Privilege Management of Mobile Agents

Most mobile agent systems use internal data structures within an agent to control and specify its security requirements and properties. These structures typically contain authorization information regarding access to computational resources on distributed systems and conceptually serve as an internal passport for the agent. While these structures are often very similar semantically, they differ greatly in their implementation, depending to a large extent on the mechanisms used to protect their contents. This paper considers a general scheme for managing privileges using attribute certificates. An attribute certificate can be viewed as an external, digitally signed agent passport, which allows greater flexibility in meeting the needs of an application and overlaying a suitable management scheme. The paper presents the benefits of this approach and gives an example of how an agent system could be enhanced with this mechanism.

[1]  William M. Farmer,et al.  Security for Mobile Agents: Authentication and State Appraisal , 1996, ESORICS.

[2]  William Johnston William Johnston , 1974, Lancet.

[3]  William E. Johnston,et al.  Anchor Toolkit - a secure mobile agent system , 1999 .

[4]  Luís Valente,et al.  Mobile agent security and Telescript , 1996, COMPCON '96. Technologies for the Information Superhighway Digest of Papers.

[5]  T. Koch,et al.  Policy definition language for automated management of distributed systems , 1996, Proceedings of IEEE International Workshop on System Management.

[6]  Holger Peine,et al.  Security concepts and implementation in the Ara mobile agent system , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[7]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[8]  Jeffrey M. Bradshaw,et al.  NOMADS: toward a strong and safe mobile agent system , 2000, AGENTS '00.

[9]  Rajesh Raman,et al.  Matchmaking: distributed resource management for high throughput computing , 1998, Proceedings. The Seventh International Symposium on High Performance Distributed Computing (Cat. No.98TB100244).

[10]  Charles Lynn,et al.  Security policy specification language , 1998 .

[11]  Paul R. Ashley Authorization For a Large Heterogeneous Multi-Domain System , 1997 .

[12]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[13]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .