Absicherung einer Plattform für Mobile Agenten mit KeystoneSecuring a Mobile Agents Platform with Keystone

Introduction

In the past the concept of mobile agents was thoroughly researched in academia. Such mobile agents were autonomous applications that were defined by their ability to freely move between execution platforms; even if they are located on different machines.

As this implies that code is executed in remote platforms, this, of course, raises security concerns. On the one hand, the execution platform need to be protected against malicious agents that might attempt to attack it. This problem has been solved for some times by implementing sandboxing mechanisms that restrict an agent's potential actions. On the other hand, the agent needs to be protected against malicious platforms, as they might try to gain confidential information by extracting data or code, or manipulate the execution itself.

Problem statement

For a long time this problem remained unsolved, but with the advent of trusted execution technologies, such as Intel SGX or Keystone, this has since changed. These can be used to ensure the confidentiality of code and data of an application, as well as its execution integrity.

Additionally, a new byte code format is currently on the rise in the web context: WebAssembly. It offers a high and stable performance, a compact code format, an integrated sandboxing mechanism, as well as support for numerous source languages. As such, it seems to be a perfect format for mobile agents. Combining WebAssembly with the protection of a trusted execution environment, therefore, seems like a promising approach for solving all the problems that mobile agents faced in the past, and adjusting them to the current state of the art, therefore, seems like a promising approach for solving all the problems that mobile agents faced in the past, and adjusting them to the current state of the art.

Task description

Prerequisites

• Good knowledge of C/C++
• Willingness to learn about WebAssembly and Keystone

Links