On the Robustness of some Cryptographic Protocols for Mobile Agent Protection
|
| Volker Roth - Fraunhofer Institut fuer Graphische Datenverarbeitung |
| Mobile agent security is still a young discipline and most naturally, the focus up to the time of writing was on inventing new cryptographic protocols for securing various aspects of mobile agents. However, past
experience shows that protocols can be flawed, and flaws in protocols can remain
unnoticed for a long period of time. The game of breaking and fixing protocols is a necessary evolutionary process that leads to a better understanding of the underlying problems and ultimately to more robust and secure systems. Although, to the best of our knowledge, little work has been published on breaking protocols for mobile agents, it is inconceivable that the multitude of protocols proposed so far are all flawless. As it turns out, the opposite is true. We identify flaws in protocols proposed by Corradi et al., Karjoth et al., and Karnik et al., including protocols based on secure co-processors. |
| |
Trust Relationships in a Mobile Agent System
|
Hock Kim Tan - University of Southampton, Southampton SO17 1BJ UK
Luc Moreau - University of Southampton, Southampton SO17 1BJ UK |
| The notion of trust is presented as an
important component in a security infrastructure for mobile agents. A trust
model that can be used in tackling the aspect of protecting mobile agents
from hostile platforms is proposed. We define several trust relationships
in our model, and present a trust derivation algorithm that can be used to
infer new relationships from existing ones. An example of how such a model
can be utilized in a practical system is provided. |
| |
Evaluating The Security of Mobile Agent Systems
|
Sebastian Fischmeister - University of California Santa Barbara
Giovanni Vigna - University of California Santa Barbara
Richard A. Kemmerer - University of California Santa Barbara |
| The goal of mobile agent systems is to provide a distributed computing infrastructure supporting applications whose components can move between different execution environments. The design and implementation
of mechanisms to relocate computations requires a careful assessment of security
issues. If these issues are not addressed properly, mobile agent technology cannot be used to implement real-world applications. This paper describes the initial steps of a research effort to design and implement security middleware for mobile code systems in general and mobile agent systems in particular. This initial phase focused on understanding and evaluating the
security mechanisms of existing mobile agent systems. The evaluation was performed by deploying several mobile agents systems in a testbed network, implementing attacks on the systems, and evaluating the results. The long term goal for this research is to develop guidelines for the security analysis of mobile agent systems and to determine if existing systems provide the security abstractions and mechanisms needed to develop real-world applications. |
| |
Formal specification and verification of mobile agent data integrity properties: a case study
|
Xavier Hannotin - Politecnico di Torino
Paolo Maggi - Politecnico di Torino
Riccardo Sisto - Politecnico di Torino |
| The aim of the work presented in this paper is to check cryptographic protocols for mobile agents against both network intruders and malicious hosts using formal methods. We focus attention on data integrity properties and show how the techniques used for classical message-based protocols such as authentication protocols can be applied to mobile agent systems as well. To illustrate our approach, we use a case study taken from the literature and show how it can be specified and verified using some currently available tools. |
| |
Lime Revisited
|
Bogdan Carbunar - Purdue
Marco Tulio Valente - Purdue
Jan Vitek - Purdue |
| Lime is a middleware communication infrastructure for mobile computation that addresses physical mobility of devices and logical mobility of software components through a rich set of local and remote primitives. The system's key innovation is the concept of \emph{transiently shared tuple spaces}. In Lime, mobile programs are equipped with tuple spaces that move whenever the program moves and are transparently shared with tuple spaces of other co-located programs. The Lime specification is surprisingly complex and tricky to implement. In this paper, we start by deconstructing the Lime model to identify its core components, then we attempt to reconstruct a simpler model, which we call CoreLime, that supports fine-grained access control and can better scale to large configurations. |
| |
Dynamic Adaptation of Mobile Agent in Heterogeneous
Environments
|
Raimund Brandt - skyguide
Helmut Reiser - University of Munich |
Mobile agents must be prepared to execute on different hosts and therefore in different execution environments. Even when a homogenous execution environment is offered by abstracting the underlying heterogeneity, there are scenarios like IT-management, where mobile agents are forced to contain environment dependent implementations. The aim of this work is to equip mobile agents with a flexible capacity to adapt to a range of different environments on demand.
We discuss different forms of adaptation and draw a distinction between static and continuous forms. Our solution for dynamic adaptation provides a concept for exchanging environment dependent implementation of mobile agents during runtime. Dynamic adaptation enhances
efficiency of mobile code in terms of bandwidth and scalability. |
| |
Fast File Access for Fast Agents
|
Eugene Gendelman - University of California, Irvine
Lubomir Bic - University of California, Irvine
Michael Dillencourt - University of California, Irvine |
| Mobile agents are a powerful tool for coordinating general purpose
distributed computing, where the main goal is high performance. In this paper
we demonstrate how the inherent mobility of agents may be exploited to
achieve fast file access, which is necessary for most general-purpose applications.
