Evaluating the Security of Three Java-Based Mobile Agent Systems

The goal of mobile agent systems is to provide a distributed computing infrastructure supporting applications whose components can move between different execution environments. The design and implementation of mechanisms to relocate computations requires a careful assessment of security issues. If these issues are not addressed properly, mobile agent technology cannot be used to implement real-world applications. This paper describes the initial steps of a research effort to design and implement security middleware for mobile code systems in general and mobile agent systems in particular. This initial phase focused on understanding and evaluating the security mechanisms of existing mobile agent systems. The evaluation was performed by deploying several mobile agents systems in a testbed network, implementing attacks on the systems, and evaluating the results. The long term goal for this research is to develop guidelines for the security analysis of mobile agent systems and to determine if existing systems provide the security abstractions and mechanisms needed to develop real-world applications.

[1]  George Cybenko,et al.  D'Agents: Security in a Multiple-Language, Mobile-Agent System , 1998, Mobile Agents and Security.

[2]  J. Davenport Editor , 1960 .

[3]  J. C. Byington,et al.  Mobile agents and security , 1998, IEEE Commun. Mag..

[4]  Gian Pietro Picco,et al.  Understanding code mobility , 1998, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[5]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  Jan Vitek,et al.  Mobile Object Systems Towards the Programmable Internet , 1996, Lecture Notes in Computer Science.

[7]  Jan Vitek,et al.  Security and Communication in Mobile Object Systems , 1996, Mobile Object Systems.

[8]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[9]  Jim White,et al.  Telescript technology: mobile agent , 1999 .

[10]  David K. Gifford,et al.  Implementing Remote Evaluation , 1990, IEEE Trans. Software Eng..

[11]  John K. Ousterhout,et al.  The Safe-Tcl Security Model , 1998, USENIX Annual Technical Conference.