The development of systems based on embedded components is a challenging task because of their distributed, reactive and real-time nature. From a security point of view, embedded devices are basically systems owned by a certain entity, used frequently as part of systems owned by other entities and operated in a potentially hostile environment. The development of security-enhanced systems of embedded components is a difficult task due to different types of threats that may affect such systems, and because the security in systems of embedded devices is currently added as an additional feature when the development is advanced, or avoided as a superfluous characteristic. We present in this paper a methodology for the analysis and modeling of threats and attacks for systems of embedded components. The Intruder Model allows us to describe possible actions a potential intruder can accomplish, depending on his/her capabilities, resources, etc. Using this information, we can define a Threat Model that will specify the threats and attacks that affect different security properties in specific domains.
Mobile agents are processes that can migrate autonomously from new hosts. Despite of the huge number of fields of application of this technology, a lack in the security exists. The main approach of this work is based on the provision of a secure execution environment for mobile agents. Our approach is based on the idea of the trusted migration. This trusted migration is reached by means of the use of cryptographic hardware. Concretely, Trusted Computing Module (TPM). Thus, we have designed and developed a specific protocol, which is the basis to build the solution. In order to build our solution on a robust basis, we have validated this protocol by means of a model checking tool called AVISPA. Finally, we built a library to provide access to TPM (Trusted Platform Module) functionalities. The idea behind of this is based on the easy in using cryptographic hardware in the agent based systems development, disposing to agent developers of the security related tasks of their systems. The most relevant aspects of this library are described along this paper both at development stage of it and while we use it to develop a system based agent.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.