Security issues in mobile agent technology

The Mobile Agent (MA) paradigm seems to be a promising technology for developing applications in open, distributed and heterogeneous environments, such us the Internet. Many application areas, such as electronic commerce, mobile computing, network management and information retrieval can benefit from the application of the MA technology. The exploitation of mobile agents offer several peculiar advantages, such us reduction of network latency, asynchronous execution, robust and fault tolerant behavior. However, a wider diffusion of MA is currently limited by the lack of a comprehensive security framework that can address the security concerns arising in mobile agent applications providing efficiency at the same time. This paper describes an MA environment, called Secure and Open Mobile Agent (SOMA), that offers a wide range of security tools and mechanisms aimed at protecting both execution sites and agents against reciprocal malicious behavior. In particular, SOMA integrates several possible solutions to ensure agent integrity. The paper presents an electronic marketplace prototype based on SOMA where we have validated the efficiency and scalability of our security framework.

[1]  Li Gong,et al.  Java security: present and near future , 1997, IEEE Micro.

[2]  Emil C. Lupu,et al.  A policy based role object model , 1997, Proceedings First International Enterprise Distributed Object Computing Workshop.

[3]  N. Asokan,et al.  Protecting the computation results of free-roaming agents , 1998, Personal Technologies.

[4]  Levente Buttyán,et al.  On the Problem of Trust in Mobile Agent Systems , 1998, NDSS.

[5]  James Riely,et al.  Type-Safe Execution of Mobile Agents in Anonymous Networks , 1998, ECOOP Workshops.

[6]  Antonio Corradi,et al.  Locality abstractions and security models in a mobile agent environment , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[7]  Anand R. Tripathi,et al.  Mobile agent programming in Ajanta , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems (Cat. No.99CB37003).

[8]  Antonio Corradi,et al.  Mobile agents and security: protocols for integrity , 1999, DAIS.

[9]  Bennet S. Yee A Sanctuary for Mobile Agents , 2001, Secure Internet Programming.