ATOMAS A Transaction-oriented Open Multi Agent-System. Final(9)

ATOMAS:

3WP 2.2: Security10

ATOMAS:

3WP 2.2: Security11

ATOMAS:

3WP 2.2: Security12sitive when it is represented in a way that the binary number of the “coin”is the money andtherefore can be used as real world cash. But there are also other classes of data, which can beused for an attack although they have not the nature of classes like e-cash. In our example, theknowledge of the maximum price or the best price so far can be used by a malicious host to offerflowers for a slightly lower amount than the competitors, although the regular price is muchlower.

3. Spying out control flow

As soon as the host knows the entire code of the agent and its data, it can determine the nextexecution step at any time. Even if we could protect the used data somehow, it is rather difficultto protect the information about the actual control flow. This is a problem, because together withthe knowledge of the code, a malicious host can deduce more information about the state of theagent. In our example, we can recognize whether an offer is better or worse than the best offerso far by simply watching the control flow, even if we could not read any data.

4. Manipulation of code

If the host is able to read the code and if it has access to the code memory, it can normally mod-ify the program of an agent. It could exploit this either by altering the code permanently, thusimplanting a virus, worm or trojan horse. It could also temporarily alter the behaviour of theagent on that particular host only. The advantage of the latter approach consists in the fact, thatthe host to which the agent migrates cannot detect a manipulation of the code since it is not mod-ified. Applied to our example, a malicious host could modify the code of the agent with the ef-fect that it prefers the offer of a certain flower provider, regardless of the price.

5. Manipulation of data

If the host knows the physical location of the data in the memory and the semantics of the singledata elements, it can modify data as well. In our example, the host could cut down the shop listafter setting the offer of the local flower provider as the best offer.

6. Manipulation of control flow

Even if the host does not have access to the data of the agent, it can conduct the behaviour ofthe agent by manipulating the control flow. In our example, the host could simply alter the flowat the second or third if statement, forcing the agent to choose the offer of the shop preferred bythe host as the best.

7. Incorrect execution of code

Without changing the code or the flow of control, a host may also alter the way it executes thecode of an agent, resulting in the same effects as above.

8. Masquerade

It is the liability of a host that sends an agent to a receiver host to ensure the identity of that re-ceiver. Still, a third party may intercept or copy an agent transfer and start the agent by maskingitself as the correct receiver host. A masquerade will probably be followed by other attacks likeread attacks.

9. Denial of execution

As the agent is executed by the host, i.e. passive, the host can simply not execute the agent. This