Security architecture of the M&M mobile agent framework

In the Mobile Agent programming model, small threads of execution migrate from machine to machine, performing their operations locally. For being able to deploy such a model into real world applications, security is a vital concern. In the M&M project we have developed a system that departures from the traditional platform-based execution model for mobile agents. In M&M there are no agent platforms. Instead there is a component framework that allows the applications to become able of sending and receiving agents by themselves in a straightforward manner. In this paper we examine the security mechanisms available in M&M, and how integration with existing applications is done. One difficult aspect of this work is that all the features must work with the security mechanisms that already exist on the applications. This is so because the components are integrated from within into the applications, which already have security mechanisms in place. Currently, M&M provides features like fine-grain security permissions, encryption of agents and data, certificate distribution using LDAP and cryptographic primitives for agents. For validating the approach and solutions found, we have integrated the framework into several off-the-shelf web servers, having the security mechanisms running, with no problems.

[1]  Bennet S. Yee A Sanctuary for Mobile Agents , 2001, Secure Internet Programming.

[2]  F. Boavida,et al.  Providing applications with mobile agent technology , 2001, 2001 IEEE Open Architectures and Network Programming Proceedings. OPENARCH 2001 (Cat. No.01EX484).

[3]  Fritz Hohl A Model of Attacks of Malicious Hosts Against Mobile Agents , 1998, ECOOP Workshops.

[4]  Antonio Corradi,et al.  A secure and open mobile agent programming environment , 1999, Proceedings. Fourth International Symposium on Autonomous Decentralized Systems. - Integration of Heterogeneous Systems -.

[5]  Aaron Kershenbaum,et al.  Mobile Agents: Are They a Good Idea? , 1996, Mobile Object Systems.

[6]  William M. Farmer,et al.  Security for Mobile Agents: Issues and Requirements , 1996 .

[7]  Paulo Simões,et al.  Integrating mobile agents into off-the-shelf web servers: the M&M approach , 2001, 12th International Workshop on Database and Expert Systems Applications.

[8]  W. A. Jansen,et al.  MOBILE AGENTS AND SECURITY , 1999 .

[9]  David Wong,et al.  Security and reliability in Concordia , 1999 .

[10]  William M. Farmer,et al.  Security for Mobile Agents: Authentication and State Appraisal , 1996, ESORICS.

[11]  Levente Buttyán,et al.  Protecting the Itinerary of Mobile Agents , 1998, ECOOP Workshops.

[12]  Jeffrey M. Bradshaw,et al.  Strong Mobility and Fine-Grained Resource Control in NOMADS , 2000, ASA/MA.

[13]  Paulo Marques,et al.  GOING BEYOND MOBILE AGENT PLATFORMS: COMPONENT-BASED DEVELOPMENT OF MOBILE AGENT SYSTEMS , 2000 .

[14]  Christian F. Tschudin,et al.  Towards mobile cryptography , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).