Evaluating the Security of Three Java-Based Mobile Agent Systems
The goal of mobile agent systems is to provide a distributed computing infrastructure supporting applications whose components can move between different execution environments. The design and implementation of mechanisms to relocate computations requires a careful assessment of security issues. If these issues are not addressed properly, mobile agent technology cannot be used to implement real-world applications. This paper describes the initial steps of a research effort to design and implement security middleware for mobile code systems in general and mobile agent systems in particular. This initial phase focused on understanding and evaluating the security mechanisms of existing mobile agent systems. The evaluation was performed by deploying several mobile agents systems in a testbed network, implementing attacks on the systems, and evaluating the results. The long term goal for this research is to develop guidelines for the security analysis of mobile agent systems and to determine if existing systems provide the security abstractions and mechanisms needed to develop real-world applications.
KeywordsMobile agent systems computer security security testing
Unable to display preview. Download preview PDF.
- 1.Grasshopper. WWW Site. http://www.grasshopper.de.
- 2.IBM AgletWorkbench. WWW Site. http://www.trl.ibm.co.jp/aglets/.
- 3.IKV++. WWW Site. http://www.ikv.de.
- 4.Jumping Beans. WWW Site. http://www.jumpingbeans.com.
- 5.AdAstra. Jumping Beans White Paper. Technical report, AdAstra Engineering, Inc., Sunnyvale, CA, April 27 1999.Google Scholar
- 6.D. Dean, E. Felten, and D. Wallach. Java Security: From HotJava to Netscape and Beyond. In Proc. of the 1996 IEEE Symp. on Security and Privacy, Oakland, Cal., May 1996.Google Scholar
- 9.G. Karjoth, D. Lange, and M. Oshima. A Security Model For Aglets. IEEE Int. Comp., pages 68–77, July 1997.Google Scholar
- 10.OMG. MASIF-Mobile Agent System Interoperability Facility. Draft, October 3 1998.Google Scholar
- 11.M. Oshima, G. Karjoth, and K. Ono. Aglets Specification 1.1 Draft. Whitepaper Draft 0.65, Sept. 8 1998.Google Scholar
- 14.G. Vigna. Mobile Code Technologies, Paradigms, and Applications. PhD thesis, Politecnico di Milano, 1997.Google Scholar
- 15.G. Vigna, editor. Mobile Agents and Security, volume 1419 of LNCS. Springer, 1998.Google Scholar
- 16.J. Vitek, M. Serrano, and D. Thanos. Security and Communications in Mobile Object Systems. In J. Vitek and C. Tschudin, editors, Mobile Object Systems: Towards the Programmable Internet, LNCS 1222. Springer-Verlag, April 1997.Google Scholar
- 17.J.E. White. Telescript Technology: Mobile Agents. In J. Bradshaw, editor, Software Agents. AAAI Press/MIT Press, 1996.Google Scholar