We present a file system for mobile agents based exclusively on local disks
of the participating workstations. The mobility of agents allows us to make
all file operations local, which significantly reduces access time. We
also demonstrate how code files and special system files can be handled
efficiently in a local-disk-based environment. |
| |
Flying Emulator: Rapid Building and Testing of Networked Applications for Mobile Computers
|
| Ichiro Satoh - National Institute of Informatics |
| This paper presents a mobile-agent framework for building and testing mobile computing applications. When a portable computing device is moved into and attached to a new network, the proper functioning of an application running on the device often depends on the resources and services provided locally in the current network. To solve this problem, this framework provides an application-level emulator of portable computing devices. Since the emulator is constructed as a mobile agent, it can carry target applications across networks on behalf of a device, and it allows the applications to connect to local servers in its current network in the same way as if they were moved with and executed on the device itself. This paper also demonstrates the utility of this framework by describing the development of typical location-dependent applications in mobile computing settings. |
| |
Crawlets: Agents for High Performance Web Search Engines
|
Prasannaa Thati - University Of Illinois at Urbana Champaign
Po-Hao Chang - University Of Illinois at Urbana Champaign
Gul Agha - University Of Illinois at Urbana Champaign |
| Some of the reasons for unsatisfactory performance of today's search engines are their centralized approach to web crawling and lack of explicit support from web servers. We propose a modification to conventional crawling in which a search engine uploads simple agents, called crawlets, to web sites. A crawlet crawls pages at a site locally and sends a compact summary back to the search engine. This not only reduces bandwidth requirements and network latencies, but also parallelizes crawling. Crawlets also provide an effective means for achieving the performance gains of personalized web servers, and can make up for the lack of cooperation from conventional web servers. The specialized nature of crawlets allows simple solutions to security and resource control problems, and reduces software requirements at participating web sites. In fact, we propose an implementation that requires no changes to web servers, but only the installation of a few (active) web pages at host sites. |
| |
An Efficient Mailbox-Based Algorithm for Message Delivery in Mobile Agent Systems
|
Xinyu Feng - Nanjing University
Jiannong Cao - Hong Kong Polytechnic University
Jian Lu - Nanjing University
Henry Chan - Hong Kong Polytechnic University |
| Agent mobility presents challenges to the design of efficient message transport protocols for mobile agent communications. A practical mobile agent communication protocol should provide location transparency to the programmer and thus need to keep track of the movement of an agent. In addition, because of the asynchronous nature of message passing and agent migration, how to guarantee the delivery of messages to highly mobile agents is still an active research topic in mobile agent systems. In this paper we propose an efficient mailbox-based algorithm
for inter-mobile agent communications. The algorithm decentralizes the role of the
origin (home) host in locating an agent. Furthermore, by separating the mailbox from its owner agent, the algorithm can be made adaptive and is efficient in terms of location updating and message delivery. In the cases that mobile agents migrate frequently but seldom communicate, our algorithm turns out to be preferable. |
| |
Using Predicates for Specifying Targets of Migration and Messages in a Peer-to-Peer Mobile Agent Environment
|
Klaus Haller - Swiss Federal Institute of Technology (ETH)
Heiko Schuldt - Swiss Federal Institute of Technology (ETH) |
| Mobile agent systems are a powerful approach to develop
distributed applications since they migrate to hosts on which they have the resources to execute individual
tasks. Existing mobile agent systems require detailed knowledge about these hosts at the time of coding.
This assumption is not acceptable in a dynamic environment like a peer-to-peer network, where hosts and, as
a consequence, also agents become repeatedly connected and disconnected. To this end, we propose
a predicate-based approach allowing the specification of hosts an agent has to migrate to. With
this highly flexible approach, termed P2PMobileAgents, we combine the benefits of execution
location transparency with those of code mobility. Similarly, also the recipients of messages can be specified
by predicates, e.g. for synchronization purposes. For providing meta information about agents
and hosts we use XML documents. |
| |
A Scalable and Secure Global Tracking Service for Mobile Agents
|
Volker Roth - Fraunhofer IGD
Jan Peters - Fraunhofer IGD |
| In this paper, we propose a global tracking service for mobile agents, which is scalable to the Internet and accounts for security issues as well as the particularities of mobile agents (frequent changes in locations). The protocols we propose address agent impersonation, malicious
location updates, as well as security issues that arise from profiling location servers, and threaten the privacy of agent owners. We also describe the general framework of our tracking service, and some evaluation results of the reference implementation we made. |
| |
Translating Strong Mobility into Weak Mobility
|
Lorenzo Bettini - Dipartimento di Sistemi e Informatica, Universita' di Firenze
Rocco De Nicola - Dipartimento di Sistemi e Informatica, Universita' di Firenze |
Mobile agents are software objects that can be transmitted over the net together with data and code, or can autonomously migrate to a remote computer and execute automatically on arrival. However many frameworks and languages for mobile agents only provide weak mobility: agents do not resume their execution from the instruction following the migration action, instead they are always restarted from a given point.
