The organizational model together with the threat analysis gives a view onto entities. It is essential for a secure management system to be able to identify the subjects and objects representing the participating entities. The security requirement is authentication. Mobile agents are a new kind of access to systems that need closer attention. Some available access control devices like fingerprint scanners may improve control of access to humans but they will not work for mobile agents. Authentication is very fundamental, because most of the following security requirements presuppose the ability to identify subjects and objects unambiguously.
Authorization is necessary to bind rights to subjects. For that purpose rights and permissions must be described. Access control must then enforce rights and restrictions at run-time. Each object in the system offers interfaces which can be used by subjects. Access control prevents illegal access of objects. Certain management tasks require that a mobile agents is able to delegate rights and permissions to other entities, a concept for delegation of these rights is necessary. Security management with the aid of mobile agents can be carried out if such a concept is available.
Each information channel representing a relation between entities may need protection. The security requirement confidentiality is satisfied if such a channel is only accessible by authorized participants.
The aim of a lot of attacks is to alter code, data or messages or to replay/replicate messages or MAs. Detecting such alterations, manipulations, replays and misordering can assure the integrity of objects. Being able to establish and enforce resource constraints can prevent another big group of attacks: resource abuse and denial-of-service. The security requirement non-repudiation means that it is possible to prove that a certain subject has done a critical or sensitive action. Even a third party can prove who caused this action.
To prevent the circumvention of legal interfaces and to restrict rights the sandboxing concept is used. A sandbox is a very restricted environment for code execution which only can be left in a controlled manner.
Some attacks (e.g. manipulating an MA by an AS) seem very hard or even impossible to be prevented. If it is not possible to restrain these attacks technically an organizational solution is necessary, e.g. a trust relation between two entities that a particular kind of attack will not happen.
The following list summarizes security requirements (in bold) and attacks which can be prevented by services implementing these requirements. Some attacks are listed several times. This means either that more than one requirement covers the attack or that more services implementing the requirements are necessary to prevent a single attack.
Authentication: Masquerade, theft of rights, repudiation, replication, replay, redirection, denial-of-execution, denial-of-service, resource misuse
Authorization and Access: Theft of rights, denial-of-service, resource misuse
Confidentiality: Eavesdropping, theft of rights
Integrity: Theft of rights, replication, delay, replay, redirection, alteration, execution trace manipulation
Non-Repudiation: Repudiation
Resource-Constraints: Denial-of-service, resource misuse
Sandboxing: Circumvention Attack