Self-Protecting Mobile Agents

Lee Badger

Brian Matt

Larry Spector

Doug Kilpatrick

Funded by both OASIS and Active Networks Programs

NAI Labs

14 Feb. 2001

Malicious Hosts Problem

• Mobile agents will need to execute on unfriendly hosts, but a host may:– modify an agent’s behavior

– steal an agent’s secrets (if any)

– deny execution

– execute improperly• crash the agent

– lie to an agent

Technical Objectives

• Protect software agents from tampering while allowing:– High mobility.

– Detached operation.

– Extended deployment periods.

– Realistic infrastructure requirements.

Existing Practice

• Limit Mobility to Trusted Places– hardware peripherals, trusted hosts

• Detect Malicious Execution After it Happens– state appraisal (Farmer), detection objects (Meadows),

cryptographic traces (Vigna) , partial result authentication codes (Yee), fault-tolerance techniques (Schneider)

• Prevent Malicious Execution– encrypted functions (Sander, Bazzi), code/data

obfuscation (Collberg, Low, Hohl, Wang)

Time-limited Black Box

Hohl, Fritz, “An Approach to Solve the Problem of Malicious Hosts”

• A host can deny execution, or lie, but it can’t disrupt the programs’ internal consistency for n seconds.

• Can this temporary protection be leveraged into ongoing protection?

SourceSourceCodeCode

PolicyPolicyAA

ObfuscationObfuscationTransformTransform Run for Run for nn seconds seconds Stop.Stop.

ObfuscatedObfuscatedSource codeSource code

Technical Approach (in a nutshell)

agentagent

HostHost

agentletagentlet11

HostHost

agentletagentlet22

HostHost

agentletagentlet33

HostHost

agentletagentletNN

HostHost

......

• DistributionDistribution: replicate agents across multiple, : replicate agents across multiple, unrelatedunrelated hosts. hosts.– Present a moving targetPresent a moving target

• Monitoring/Recovery:Monitoring/Recovery: regenerate corrupted “agentlets.” regenerate corrupted “agentlets.”• Code/data Obfuscation:Code/data Obfuscation: prevent host-based analysis prevent host-based analysis

– Refresh obfuscation before analysis can be completedRefresh obfuscation before analysis can be completed

Traditional AgentTraditional Agent Self-Protecting AgentSelf-Protecting Agent

Strategy

• New features and policy for existing agents.

• No source code required.

• Goal: no manual per-agent work required.

transform tooltransform tool

Obfuscating transformObfuscating transformpolicypolicy

new binary agentnew binary agent(self-protecting)(self-protecting)

DistributionDistributionFunctionsFunctions

OriginalOriginal(binary)(binary)agentagent

Monitor/RecoveryMonitor/RecoveryFunctionsFunctions

Bird’s Eye View

S

a

b

c

d

a

b

c

d

a

b

c

d

a

b

c

d

Useful work Agentletsre-obfuscateeach other

a

b

c

d

a

b

c

d

...

...

...

...Agentletsdispatched

Originator Host First Host Set Second Host Set

Migration

time

...

...

...

...

Protected period 1 Protected period 2

...

...

...

...

Applications of Obfuscation

• “Security through obscurity.” NOT!• Long-lived resistance to analysis. NOT!

– But can increase cost of stealing.• DashO-Pro (www.preemptive.com)• Jcloak (www.force5.com)• Elixir (www.elixirtech.com)• RetroGuard (www.retrologic.com)

• Temporary resistance to analysis.

Obfuscation (trivial to not-so-trivial)

Kinds of ObfuscationKinds of Obfuscation

LayoutLayoutObfuscationObfuscation

DataDataObfuscationObfuscation

ControlControlObfuscationObfuscation

PreventivePreventiveObfuscationObfuscation

Language-Language-BreakingBreakingObfuscationObfuscation

Opaque Predicates

• Opaque predicate: A fact about a program’s state known at obfuscation time that is hard to determine from the code.

• Two basic manufacture techniques– Exploit difficulty in alias analysis (proven NP-

complete).• E.g., embed graph operations

– Exploit difficulty in concurrency.• E.g., embed threading

Obfuscation “Strength”

• Potency: Difficulty for a human to reverse engineer. !(software engineering practices)

• Resilience: Difficulty of writing a tool to reverse the obfuscation.

• Cost: Space/time costs.

• Stealth: Ease of spotting obfuscation mechanisms. Ease of spying out the policy.

From Douglas Low’s thesis.From Douglas Low’s thesis.

What We’ve Done So Far

• Surveyed obfuscation tools.• Chose base technologies: Java, IBM Aglets,

ANTLR.• Developed an initial toolkit/testbed.• Formulated a strategy to transfer technology.• Developed initial tools:

– spi and spmod

• First incremental step in agent transformation.

Aglet System Architecture

• Aglets Runtime Layer

– Security Manager

– Cache Manager

– Persistence Manager

Aglet Architecture

• Communications Layer – ATP, CORBA RMI etc.

Aglet System Security Model

• Sandbox aglets to protect hosts.

• Server-server authentication.

• Signed aglets.

• Express agent preferences, to be honored by servers.– Don’t run too long here.

– Restrict me (from calling specific methods, or accessing resources)!

MethodsAglet Events As the event occurs After the event

occursCreation onCreationCloning onCloneDispatching onDispatching onArrivialRetraction onReverting onArrivialDisposal onDisposingDeactivation onDeactivatingActivation onActivationMessaging handleMessage

Server A

Server B

SecondaryStore

Classes

Aglet Aglet

Clone

Dispatch

Retract

Create Dispose

Aglet Life Cycle

Tool-based Approach

• Transformation plugs into life-cycle events.– Therefore, transformation can be generic.

• No source code required.• Often, no manual per-agent work required.

Spmod toolSpmod tool

spma commandsspma commands(policy)(policy)

new binary agentnew binary agent(self-protecting)(self-protecting)

““doner” functions,doner” functions, and variablesand variables(and maybe policy)(and maybe policy)

OriginalOriginal(binary)(binary)agentagent

DemoDemo

What “Policy” Means Here

• Obfuscation potency, resilience, stealth, cost.• Self-monitoring granularity.• Replication level.• Non-collusion itinerary rules.• Obfuscation refresh rate.• Distribution of sensitive state.• Phone-home flee-home thresholds.• And more...

Feb. 28, 2001Policy Specification and Architecture Report

April 30, 2001Prototype Distributed Agent Generation Tool

Administrative Info (Milestones)

Dec. 15, 2002Distributed, Self-Healing Obfuscated Agentlet Prototype

March 15, 2002Obfuscated Agentlet Prototype

March 14, 2000Start Date

March 15, 2003End Date

2001200120002000 20022002 20032003

Jan. 15, 2003Final Report

Nov. 15, 2001Obfuscation Techniques Evaluation Report

Technology Transfer

• DARPA programs: Active Networks, systems such as Ultra Log.

• Open Source distribution.

• Java.

• Tool-based approach on binary files: no source needed!

• Explore application to NAI products that employ agents.

The End!The End!