Evaluating the Security of Three Java-Based Mobile Agent Systems

  • Sebastian Fischmeister
  • Giovanni Vigna
  • Richard A. Kemmerer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2240)


The goal of mobile agent systems is to provide a distributed computing infrastructure supporting applications whose components can move between different execution environments. The design and implementation of mechanisms to relocate computations requires a careful assessment of security issues. If these issues are not addressed properly, mobile agent technology cannot be used to implement real-world applications. This paper describes the initial steps of a research effort to design and implement security middleware for mobile code systems in general and mobile agent systems in particular. This initial phase focused on understanding and evaluating the security mechanisms of existing mobile agent systems. The evaluation was performed by deploying several mobile agents systems in a testbed network, implementing attacks on the systems, and evaluating the results. The long term goal for this research is to develop guidelines for the security analysis of mobile agent systems and to determine if existing systems provide the security abstractions and mechanisms needed to develop real-world applications.


Mobile agent systems computer security security testing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Grasshopper. WWW Site.
  2. 2.
    IBM AgletWorkbench. WWW Site.
  3. 3.
    IKV++. WWW Site.
  4. 4.
    Jumping Beans. WWW Site.
  5. 5.
    AdAstra. Jumping Beans White Paper. Technical report, AdAstra Engineering, Inc., Sunnyvale, CA, April 27 1999.Google Scholar
  6. 6.
    D. Dean, E. Felten, and D. Wallach. Java Security: From HotJava to Netscape and Beyond. In Proc. of the 1996 IEEE Symp. on Security and Privacy, Oakland, Cal., May 1996.Google Scholar
  7. 7.
    A. Fuggetta, G.P. Picco, and G. Vigna. Understanding Code Mobility. IEEE Transactions on Software Engineering, 24(5):342–361, May 1998.CrossRefGoogle Scholar
  8. 8.
    R.S. Gray, D. Kotz, G. Cybenko, and D. Rus. D’Agents: Security in Multiple-Language, Mobile-Agent System. In G. Vigna, editor, Mobile Agents and Security, volume 1419 of LNCS. Springer, 1998.CrossRefGoogle Scholar
  9. 9.
    G. Karjoth, D. Lange, and M. Oshima. A Security Model For Aglets. IEEE Int. Comp., pages 68–77, July 1997.Google Scholar
  10. 10.
    OMG. MASIF-Mobile Agent System Interoperability Facility. Draft, October 3 1998.Google Scholar
  11. 11.
    M. Oshima, G. Karjoth, and K. Ono. Aglets Specification 1.1 Draft. Whitepaper Draft 0.65, Sept. 8 1998.Google Scholar
  12. 12.
    J. Ousterhout, J. Levy, and B. Welch. The Safe-Tcl Security Model. In G. Vigna, editor, Mobile Agents and Security, volume 1419 of LNCS. Springer, 1998.CrossRefGoogle Scholar
  13. 13.
    JamesW. Stamos and David K. Gifford. Implementing Remote Evaluation. IEEE Trans. on Soft. Eng., 16(7):710–722, July 1990.CrossRefGoogle Scholar
  14. 14.
    G. Vigna. Mobile Code Technologies, Paradigms, and Applications. PhD thesis, Politecnico di Milano, 1997.Google Scholar
  15. 15.
    G. Vigna, editor. Mobile Agents and Security, volume 1419 of LNCS. Springer, 1998.Google Scholar
  16. 16.
    J. Vitek, M. Serrano, and D. Thanos. Security and Communications in Mobile Object Systems. In J. Vitek and C. Tschudin, editors, Mobile Object Systems: Towards the Programmable Internet, LNCS 1222. Springer-Verlag, April 1997.Google Scholar
  17. 17.
    J.E. White. Telescript Technology: Mobile Agents. In J. Bradshaw, editor, Software Agents. AAAI Press/MIT Press, 1996.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Sebastian Fischmeister
    • 1
  • Giovanni Vigna
    • 1
  • Richard A. Kemmerer
    • 1
  1. 1.Department of Computer ScienceUniversity of California Santa BarbaraUSA

Personalised recommendations