A Priviledge Management Scheme for Mobile Agent Systems

In this paper, we describe a general method for controlling the behavior of mobile agent-system entities through the allocation of privileges. Privileges refer to policy rules that govern the access and use of computational resources and services. The scheme is based on the capability of most mobile agent systems to extend the platform processing environment and the use of two forms of privilege management certificates: attribute certificates and policy certificates. Privilege management certificates are digitally signed objects that allow various policy-setting principals to govern the activities of mobile agents through selective privilege assignment. This approach overcomes a number of problems in existing agent systems and provides a means for attaining improved interoperability of agent systems designed and implemented independently by different manufacturers. We also describe applying the scheme to Java-based agent systems.

[1]  T. Koch,et al.  Policy definition language for automated management of distributed systems , 1996, Proceedings of IEEE International Workshop on System Management.

[2]  Robert Cole,et al.  Computer Communications , 1982, Springer New York.

[3]  Charles Lynn,et al.  Security policy specification language , 1998 .

[4]  Rajesh Raman,et al.  Matchmaking: distributed resource management for high throughput computing , 1998, Proceedings. The Seventh International Symposium on High Performance Distributed Computing (Cat. No.98TB100244).

[5]  William E. Johnston,et al.  Anchor Toolkit - a secure mobile agent system , 1999 .

[6]  Wayne A. Jansen,et al.  Countermeasures for mobile agent security , 2000, Comput. Commun..

[7]  Pekka Nikander,et al.  Distributed Policy Management for JDK 1.2 , 1999, NDSS.

[8]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..

[9]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[10]  Jeffrey M. Bradshaw,et al.  NOMADS: toward a strong and safe mobile agent system , 2000, AGENTS '00.

[11]  Paul R. Ashley Authorization For a Large Heterogeneous Multi-Domain System , 1997 .

[12]  William M. Farmer,et al.  Security for Mobile Agents: Authentication and State Appraisal , 1996, ESORICS.