Integrating Java-based mobile agents into Web servers under security concerns

The paper describes a system architecture which offers the ability to host mobile agents (so-called Web-agents) on a Web server. This is done by a special server extension module called 'server agent environment' (SAE). The agents may access local data of the Web server and may communicate with other Web-agents or with human users. The paper discusses the different security issues that arise in such a system and shows how the author addresses the problems. Concerning system and network security, they present a solution based on security packages, protection domains, and agent capabilities. This provides a flexible way to restrict an agent's possibility to access the local server data or access the network. Since they also aim at providing the SAE as a plug-in for other Web servers, they show how this is supported by the system architecture.

[1]  William M. Farmer,et al.  Security for Mobile Agents: Issues and Requirements , 1996 .

[2]  Joel H. Saltz,et al.  Network-aware mobile programs , 1997 .

[3]  Stefan Fünfrocken,et al.  How to Integrate Mobile Agents into Web Servers , 1997, WETICE.

[4]  Fritz Hohl,et al.  Konzeption eines einfachen Agentensystems und Implementation eines Prototyps , 1995 .

[5]  西 和人,et al.  MIME(Multipurpose Internet Mail Extensions)について , 1993 .

[6]  Nancy G. Leveson,et al.  Software safety in embedded computer systems , 1991, CACM.

[7]  Oswald Drobnik,et al.  An HTTP-Based Infrastructure for Mobile Agents , 1995, World Wide Web J..

[8]  Daniel M. Zimmerman,et al.  benefits and drawbacks of current Java mobile agent systems , 1997 .

[9]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[10]  Hartmut Vogler,et al.  An approach for mobile agent security and fault tolerance using distributed transactions , 1997, Proceedings 1997 International Conference on Parallel and Distributed Systems.

[11]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[12]  Robert S. Gray,et al.  Agent Tcl: a Exible and Secure Mobile-agent System , 1996 .

[13]  Nancy G. Leveson,et al.  Software safety , 1982, ACM SIGSOFT Softw. Eng. Notes.

[14]  S. Funfrocken,et al.  How to integrate mobile agents into Web servers , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[15]  Nathaniel S. Borenstein,et al.  EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail , 1994, ULPAA.

[16]  Holger Peine,et al.  The Architecture of the Ara Platform for Mobile Agents , 1999, Mobile Agents.

[17]  Li Gong,et al.  New security architectural directions for Java , 1997, COMPCON.

[18]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[19]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[20]  Fritz Hohl An Approach to Solve the Problem of Malicious Hosts , 1998 .

[21]  Ian Joyner,et al.  C + + ? ? A Critique of C + + and Programming and Language Trends of the 1990 s 3 rd Edition , 1996 .

[22]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.