Abstract
Mobile agents are programs that travel autonomously through a computer network in order to perform some computation or gather information on behalf of a human user or an application. In the last several years, mobile agents have found numerous applications including e-commerce. In most applications, the security of mobile agents is of the utmost importance. This paper gives an overview of the main security issues related to the mobile agent paradigm. These issues include security threats, requirements, and techniques for keeping the mobile agent platform and the agent itself secure against each other.
Key words
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
J. White, “Mobile Agents White Paper,” General Magic Inc., 1996.
N. Karnik, “Security in Mobile Agent systems,” Ph.D. Dissertation, Department of Computer Science, University of Minnesota, Oct. 1998.
S. Fischmeister, "Building Secure Mobile Agents: The Supervisor-Worker Framework," Diploma Thesis, Technical University of Vienna, Feb. 2000.
W. Jansen and T. Karygiannis, “Mobile Agent Security,” NIST Special Publication 800-19, National Institute of Standard and Technology, 2000.
S. McGrath, D. Chac n, and K. Whitebread, “Intelligent Mobile Agents in Military Command and Control,” Advanced Technology Laboratories, New Jersey.
G. P. Picco, “Mobile Agents: An Introduction”, Journal of Microprocessors and Microsystems, (25):65, 2001.
R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham, “Efficient software-based fault isolation,” In Proceedings of the 14th ACM Symposium on Operating Systems Principles, pages 203–216, Dec. 1993.
D. Rubin and D. E. Geer, "Mobile code security," IEEE Internet Computing, 1998.
D. Chess, J. Morar, “Is Java still secure?,” IBM T.J. Watson Research Center, NY, 1998.
L. Gong, “Java Security Architecture (JDK 1.2),” Technical Report, Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, California 94303, U.S.A, 1998.
Li Gong, ”Secure Java class loading,” IEEE Internet Computing, pages 56–61, 1998.
M. Hauswirth, C. Kerer, and R. Kurmanowytsch, “A secure execution framework for Java,” In Proceedings of the 7th ACM conference on computer and communications security (CCS 2000), pages 43–52, Athens, Greece, Nov. 2000.
L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers, “Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2,” In Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, California, Dec. 1997.
“Signed Code,” (n:d.). Retrieved December 15, 2003, from James Madison University, IT Technical Services Web site: http://www.jmu.edu/computing/infosecurity/engineering/issues/signedcode.shtml
“Introduction to Code Signing,” (n.d.). Retrieved December 15, 2003, from Microsoft Corporation, Microsoft Developer Network (MSDN) Web site: http://msdn.microsoft.com/library/default.asp?url=/workshop/security/authcode/intro_authenticode.asp
Gary McGraw and Edward Felten (1996-9). Securing JAVA [Electronic version], John Wiley and Sons. http://www.securingjava.com/
M. Dageforde. (n.d.). “Security Features Overview,” Retrieved December 21, 2003, from Sun Microsystems, Inc. The JavaTM Tutorial Web site: http://java.sun.com/docs/books/tutorial/security1.2/overview/
R. Levin (1998). “Security Grows Up: The Java 2 Platform,” Retrieved December 21, 2003, from Sun Microsystems, Inc. Sun Developer Network (SDN) Web site: http://java.sun.com/features/1998/11/jdk.security.html
P. Lee and G. Necula, “Research on Proof-Carrying Code on Mobile-Code Security,” In Proceedings of the Workshop on Foundations of Mobile Code Security, 1997.
A. Appel, “Foundational proof-carrying code,” In Proceedings of the 16th Annual Symposium on Logic in Computer Science, pages 247–256. IEEE Computer Society Press, 2001.
S. Loureiro, R. Molva, and Y. Roudier, "Mobile Code Security," Institut Eurecom, 2001.
P. Lee. (n.d.), “Proof-carrying code,” Retrieved December 28, 2003, from Web site: http://www-2.cs.cmu.edu/~petel/papers/pcc/pcc.html
C. Colby, P. Lee, G. Necula, F. Blau, M. Plesko, and K. Cline, “A Certifying Compiler for Java,” SIGPLAN Conference on Programming Language Design and Implementation. Vancouver B.C., 2000.
V. Swarup, “Trust Appraisal and Secure Routing of Mobile Agents,” DARPA Workshop on Foundations for Secure Mobile Code, Monterey, CA, USA, March 1997. Position Paper.
W. M. Farmer, J. D. Guttman, and V. Swarup, “Security for mobile agents: Authentication and state appraisal,” In Proceedings of the European Symposium on Research in Computer Security (ESORICS), pages 118–130, Sep. 1996.
D. Chess, B. Grosof, C. Harrison, D. Levine, C. Parris and G. Tsudik, “Itinerant Agents for Mobile Computing,” Technical Report, Oct. 1995, IBM T.J. Watson Research Center, NY.
