Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations...
Transcript of Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations...
![Page 1: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/1.jpg)
FoundationsSecurity in MAS
Conclusion
Why Protection against Viruses, Bots, and Wormsis so hard
Malware seen as Mobile Agents
Till Dö[email protected]
PRESECURE Consulting GmbH
June 20, 2007
Till Dörges Protection – Malware seen as Mobile Agents 1/39
![Page 2: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/2.jpg)
FoundationsSecurity in MAS
Conclusion
Table of Contents
1 FoundationsAgents and Multi Agent SystemsAgents and Malware
2 Security in MASDesirable PropertiesProtecting the PlatformProtecting the Agent
3 Conclusion
Till Dörges Protection – Malware seen as Mobile Agents 2/39
![Page 3: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/3.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Table of Contents
1 FoundationsAgents and Multi Agent SystemsAgents and Malware
2 Security in MASDesirable PropertiesProtecting the PlatformProtecting the Agent
3 Conclusion
Till Dörges Protection – Malware seen as Mobile Agents 3/39
![Page 4: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/4.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Table of Contents
1 FoundationsAgents and Multi Agent SystemsAgents and Malware
2 Security in MASDesirable PropertiesProtecting the PlatformProtecting the Agent
3 Conclusion
Till Dörges Protection – Malware seen as Mobile Agents 4/39
![Page 5: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/5.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Agents
What is an Agent?
• Modeling Paradigm• Software Engineering (unlike e.g. objects, . . . )• Artificial Intelligence
Important Properties
• Encapsulation and Modularization
• Reactivity
• Proactivity
• Autonomy
• Mobility (not generally required)
Till Dörges Protection – Malware seen as Mobile Agents 5/39
![Page 6: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/6.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Agents
What is an Agent?
• Modeling Paradigm• Software Engineering (unlike e.g. objects, . . . )• Artificial Intelligence
Important Properties
• Encapsulation and Modularization
• Reactivity
• Proactivity
• Autonomy
• Mobility (not generally required)
Till Dörges Protection – Malware seen as Mobile Agents 5/39
![Page 7: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/7.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Agents
What is an Agent?
• Modeling Paradigm• Software Engineering (unlike e.g. objects, . . . )• Artificial Intelligence
Important Properties
• Encapsulation and Modularization
• Reactivity
• Proactivity
• Autonomy
• Mobility (not generally required)
Till Dörges Protection – Malware seen as Mobile Agents 5/39
![Page 8: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/8.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Agents (cont’d)
Definition
• Subject to quite a bit of debate• Social Behavior• Ability to Adapt• Goal Orientation• . . .
• Key properties are safe to assume
Particularly Suited for
• Distributed and Concurrent Systems
• Systems across Multiple Administrative Domains
Till Dörges Protection – Malware seen as Mobile Agents 6/39
![Page 9: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/9.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Agents (cont’d)
Colloquially Speaking
• Program/Code and Data
• Travel between Platforms
• Run on different Platforms
Examples
• “Shopping Agent”• “Find (buy) a blue Bicycle for not more than EUR 500.”• Inquires at several platforms• Finds best solution• Possibly purchases a bike on behalf of owner/user
Till Dörges Protection – Malware seen as Mobile Agents 7/39
![Page 10: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/10.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Distinction from Mobile Code
Examples for Mobile Code
• JAVA applets
• ActiveX controls
• . . .
Mobile Code lacks
• Autonomy
• Proactivity
• Goal Orientation
Till Dörges Protection – Malware seen as Mobile Agents 8/39
![Page 11: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/11.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Platforms
What is a Platform?
• Runtime Environment for Agents
• Responsible Protection of Agents
• Services for Interaction (communication, directory services, . . . )
• Transportation of Agents between Platforms
Colloquially Speaking
• Application on a Computer
Till Dörges Protection – Malware seen as Mobile Agents 9/39
![Page 12: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/12.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Multi Agent Systems – MAS
What is a MAS?
• Technically• n with n > 0 Platforms• m with m > 0 Agents• Infrastructure/Policies
• Service Point of View• Shopping Platform• Database Querying• Research• . . .
• Multi Agent Application• . . .
Till Dörges Protection – Malware seen as Mobile Agents 10/39
![Page 13: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/13.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Multi Agent Application?
Agent Orientation as Modeling Paradigm
• Comparable to Object Orientation
• AO development environments readily available
• AO application doesn’t have to show agents on the outside
Till Dörges Protection – Malware seen as Mobile Agents 11/39
![Page 14: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/14.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Table of Contents
1 FoundationsAgents and Multi Agent SystemsAgents and Malware
2 Security in MASDesirable PropertiesProtecting the PlatformProtecting the Agent
3 Conclusion
Till Dörges Protection – Malware seen as Mobile Agents 12/39
![Page 15: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/15.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Malware
Definition (Wikipedia)Malware is software designed to infiltrate or damage acomputer system without the owner’s informed consent. . . .[The term designates] a variety of forms of hostile, intrusive,or annoying software or program code.
