O'Reilly logo

Mobile Agents by Wilhelm R. Rossak, Peter Braun

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

5.4 Organizational Solutions 175
out and modified. The important trade-off is between the effort to install
such security solutions versus the problems that may ar ise if a manipulation
occurs.What is the risk?Why should an agency try to modify your agent when
it is just collecting information? Sure, the agency could guess that after the
phase of gathering product information there might come a phase where you,
as owner, will buy a product. Thus, the agency could, for example, provide
some offer that attracts your attention. However, your risk when using an
unprotected mobile agent is that you must spend time visiting the Web page
of the purchaser and detecting that the offer was bogus. Your agent did not
reveal more information about its owner than you would have given to the
online store when sur fing through the Internet anyway.
The best security solution would be a technique to prevent all types of
attacks. As we have already indicated, it is doubtful that a solution based
only on software algorithms will be powerful enough to protect mobile agents
against all types of attacks undertaken by malicious agencies. Therefore, most
researchers in the area of mobile agents are content with developing tech-
niques to detect attacks after they have occurred, for example, when the agent
returns to its home agency. Some authors recommend using hardware-based
security solutions, for example, using a tamperproof co-processor. See, for
example, Wilhelm et al. [1998] for such an approach.
Starting with the next section, we will discuss countermeasures to mobile
agent security challenges. Countermeasures consist of all techniques, proce-
dures, and protocols to diminish the vulnerability of mobile agents hosting
agencies. We will see that many techniques can be adopted from the area of
distributed systems. Many techniques are based on the cryptographic tech-
niques we introduced in the last section (i.e., encryption, digital signatures,
and hash values). Therefore, many of the proposed solutions build on the
assumption that there exists a public-key infrastructure (PKI), where, to sim-
plify matters, public keys and certificates of any principals can be loaded.
Other techniques require different presumptions. Some of them can be taken
for granted, for example, that the home agency is trustworthy—maybe it’s
the only trustworthy agency in the entire mobile agent system.
5.4 Organizational Solutions
We start our overview of solutions with the description of some approaches
that can be characterized by the absence of any technical countermeasure
176 Chapter 5 Mobile Agent Security
to prevent or detect attacks but that provide organizational rules for how
mobile agents systems should be built. Organizational solutions confine the
openness of mobile agent systems to achieve some level of security. None of
these techniques solves security problems—they only circumvent them.
5.4.1 Trusted Agencies
Until now we have used the term trusted agency to refer only to an agent’s
home agency. In general, an agency can be trusted if we have strong evidence
to assume that this agency will not attack our agent or any other agency
in our mobile agent system. If we now assume that we could distinguish
a priori between trusted and untrusted agencies, then we would have a very
straightforward solution to all security problems. We let our agent migrate
only to trusted agencies! To achieve this, our agent must have a predefined
itinerary that includes only trusted agencies, or in the case of dynamic rout-
ing of agents, we can assume that the logical agency network consists of
trusted agencies only and no agency will allow a mobile agent to migrate to
an untrusted one.
From the viewpoint of an agency, we must ensure that the only mobile
agents accepted are those that have solely visited trusted agencies before.
This will prevent our agency from being attacked and possibly becoming
vicious later. Aglets enforces such a trust-based policy, whereby hosting envi-
ronments will not accept or dispatch agents to remote hosts they do not
trust.
As you have guessed, of course, the problem is to differentiate between
trusted and untrusted agencies in advance. However, in a closed network
environment, such as that of a company, we can achieve such a situa-
tion smoothly. An example of this approach is the PersonaLink application
proposed by GeneralMagic some years ago.
Nevertheless, to make this solution applicable in general, rules that are
positioned outside the mobile agent systems must be established to build
a network of trusted agencies. One problem remains, though. How can an
agent and all agencies be informed if it is discovered that an agency has
become malicious?
If it is not possible to bar mobile agents from visiting untrusted agencies,
it might still be possible to design the agent in a way that secure sensi-
tive computations, for example, are moved to trusted agencies. Such an
approach should be always applicable, because we assume we have at least

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required