Abstract
Ph.D.
Many organisations are starting to make large parts of their information resources
publicly accessible. For example, many organisations publish information using the
Internet. Some organisations allow non-employees to connect to their systems and
retrieve information - many banks allow customers to retrieve account statements via
the Internet.
There is a trend towards more open information systems and more distributed
processing such as client/server processing. The above are just some of the trends in
computer information processing that creates new and complex problems in providing
information systems that are both secure and manageable.
To add to the complexity of the information security problem, organisations use the
Internet to conduct some of their business and use many different applications, each
with its own unique access control mechanisms. Central management of information
security in a heterogeneous and distributed environments, such as the Internet has
become a nightmare.
There is a need for an information security model that will allow organisations to
make use of the new trends in information processing, but still have confidence that
they have adequate security and that the management of their information security
systems is fairly easy.
In this thesis we propose a model that satisfies the above requirements. We call this
model the Intelligent Security Agent Model (ISAM). The ISAM model is based on
two technologies: intelligent software agents and distributed objects. The main
component of the model is Intelligent Security Agents that act as security brokers for
its users in a distributed environment.
In chapter 2 of the thesis, we design an Intelligent Security Agent which provides
various information security services in open client/server environments. The
Intelligent Security Agent Model addresses certain problems/requirements, such as
single sign-on, in information security. These problems and possible solutions are
described in chapter 4 to chapter 10 of this thesis.
An Intelligent Security Agent must be protected from unauthorised modification,
theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by
implementing it as a distributed object. We show that the combination of intelligent
software agents and distributed objects creates an agent that was not possible before,
and solves many information security problems.In short, this thesis documents the results of a study in computer information security.
The result of the study is a new information security model in which intelligent
software agents and distributed objects are combined to create a security agent which
acts on behalf of a user in open environments such as client/server systems and the
Internet. The agent provides a set of services to its user and handles all information
security related requests on behalf of its user.