Security in Mobile Agent Systems

Date of Submission: 
October 19, 1998
Report Number: 
A mobile agent is a program that represents a user in a computer network, and is capable of migrating autonomously from machine to machine performing computations on behalf of the user. The mobile agent paradigm is inherently well-suited for programming several classes of distributed applications, especially those running on the internet. However, it has thus far been hampered by serious security concerns. This dissertation identifies the research challenges in providing security for mobile agent systems. It discusses the design and development of mobile agent programming infrastructure that incorporates a security architecture to address these challenges. The Ajanta system, which embodies this design, is desbribed in detail. Generic agent servers in Ajanta are capable of hosting and executing mobile agents, and securely isolating them within protection domains. Code and state can be transferred from server to server, to enable agents to migrate freely to any server on the network. All entities in the sytem are assigned global, location-independent names, and a name service is provided for translating these into location-specific identifiers. A public-key distribution infrastructure is integrated into the name service. Ajanta builds upon the Java programming environment and uses public-key cryptographic algorithms to provide several security mechanisms, such as authentication of entities in the system, secure agent transfer, protected resource binding for agents with dynamic, fine-grain access control, secure inter-agent communications, protection of agent state against tampering, etc. Applications can remotely check on the status of their agents, and issue control commands to them. To facilitate the assignment of itineraries to agents, a set of itinerary patters are available. Complex agent itineraries can be built by composing these patterns. Two applications built on top of Ajanta are also described, to demonstrate the utility of its programming abstractions and its security mechanisms