Taxonomy
• Species• Virus• Bot• Worm• . . .
• Distinction blurry
Till Dörges Protection – Malware seen as Mobile Agents 13/39
![Page 16: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/16.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Malware (cont’d)
Properties
• Provision of “Services”• Spying• Attacking• Back Doors• . . .
• Reactivity
• Proactivity
• Autonomy
• Mobility
• Self Replication
• Adaption
Till Dörges Protection – Malware seen as Mobile Agents 14/39
![Page 17: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/17.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Malware (cont’d)
Properties
• Provision of “Services”• Spying• Attacking• Back Doors• . . .
• Reactivity
• Proactivity
• Autonomy
• Mobility
• Self Replication
• Adaption
Till Dörges Protection – Malware seen as Mobile Agents 14/39
![Page 18: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/18.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Comparison
Malware?
• Comparison Malware ⇔ Agents holds
Platforms?
• Infected Computers provide for Runtime Environment
• Other services implemented by Malware directly
• Comparison for Infected Computers⇔ Platforms holds
MAS?
• Less interesting (1 malware is enough tocontrol 1 computer)
• Holds, too.
Till Dörges Protection – Malware seen as Mobile Agents 15/39
![Page 19: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/19.jpg)
FoundationsSecurity in MAS
Conclusion
Agents and Multi Agent SystemsAgents and Malware
Comparison
Malware?
• Comparison Malware ⇔ Agents holds
Platforms?
• Infected Computers provide for Runtime Environment
• Other services implemented by Malware directly
• Comparison for Infected Computers⇔ Platforms holds
MAS?
• Less interesting (1 malware is enough tocontrol 1 computer)
• Holds, too.
Till Dörges Protection – Malware seen as Mobile Agents 15/39
![Page 20: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/20.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Table of Contents
1 FoundationsAgents and Multi Agent SystemsAgents and Malware
2 Security in MASDesirable PropertiesProtecting the PlatformProtecting the Agent
3 Conclusion
Till Dörges Protection – Malware seen as Mobile Agents 16/39
![Page 21: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/21.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Table of Contents
1 FoundationsAgents and Multi Agent SystemsAgents and Malware
2 Security in MASDesirable PropertiesProtecting the PlatformProtecting the Agent
3 Conclusion
Till Dörges Protection – Malware seen as Mobile Agents 17/39
![Page 22: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/22.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Security
Conventional Aspects / Definition
• Confidentiality
• Integrity
• Availability
Shortcomings
• Every System is Special
• Definition has to be adapted• What about (for example)
• Identity• Trust• . . .
Till Dörges Protection – Malware seen as Mobile Agents 18/39
![Page 23: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/23.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Security
Conventional Aspects / Definition
• Confidentiality
• Integrity
• Availability
Shortcomings
• Every System is Special
• Definition has to be adapted• What about (for example)
• Identity• Trust• . . .
Till Dörges Protection – Malware seen as Mobile Agents 18/39
![Page 24: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/24.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Security
Conventional Aspects / Definition
• Confidentiality
• Integrity
• Availability
Shortcomings
• Every System is Special
• Definition has to be adapted• What about (for example)
• Identity• Trust• . . .
Till Dörges Protection – Malware seen as Mobile Agents 18/39
![Page 25: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/25.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Desirable Security Properties in MAS
Security for Agents?
• Communication• Integrity• Confidentiality• Availability• Non-Repudiation• . . .