In this paper we present a purely syntactic translation process for transforming programs that use strong mobility into programs that rely only on weak mobility, while preserving the original semantics. This transformation applies to programs written in a procedural language and can be adapted to other languages, like Java, that provide means to send data and code, but not the execution state. It has actually been exploited for implementing our language for mobile agents X-Klaim, that has linguistic constructs for strong mobility. |
| |
Transparent Migration of Mobile Agents Using the Java Platform Debugger Architecture
|
Torsten Illmann - University of Ulm, Dep. of Multimedia Computing
Tilman Krueger - University of Ulm, Dep. of Multimedia Computing
Frank Kargl - University of Ulm, Dep. of Multimedia Computing
Michael Weber - University of Ulm, Dep. of Multimedia Computing |
| In this paper we describe a transparent migration of mobile agents in
Java using the Java Platform Debugger Architecture (JPDA). The JPDA allows debuggers to access and modify
runtime information of running Java applications. In the context of mobile agents, the JPDA can be used to
capture and restore the state of a running program. Since JPDA does not support to set the program counter, we
introduce two different solutions to solve this. We either slightly modify the virtual machine or instrument some bytecode instructions. Finally we measure the produced overhead in code and time compared to normal execution and
other approaches addressing this problem. Altogether, we show that developing Java-based mobile agents with
a transparent migration can be performed nearly without changing the source code, the byte code or
the interpreter. |
| |
Portable Resource Reification in Java-based Mobile Agent Systems
|
Alex Villazsn - University of Geneva, Switzerland
Walter Binder - CoCo Software Engineering GmbH, Austria |
Resource awareness is an important step towards the realization of adaptable software, something which is particularly desirable in the context of mobile code and mobile agent environments. Since resources (CPU, memory, network bandwidth, etc.) are not available and manipulable as first-class entities in standard programming models, such as in the Java language, some kind of reification seems indispensable.
This is however difficult to achieve, especially if portability is a requirement. In this paper we describe a mobile agent execution environment that reifies several aspects of both the execution environment itself and of the mobile agents it hosts. We explain how resources consumed by an agent are reified directly from the agent code. Performance measurements show that our approach incurs only moderate overhead. |
| |
Mobile-Agent versus Client/Server Performance: Scalability in an Information-Retrieval Task
|
Robert S. Gray - Dartmouth College
David Kotz - Dartmouth College
Ronald A. Peterson - Dartmouth College
Joyce Barton - Lockheed-Martin Advanced Technology Lab
Daria Chacon - Lockheed-Martin Advanced Technology Lab
Peter Gerken - Lockheed-Martin Advanced Technology Lab |
| Building applications with mobile agents often reduces the bandwidth required for the application, and improves performance. The cost is increased server workload. There are, however, few studies of the scalability of mobile-agent systems. We present scalability experiments that compare four mobile-agent platforms with a traditional client/server approach. The four mobile-agent platforms have similar behavior, but their absolute performance varies with underlying implementation choices. Our experiments demonstrate the complex interaction between environmental, application, and system parameters. |
| |
Performance Evaluation of Mobile-Agent Middleware: A Hierarchical Approach
|
Marios Dikaiakos - University of Cyprus
Melinos Kyriakou - University of Cyprus
George Samaras - University of Cyprus |
| In this paper, we introduce a hierarchical framework for the quantitative performance evaluation of mobile-agent middleware platforms. This framework is established upon an abstraction of the typical structure of mobile-agent systems and is implemented through a set of benchmarks, metrics, and experimental parameters. We implement these benchmarks on three mobile agent platforms (Aglets, Concordia and Voyager) and run numerous experiments to validate our framework and compare the mobile-agent middleware environments quantitatively. We present results collected from our experiments, which help us understand MA performance and identify existing bottlenecks. Our results can be used to guide the improvement of existing platforms, the performance analysis of other systems, and the performance prediction of MA applications. |
| |
Scheduling Multi-Task Agents
|
Rong Xie - Dept. of Computer Science, Dartmouth College
Daniela Rus - Dept. of Computer Science, Dartmouth College
Cliff Stein - Dept. of IEOR, Columbia University |
| We present a centralized and a distributed algorithm for scheduling multi-task
agents in a distributed system with the objective of minimizing the
overall application completion time. Each agent consists of multiple tasks that can
be executed on multiple machines which correspond to resources. The
machine speeds and link transfer rates are heterogeneous. Our centralized
algorithm has an upper bound on the overall completion time and is used as a module
in the distributed algorithm. Extensive simulations show promising results of
the algorithms, especially for scheduling communication-intensive
multi-task agents. |