A formal security framework for mobile agent systems: Specification and verification

Security in mobile agent systems is twofold: protection of mobile agents and protection of agent execution system. Indeed, the proposed solutions for the security of distributed systems arenpsilat sufficient. Moreover, therepsilas no solution which treats the different concerns of security in the mobile agent systems. To achieve this goal, we use formal foundations which provide a rigorous reasoning about security of mobile agent systems. We propose in this paper a formal framework for the security in mobile agent systems which consists of three basic frameworks. The specification framework proposes, explicitly, a generic definition of security policies that may be enhanced by several concepts related to one or more security models. For illustration, we present a security policy enhancement based on the concepts of the RBAC model. Inevitably, we associate to the specification framework a verification framework which checks the consistency of the proposed specifications as well as the consistency intra-policy. In response to the dynamic changes of security requirements in mobile agent systems, we propose a third framework for the reconfiguration of policies.