Secure mobile agent systems using Java: where are we heading?

Java is the predominant language for mobile agent systems, both for implementing mobile agent execution environments and for writing mobile agent applications. This is due to inherent support for code mobility by means of dynamic class loading and separable class name spaces, as well as a number of security properties, such as language safety and access control by means of stack introspection. However, serious questions must be raised whether Java is actually up to the task of providing a secure execution environment for mobile agents. At the time of writing, it has neither resource control nor proper application separation. In this article we take an in-depth look at Java as a foundation for secure mobile agent systems.

[1]  Wilson C. Hsieh,et al.  Drawing the red line in Java , 1999, Proceedings of the Seventh Workshop on Hot Topics in Operating Systems.

[2]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[3]  James Gosling,et al.  The Real-Time Specification for Java , 2000, Computer.

[4]  Jan Vitek,et al.  The JavaSeal Mobile Agent Kernel , 1999, Proceedings. First and Third International Symposium on Agent Systems Applications, and Mobile Agents.

[5]  Mourad Debbabi,et al.  On object initialization in the Java bytecode , 2000, Comput. Commun..

[6]  Walter Binder,et al.  Portable resource control in Java , 2001, OOPSLA '01.

[7]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[8]  Walter Binder Design and implementation of the J-SEAL2 mobile agent kernel , 2001, Proceedings 2001 Symposium on Applications and the Internet.

[9]  Michael Franz,et al.  Slim binaries , 1997, CACM.