Enforcing resource bound safety for mobile SNMP agents

The integration of mobile agents with SNMP creates significant advantages for the management of complex networks. Nevertheless, the security concerns of mobile agent technology limit its acceptance in practice. A key issue is to safeguard resource usage abuse by malicious or buggy mobile agents on the hosting system. This paper describes how the TINMAN architecture, a framework and a suite of tools for enforcing resource safety of mobile code is applied to mobile SNMP agents. TINMAN uses a suite of resource-usage checking tools which consists of a resource bound predictor a usage certification generator and a verifier at compile-time, and certificate validation and monitoring tools at run-time. This paper shows how TINMAN tools can provide 100% coverage by a combination of off-line static analysis and run-time monitoring in enforcing safety on resource consumption of mobile SNMP agents. Experimental results from the current TINMAN implementation are given.

[1]  Kurt Geihs,et al.  Decentralized SNMP management with mobile agents , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[2]  Antonio Puliafito,et al.  Using mobile agents to implement flexible network management strategies , 2000, Comput. Commun..

[3]  Craig Partridge,et al.  Smart packets: applying active networks to network management , 2000, TOCS.

[4]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[5]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.

[6]  Angelos D. Keromytis,et al.  The price of safety in an active network , 2001, Journal of Communications and Networks.

[7]  Y. Wang,et al.  Integration of mobile agents with SNMP: why and how , 2000, NOMS 2000. 2000 IEEE/IFIP Network Operations and Management Symposium 'The Networked Planet: Management Beyond 2000' (Cat. No.00CB37074).

[8]  Jozef Hooman,et al.  Correctness of Real Time Systems by Construction , 1994, FTRTFT.

[9]  Alan C. Shaw,et al.  Experiments with a program timing tool based on source-level timing schema , 1990, [1990] Proceedings 11th Real-Time Systems Symposium.

[10]  Paolo Bellavista,et al.  How to monitor and control resource usage in mobile agent systems , 2001, Proceedings 3rd International Symposium on Distributed Objects and Applications.

[11]  Carl A. Gunter,et al.  PLAN: a packet language for active networks , 1998, ICFP '98.

[12]  Dan Grossman,et al.  TALx86: A Realistic Typed Assembly Language∗ , 1999 .