J. J. Ordille, “When Agents Roam, who Can You Trust?,” Proceedings of the First Conference on Emerging Technologies and Applications in Communications, Portland, Oregon, May 1996.
V. Roth, “Secure Recording of Itineraries Through Cooperating Agents,” Proceedings of the ECOOP Workshop on Distributed Object Security and 4th Workshop on Mobile Object Systems: Secure Internet Mobile Computations, pages 147–154, INRIA, France, 1998.
V. Roth, “Mutual protection of cooperating agents,” In Secure Internet Programming: Security Issues for Mobile and Distributed Objects. J. Vitek and C. Jensen (Eds.), Springer Verlag, 1999.
Y. Ye and X. Yi, “Coalition Signature Scheme in Multi-agent Systems,” 2002.
G. Vigna, “Cryptographic Traces for Mobile Agents,” in: Giovanni Vigna (Ed.), Mobile Agent Security, LNCS 1419, 1998, Springer, pages 137–153.
H. K. Tan and L. Moreau, “Extending Execution Tracing for Mobile Code Security,” In K. Fischer and D. Hutter (Eds.), Proceedings of Second International Workshop on Security of Mobile MultiAgent Systems (SEMAS'2002), pages 51–59, Bologna, Italy. 2002.
H. K. Tan, L. Moreau, D. Cruickshank, and D. De Roure, “Certificates for Mobile Code Security,” In Proceedings of The 17th ACM Symposium on Applied Computing (SAC'2002) — Track on Agents, Interactions, Mobility and Systems, pages 76. 2002.
J. Riordan and B. Schneier, "Environmental Key Generation Towards Clueless Agents," G. Vinga (Ed.), Mobile Agents and Security, Springer-Verlag, Lecture Notes in Computer Science No. 1419, 1998.
C. Tschudin, “Apoptosis — the programmed death of distributed services,” In Secure Internet Programming [14].
T. Sander and C. Tschudin, "Protecting Mobile Agents Against Malicious Hosts," in G. Vinga (Ed.), Mobile Agents and Security, SpringerVerlag, Lecture Notes in Computer Science No. 1419, 1998.
T. Sander and C. Tschudin, “Towards Mobile Cryptography,” IEEE Symposium on Security and Privacy, pages 215–224, May 1998.
M. Abadi and J. Feigenbau, “Secure circuit evaluation: a protocol based on hiding information from an oracle,” Journal of Cryptology, vol. 2, 1990.
L. D'Anna, B. Matt, A. Reisse, T. Van Vleck, S. Schwab, and P. LeBlanc, “Self-Protecting Mobile Agents Obfuscation Report,” Report #03-015, Network Associates Laboratories, June 2003.
G. Wroblewski, “General Method of Program Code Obfuscation,” PhD Dissertation, Wroclaw University of Technology, Institute of Engineering Cybernetics, 2002, (under final revision).
F. Hohl, “Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts,” To appear in Mobile Agents and Security Book edited by Giovanni Vigna, published by Springer Verlag 1998.
B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang, “On the (Im)possibility of Obfuscating Programs,” in Advances in Cryptology, Proceedings of Crypto'2001, Lecture Notes in Computer Science, Vol. 2139, pages 1–18.
G. Hachez, “A Comparative Study of Software Protection Tools Suited for E-Commerce with Contributions to Software Watermarking and Smart Cards,” Universite Catholique de Louvain, 2003.
C. Collberg, C. Thomborson, and D. Low, “A taxonomy of obfuscating transformations,” Technical Report 148, Department of Computer Science, University of Auckland, July 1997.
A. Young and M. Yung, “Encryption Tools for Mobile Agents: Sliding Encryption,” In: E. BIHAM (ed). Fast Software Encryption. Lecture Notes in Computer Science, no. 1267. Springer-Verlag, Germany, 1997.
G. Karjoth and J. Posegga, “Mobile Agents and Telcos' Nightmares,” Annales des Télécommunications Vol. 55, No. 7/8, 29–41, 2000.
B. Yee, “A Sanctuary for Mobile Agents,” DARPA Workshop on Foundations for Secure Mobile Code, Feb. 1997.
G. Karjoth, N. Asokan, and C. Glc, “Protecting the Computation Results of Free-Roaming Agents,” Second International Workshop on Mobile Agents, Stuttgart, Germany, Sep. 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Alfalayleh, M., Brankovic, L. (2005). An Overview of Security Issues and Techniques in Mobile Agents. In: Chadwick, D., Preneel, B. (eds) Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 175. Springer, Boston, MA. https://doi.org/10.1007/0-387-24486-7_5
Download citation
DOI: https://doi.org/10.1007/0-387-24486-7_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24485-3
Online ISBN: 978-0-387-24486-0
eBook Packages: Computer ScienceComputer Science (R0)