Protecting mobile agents from malicious hosts in a distributed network

Abstract

Distributed applications provide challenging environment in today’s advancing technological world. To enhance the aspects of better performance and efficiency in real scenario, mobile agent’s concept has been brought forward. Mobile agents (MAs) are autonomous computing entities that have the capability of moving (migrating) from one host to another and resuming execution in the new host. MAs are an extension of the mobile object concept and allow the movement of an agent’s code, data and state. Of concern however are the security threats that this exciting paradigm is associated with. We have used the Tropos methodology to design a security framework for mobile agent systems. We further demonstrate this security solution by use of a credit bureau use case. In our design, the security mechanism protects tasks, sub-tasks, goals and soft goals of each agent from other agents. Only an authenticated and authorized agent can access tasks or goals of another agent. This security hierarchy uses a multi-faceted approach to protect mobile agents and must be incorporated from the design stage of agent systems. The security supervisor assumes the dual role of authentication and authorization. The status monitoring agent, on the other hand, monitors the status of each agent in the environment. Our results showed that a multi-agent system with no security at all factored into its design will always be vulnerable. This is due to the fact that multi-agent systems are inherently loosely coupled. A secure multi-agent system is one that has both a good monitoring and security supervision framework. These two frameworks complement each other. Where the security might fail, the monitoring framework would report an exception.