN100403750C (en) 2005-03-04 2005-03-04 Self-splitting cooperation protection scheme for mobile proxy groups

Publications (2)

Publication Number Publication Date
CN1655554A CN1655554A (en) 2005-08-17
CN100403750C true CN100403750C (en) 2008-07-16

Family

ID=34894400

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100379610A Expired - Fee Related CN100403750C (en) 2005-03-04 2005-03-04 Self-splitting cooperation protection scheme for mobile proxy groups

Country Status (1)

Country Link
CN (1) CN100403750C (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100461966C (en) * 2006-09-08 2009-02-11 西安交通大学 Integrated platform based on the embedded mobile terminal device and supporting mobile cooperation service
CN101216911B (en) * 2008-01-04 2010-09-29 清华大学 Dynamic workflow model subdivision method supporting distributed execution
CN101267449B (en) * 2008-04-30 2011-06-22 中山大学 A tree P2P system resource transmission method based on mobile agent mechanism
CN102170639B (en) * 2011-05-11 2015-03-11 华南理工大学 Authentication method of distributed wireless Ad Hoc network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1279551A (en) * 1999-07-05 2001-01-10 索尼国际(欧洲)股份有限公司 Communication network and management for immigration of mobile agents
US6513059B1 (en) * 2000-08-24 2003-01-28 Cambira Corporation Adaptive collaborative intelligent network system
CN1499889A (en) * 2002-11-05 2004-05-26 深圳市中兴通讯股份有限公司 Method for seamless roaming in mixed configurated packet wireless network with wireless local area network
WO2004095795A1 (en) * 2003-04-17 2004-11-04 Orange Sa Distributed mobile agent

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1279551A (en) * 1999-07-05 2001-01-10 索尼国际(欧洲)股份有限公司 Communication network and management for immigration of mobile agents
US6513059B1 (en) * 2000-08-24 2003-01-28 Cambira Corporation Adaptive collaborative intelligent network system
CN1499889A (en) * 2002-11-05 2004-05-26 深圳市中兴通讯股份有限公司 Method for seamless roaming in mixed configurated packet wireless network with wireless local area network
WO2004095795A1 (en) * 2003-04-17 2004-11-04 Orange Sa Distributed mobile agent

Non-Patent Citations (10)

* Cited by examiner, † Cited by third party
Title
Multi-mobile agents' separation scheme in JavaCardapplication for mobile agent's security. Ruchuan Wang, Haiping Huang, Haiyan Wang.Proceedings of 2004 IEEE International Conference on Services Computing. 2004
Multi-mobile agents' separation scheme in JavaCardapplication for mobile agent's security. Ruchuan Wang, Haiping Huang, Haiyan Wang.Proceedings of 2004 IEEE International Conference on Services Computing. 2004 *
基于Web Service的可移动的协同代理的研究. 胡慧芳,赵正德,陈晓波,任虹灿.计算机工程与设计,第25卷第9期. 2004
基于Web Service的可移动的协同代理的研究. 胡慧芳,赵正德,陈晓波,任虹灿.计算机工程与设计,第25卷第9期. 2004 *
基于主从样式的移动代理安全模型的研究与实现. 穆鸿,王汝传,张登银.计算机科学,第30卷第12期. 2003
基于主从样式的移动代理安全模型的研究与实现. 穆鸿,王汝传,张登银.计算机科学,第30卷第12期. 2003 *
基于移动代理网格计算中任务调度的研究. 陈宏伟,王汝传,韩光法.计算机应用研究,第12期. 2004
基于移动代理网格计算中任务调度的研究. 陈宏伟,王汝传,韩光法.计算机应用研究,第12期. 2004 *
移动agent及其应用. 张云勇,7-14,清华大学出版社. 2002
移动agent及其应用. 张云勇,7-14,清华大学出版社. 2002 *

Also Published As

Publication number Publication date
CN1655554A (en) 2005-08-17

Similar Documents

Publication Publication Date Title
Ahmed et al. A blockchain‐and artificial intelligence‐enabled smart IoT framework for sustainable city
Lu The blockchain: State-of-the-art and research challenges
Kaur et al. MBCP: Performance analysis of large scale mainstream blockchain consensus protocols
Alshammari et al. Cybersecurity for digital twins in the built environment: Current research and future directions
US20120188249A1 (en) Distributed graph system and method
CN101453398A (en) Novel distributed grid super computer system and method
CN102799957A (en) Scientific work flow scheduling method with safe perception under cloud calculation environment
Samy et al. Secure task offloading in blockchain-enabled mobile edge computing with deep reinforcement learning
Yang et al. A trustworthy Internet of Vehicles: The DAO to safe, secure and collaborative autonomous driving
CN106101074B (en) A kind of sacurity dispatching method based on user's classification towards big data platform
CN100403750C (en) Self-splitting cooperation protection scheme for mobile proxy groups
EP3750067A2 (en) Workgroup hierarchical core structures for building real-time workgroup systems
Bharadwaj et al. Towards automated negotiation of access control policies
Suliman Eissa Mohammed et al. Blockchain technology and the future of construction industry in the Arab region: applications, challenges, and future opportunities
Freris A software defined architecture for cyberphysical systems
Singh et al. Decentralised scheduling with confidentiality protection
Eng et al. An Estimation-Based Dynamic Load Balancing Algorithm for Efficient Load Distribution and Balancing in Heterogeneous Grid Computing Environment
CN113449014B (en) Selective cloud data query system based on block chain
Bresina et al. Mixed-initiative activity planning for mars rovers
Zambare et al. Understanding Security Challenges and Defending Access Control Models for Cloud-Based Internet of Things Network
CN104504317B (en) A kind of access control system user authorization query asks the fast solution method of problem
Yahya et al. Multi-organizational access control model based on mobile agents for cloud computing
Battacharjee et al. A design framework for e-business infrastructure integration and resource management
Shkarlet et al. Modeling of Information Security Management System in the Project
Teng A study on the innovation of supply chain operation model based on cloud computing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20080716

Termination date: 20130304