• Mobility
• Agent Execution
Different Points of View
• Protection of Platforms
• Protection of AgentsTill Dörges Protection – Malware seen as Mobile Agents 19/39
![Page 26: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/26.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Table of Contents
1 FoundationsAgents and Multi Agent SystemsAgents and Malware
2 Security in MASDesirable PropertiesProtecting the PlatformProtecting the Agent
3 Conclusion
Till Dörges Protection – Malware seen as Mobile Agents 20/39
![Page 27: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/27.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Approaches to Protection
Briefly
• Reference Monitor• Security Kernel• Sandbox
• Signed Code
• Path Histories
• State Appraisal
• Proof Carrying Code
⇒ Not the focus of this presentation
Till Dörges Protection – Malware seen as Mobile Agents 21/39
![Page 28: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/28.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Approaches to Protection
Briefly
• Reference Monitor• Security Kernel• Sandbox
• Signed Code
• Path Histories
• State Appraisal
• Proof Carrying Code
⇒ Not the focus of this presentation
Till Dörges Protection – Malware seen as Mobile Agents 21/39
![Page 29: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/29.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
State Appraisal
Description
• Assurance to Platform that Agent will not reach certain states
• Appraisal functions become part of Agent’s code
• State Space Explosion
• Requires Prediction of all (harmful) States
Till Dörges Protection – Malware seen as Mobile Agents 22/39
![Page 30: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/30.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Proof Carrying Code
Description
• Executor (e.g. Platform) can check Program/Code (e.g. Agent)
• Dynamic Approach
• Code comes with Proof not to violate Policy
• Generation of Proof difficult
• Validation of Proof easy
• Does not solely rely on States
Till Dörges Protection – Malware seen as Mobile Agents 23/39
![Page 31: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/31.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Table of Contents
1 FoundationsAgents and Multi Agent SystemsAgents and Malware
2 Security in MASDesirable PropertiesProtecting the PlatformProtecting the Agent
3 Conclusion
Till Dörges Protection – Malware seen as Mobile Agents 24/39
![Page 32: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/32.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Approaches to Protection
Overview
• Trusted Hardware
• Policies
• Logging
• Cooperation
• Cryptography
• Code Obfuscation
Till Dörges Protection – Malware seen as Mobile Agents 25/39
![Page 33: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/33.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Trusted Hardware
Description
• Probably best Protection Possible• Hardware can be tampered with, too
• Power Supply, Voltage• Timing• Information Leaking• . . .
Trusted Computing
• Needs Trusted Hardware
• Other Issues (e.g. DRM)
⇒ Not relevant for this analysis
Till Dörges Protection – Malware seen as Mobile Agents 26/39
![Page 34: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/34.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Trusted Hardware
Description
• Probably best Protection Possible• Hardware can be tampered with, too
• Power Supply, Voltage• Timing• Information Leaking• . . .
Trusted Computing
• Needs Trusted Hardware
• Other Issues (e.g. DRM)
⇒ Not relevant for this analysis
Till Dörges Protection – Malware seen as Mobile Agents 26/39
![Page 35: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/35.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Policies
Description
• Recommended for any Setup
• Regulatory Approach
• “Prohibit” Malicious Activity
• Enough for certain Scenarios
Problematic
• Enforcement of Policies• Prevention of Violations• Sanctions after Violations
• Employ together with Logging
⇒ Not relevant for Malware
Till Dörges Protection – Malware seen as Mobile Agents 27/39
![Page 36: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/36.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Policies
Description
• Recommended for any Setup
• Regulatory Approach
• “Prohibit” Malicious Activity
• Enough for certain Scenarios
Problematic
• Enforcement of Policies• Prevention of Violations• Sanctions after Violations
• Employ together with Logging
⇒ Not relevant for MalwareTill Dörges Protection – Malware seen as Mobile Agents 27/39
![Page 37: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/37.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Logging
Description
• Keep a History of Actions• Possibly with Signatures
• Platforms• Agents
• Useful in conjunction with Policies
Problematic
• Logging alone does not prevent most Incidents
• Sanctioning is supported
⇒ Not relevant for Malware
Till Dörges Protection – Malware seen as Mobile Agents 28/39
![Page 38: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/38.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Logging
Description
• Keep a History of Actions• Possibly with Signatures
• Platforms• Agents
• Useful in conjunction with Policies
Problematic
• Logging alone does not prevent most Incidents
• Sanctioning is supported
⇒ Not relevant for Malware
Till Dörges Protection – Malware seen as Mobile Agents 28/39
![Page 39: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/39.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cooperation
Description
• Distribution of Information or Functionality
• Simply Redundancy
⇒ Redundancy often at least implicitly present
Till Dörges Protection – Malware seen as Mobile Agents 29/39
![Page 40: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/40.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cooperation
Description
• Distribution of Information or Functionality
• Simply Redundancy
⇒ Redundancy often at least implicitly present
Till Dörges Protection – Malware seen as Mobile Agents 29/39
![Page 41: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/41.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography
Main Question
• Cryptography on Untrusted Platform
Overview
• Partial Results Encapsulation
• Computing with Encrypted Functions
• Undetachable Signatures
• Environmental Key Generation
• Secure Communication
Till Dörges Protection – Malware seen as Mobile Agents 30/39
![Page 42: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/42.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Partial Results Encapsulation
