A security scheme for Aglets

Aglets, a framework and runtime platform for mobile agents developed by the IBM Tokyo Research Laboratory, is an advanced system of mobile agents written in Java, and is already used in some commercial applications. Using mobile agent technologies provides potential benefits to applications, but they also pose security threats to those applications. These threats not only come as malicious agents, but also in the form of malicious hosts. In this paper we introduce security features against these threats. Access control and message protection can prevent attacks by malicious agents. Server authentication allows agents to avoid movement to malicious hosts and blocks suspicious agents coming from malicious hosts. Copyright © 2002 John Wiley & Sons, Ltd.

[1]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[2]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[3]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[4]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .

[5]  Daniel M. Zimmerman,et al.  benefits and drawbacks of current Java mobile agent systems , 1997 .

[6]  Munindar P. Singh,et al.  Agents on the Web: Mobile Agents , 1997, IEEE Internet Comput..

[7]  Andrew Herbert,et al.  A Mobile Object Workbench , 1998, Mobile Agents.

[8]  Jan Vitek,et al.  The JavaSeal Mobile Agent Kernel , 1999, Proceedings. First and Third International Symposium on Agent Systems Applications, and Mobile Agents.

[9]  Jan Vitek,et al.  Seal: A Framework for Secure Mobile Computations , 1998, ICCL Workshop: Internet Programming Languages.

[10]  Larry Hughes Actually Useful Internet Security Techniques , 1995 .

[11]  Giovanni Vigna,et al.  Mobile Agents and Security , 1998, Lecture Notes in Computer Science.

[12]  Aaron Kershenbaum,et al.  Mobile Agents: Are They a Good Idea? , 1996, Mobile Object Systems.

[13]  Danny B. Lange,et al.  Seven good reasons for mobile agents , 1999, CACM.

[14]  Mitsuru Oshima,et al.  Infrastructure for Mobile Agents: Requirements and Design , 1998, Mobile Agents.

[15]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[16]  Gene Tsudik,et al.  Itinerant Agents for Mobile Computing , 1995, IEEE Communications Surveys & Tutorials.

[17]  David Wong,et al.  Concordia: An Infrastructure for Collaborating Mobile Agents , 1997, Mobile Agents.

[18]  Günter Karjoth,et al.  Secure Mobile Agent-Based Merchant Brokering in Distributed Marketplaces , 2000, ASA/MA.

[19]  Jeffrey M. Bradshaw,et al.  Software agents , 1997 .

[20]  Luís Valente,et al.  Mobile agent security and Telescript , 1996, COMPCON '96. Technologies for the Information Superhighway Digest of Papers.

[21]  George Cybenko,et al.  AGENT TCL: Targeting the Needs of Mobile Computers , 1997, IEEE Internet Comput..

[22]  Deyu Hu,et al.  J-Kernel: A Capability-Based Operating System for Java , 2001, Secure Internet Programming.

[23]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[24]  Kazuya Kosaka,et al.  The Aglets project , 1999, CACM.

[25]  Ichiro Satoh MobiDoc: A Framework for Building Mobile Compound Documents from Hierarchical Mobile Agents , 2000, ASA/MA.

[26]  Yuichi Nakamura,et al.  Architecture and performance evaluation of a massive multi-agent system , 1999, AGENTS '99.