NIST Special Publication 800-19 – Mobile Agent Security

Mobile agent technology offers a new computing paradigm in which a program, in the form of a software agent, can suspend its execution on a host computer, transfer itself to another agent-enabled host on the network, and resume execution on the new host. The use of mobile code has a long history dating back to the use of remote job entry systems in the 1960's. Today's agent incarnations can be characterized in a number of ways ranging from simple distributed objects to highly organized software with embedded intelligence. As the sophistication of mobile software has increased over time, so too have the associated threats to security. This report provides an overview of the range of threats facing the designers of agent platforms and the developers of agentbased applications. The report also identifies generic security objectives, and a range of measures for countering the identified threats and fulfilling these security objectives.

[1]  Aaron Kershenbaum,et al.  Mobile Agents: Are They a Good Idea? , 1996, Mobile Object Systems.

[2]  Fred B. Schneider,et al.  Towards Fault-Tolerant and Secure Agentry , 1997, WDAG.

[3]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[4]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[5]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[6]  Joann J. Ordille,et al.  When agents roam, who can you trust? , 1996, Proceedings of COM'96. First Annual Conference on Emerging Technologies and Applications in Communications.

[7]  Alain J. Mayer,et al.  Secure Web Scripting , 1998, IEEE Internet Comput..

[8]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[9]  John K. Ousterhout,et al.  The Safe-Tcl Security Model , 1998, USENIX Annual Technical Conference.

[10]  Markus Straßer,et al.  A Performance Model for Mobile Agent Systems , 1997, PDPTA.

[11]  Thorsten von Eicken,et al.  JRes: a resource accounting interface for Java , 1998, OOPSLA '98.

[12]  William M. Farmer,et al.  Security for Mobile Agents: Authentication and State Appraisal , 1996, ESORICS.

[13]  Anand R. Tripathi,et al.  Security in mobile agent systems , 1998 .

[14]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[15]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .

[16]  Giovanni Vigna,et al.  Understanding Code Mobility , 1998, IEEE Trans. Software Eng..

[17]  Jonathan M. Smith,et al.  A survey of process migration mechanisms , 1988, OPSR.

[18]  Gene Tsudik,et al.  Itinerant Agents for Mobile Computing , 1995, IEEE Communications Surveys & Tutorials.

[19]  Bennet S. Yee A Sanctuary for Mobile Agents , 2001, Secure Internet Programming.

[20]  Bruce Schneier,et al.  Environmental Key Generation Towards Clueless Agents , 1998, Mobile Agents and Security.

[21]  N. Asokan,et al.  Protecting the computation results of free-roaming agents , 1998, Personal Technologies.

[22]  Luís Valente,et al.  Mobile agent security and Telescript , 1996, COMPCON '96. Technologies for the Information Superhighway Digest of Papers.

[23]  Moti Yung,et al.  Sliding Encryption: A Cryptographic Tool for Mobile Agents , 1997, FSE.

[24]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[25]  Trent Jaeger,et al.  A Flexible Security System for Using Internet Content , 1997, IEEE Softw..

[26]  John K. Ousterhout,et al.  Scripting: Higher-Level Programming for the 21st Century , 1998, Computer.

[27]  Robert S. Gray,et al.  Agent Tcl: a Exible and Secure Mobile-agent System , 1996 .