• Secure Data Storage for Agent
• Several Approaches in Literature
• Encrypt Data with Public Key (e.g. owner’s)
• Useful for collecting data from several Platforms
• Agent cannot use Data
• Current Platform sees Data
• Signatures can be problematic
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 31/39
![Page 43: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/43.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Partial Results Encapsulation
• Secure Data Storage for Agent
• Several Approaches in Literature
• Encrypt Data with Public Key (e.g. owner’s)
• Useful for collecting data from several Platforms
• Agent cannot use Data
• Current Platform sees Data
• Signatures can be problematic
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 31/39
![Page 44: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/44.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Computing with Encrypted Functions
• f (): Function to be run by Agent
• enc(): Function to encrypt (hide) Information from Platform
• g = f ◦enc: Function executed on Platform
• Platform knows: g(), might also know enc()• Platform cannot compute f (x), only g(x) = enc(f (x))• enc() not easy to find
• f (x) might be needed by Agent
• Denial of Service, Replay Attacks
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 32/39
![Page 45: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/45.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Computing with Encrypted Functions
• f (): Function to be run by Agent
• enc(): Function to encrypt (hide) Information from Platform
• g = f ◦enc: Function executed on Platform
• Platform knows: g(), might also know enc()• Platform cannot compute f (x), only g(x) = enc(f (x))• enc() not easy to find
• f (x) might be needed by Agent
• Denial of Service, Replay Attacks
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 32/39
![Page 46: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/46.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Undetachable Signatures
• Application of Computing with Encrypted Functions
• f (): Agent’s Signature Function
• enc(): Also includes Agent’s Constraints
• x : Contract to be signed
• g(x) = enc(f (x)): Agent’s Signature of Contract
• enc() restricts what can be signed
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 33/39
![Page 47: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/47.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Undetachable Signatures
• Application of Computing with Encrypted Functions
• f (): Agent’s Signature Function
• enc(): Also includes Agent’s Constraints
• x : Contract to be signed
• g(x) = enc(f (x)): Agent’s Signature of Contract
• enc() restricts what can be signed
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 33/39
![Page 48: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/48.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Environmental Key Generation
• Unlock Code (or Data) based on Condition in the Environment
• Condition Encoded Using Hash Functions
• Code available in clear just before Execution
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 34/39
![Page 49: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/49.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Environmental Key Generation
• Unlock Code (or Data) based on Condition in the Environment
• Condition Encoded Using Hash Functions
• Code available in clear just before Execution
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 34/39
![Page 50: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/50.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Secure Communication
• Securing Command and Control Channels inside Network
• Hiding Contents from Platform not possible
• Undetachable Signatures applicable
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 35/39
![Page 51: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/51.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Cryptography (cont’d)
Secure Communication
• Securing Command and Control Channels inside Network
• Hiding Contents from Platform not possible
• Undetachable Signatures applicable
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 35/39
![Page 52: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/52.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Code Obfuscation
Description
• Perfect Obfuscation = Perfect Information Hiding
• Obfuscation 6= Encryption
• Perfect Obfuscation impossible• Current Quality of Obfuscation
• leaking of “negligibly small” amount of information• polynomial time
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 36/39
![Page 53: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/53.jpg)
FoundationsSecurity in MAS
Conclusion
Desirable PropertiesProtecting the PlatformProtecting the Agent
Code Obfuscation
Description
• Perfect Obfuscation = Perfect Information Hiding
• Obfuscation 6= Encryption
• Perfect Obfuscation impossible• Current Quality of Obfuscation
• leaking of “negligibly small” amount of information• polynomial time
⇒ Applicable to Malware
Till Dörges Protection – Malware seen as Mobile Agents 36/39
![Page 54: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/54.jpg)
FoundationsSecurity in MAS
Conclusion
Table of Contents
1 FoundationsAgents and Multi Agent SystemsAgents and Malware
2 Security in MASDesirable PropertiesProtecting the PlatformProtecting the Agent
3 Conclusion
Till Dörges Protection – Malware seen as Mobile Agents 37/39
![Page 55: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/55.jpg)
FoundationsSecurity in MAS
Conclusion
Conclusion
Summing up
• Advanced Protection Possible for Malware
• Perfect Protection Impossible
• Some Measures Used already
Not to forget
• Turing and the Entscheidungsproblem
• Current Malware already “successful”
• Complexity of Current Setups makes forgood Hiding Spots
Till Dörges Protection – Malware seen as Mobile Agents 38/39
![Page 56: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/56.jpg)
FoundationsSecurity in MAS
Conclusion
Remains ...
• Thanks for your Attention!
• Questions?
Till Dörges Protection – Malware seen as Mobile Agents 39/39
![Page 57: Why Protection against Viruses, Bots, and Worms is so hard - … · 2017-04-03 · Foundations Security in MAS Conclusion Table of Contents 1 Foundations Agents and Multi Agent Systems](https://reader033.fdocuments.us/reader033/viewer/2022042418/5f341417b5b70b02547bbc40/html5/thumbnails/57.jpg)
FoundationsSecurity in MAS
Conclusion
Remains ...
• Thanks for your Attention!
• Questions?
Till Dörges Protection – Malware seen as Mobile Agents 39/39