|
Welcome to John's Home Pages |
||
| Mobile
Agent Security
Introduction
|
The Mobile Agent
paradigm arose as an extension of the Remote Evaluation paradigm proposed
by Stamos and Gifford
in 1990. The difference between the two paradigms is
that Mobile Agents have the privilege of halting in mid-execution and
migrating to alternate systems (servers). On arriving at the next
server, they can can resume their execution from where they left off
and continue until the favourable conditions exist. This feature is useful
in a distributed computing scenario wherein bandwidth and system resources
are available at a premium. Thus, mobile agent based applications are fast
gaining popularity in the evolution of pervasive scenarios.
One of the early mobile agent based systems with a commercial focus was Telescript (White, 1994). This system was marketed by General Magic and was later made apart of the Tabriz web server project. Even though it was a commercial failure and was withdrawn from the market, it provided sufficient encouragement for agent developers to further refine the technology and paved the way for the development of other mobile agent systems. Scripting languages like TCL (Ousterhout et al, 1997) were used for the creation of AgentTCL, now known as D'Agents (Gray, 1995). The advantage of platform independence and portability allowed Java (Gosling & McGilton, 1996) to play a major role in the evolution of several agent systems. In our experiments, we are currently using the Grasshopper, a Java based agent system from IKV technologies. These agent systems have allowed the creation of several agent based applications and several others are on the anvil. This is a good indication that agent paradigm is here to stay and will play a defining role in shaping tomorrows pervasively dynamic world. While several definitions have been attempted to explain the motivation behind this paradigm, Franklin and Graesser's definition of 1996 states that "An autonomous agent is a system situated within and a part of an environment that senses that environment and acts on it, over time, in pursuit of its own agenda and so as to effect what it senses in the future." This definition highlights an important aspect of agents and that is its autonomy. Agents, especially mobile agents subscribe heavily to autonomy and intelligence and in most agent systems these two features define the agent capabilities. It is also responsible for defining the level of mobility that a mobile agent system might require. An agent system intended to be highly mobile will support several protocols which will enable it to transmit itself over the network. While the advantage of mobility in the agent paradigm helps e-commerce application developers in reaching a large section of mobile clientele, it also opens the system and makes it vulnerable to attacks by malicious entities. This drawback has far reaching implications for a trust based paradigm like the agent paradigm and is a hindrance in its acceptance and uniform spread. While agent developers have analysed and examined the problem in several ways, the fact remains that an agent is a vulnerable entity and is open to malicious attacks from several quarters. This PhD project will focus on examining the conditions under which these vulnerabilities are created and develop security implementations which will aid in controlling risk and mitigating the threat posed by malicious entities. |