Full Text:   <1312>

CLC number: TP393

On-line Access: 

Received: 2004-02-02

Revision Accepted: 2004-05-08

Crosschecked: 0000-00-00

Cited: 0

Clicked: 3352

Citations:  Bibtex RefMan EndNote GB/T7714

-   Go to

Article info.
1. Reference List
Open peer comments

Journal of Zhejiang University SCIENCE A 2005 Vol.6 No.5 P.405~413


Instance-oriented delegation: A solution for providing security to Grid-based mobile agent middleware

Author(s):  MA Tian-chi, LI Shan-ping

Affiliation(s):  School of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China

Corresponding email(s):   tcma@csis.hku.hk, shan@cs.zju.edu.cn

Key Words:  Mobile agent, Grid, Trust model, Delegation

MA Tian-chi, LI Shan-ping. Instance-oriented delegation: A solution for providing security to Grid-based mobile agent middleware[J]. Journal of Zhejiang University Science A, 2005, 6(5): 405~413.

@article{title="Instance-oriented delegation: A solution for providing security to Grid-based mobile agent middleware",
author="MA Tian-chi, LI Shan-ping",
journal="Journal of Zhejiang University Science A",
publisher="Zhejiang University Press & Springer",

%0 Journal Article
%T Instance-oriented delegation: A solution for providing security to Grid-based mobile agent middleware
%A MA Tian-chi
%A LI Shan-ping
%J Journal of Zhejiang University SCIENCE A
%V 6
%N 5
%P 405~413
%@ 1673-565X
%D 2005
%I Zhejiang University Press & Springer
%DOI 10.1631/jzus.2005.A0405

T1 - Instance-oriented delegation: A solution for providing security to Grid-based mobile agent middleware
A1 - MA Tian-chi
A1 - LI Shan-ping
J0 - Journal of Zhejiang University Science A
VL - 6
IS - 5
SP - 405
EP - 413
%@ 1673-565X
Y1 - 2005
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/jzus.2005.A0405

New challenges are introduced when people try to build a general-purpose mobile agent middleware in grid environment. In this paper, an instance-oriented security mechanism is proposed to deal with possible security threats in such mobile agent systems. The current security support in grid Security Infrastructure (GSI) requires the users to delegate their privileges to certain hosts. This host-oriented solution is insecure and inflexible towards mobile agent applications because it cannot prevent delegation abuse and control well the diffusion of damage. Our proposed solution introduces security instance, which is an encapsulation of one set of authorizations and their validity specifications with respect to the agent’s specific code segments, or even the states and requests. Applications can establish and configure their security framework flexibly on the same platform, through defining instances and operations according to their own logic. Mechanisms are provided to allow users delegating their identity to these instances instead of certain hosts. By adopting this instance-oriented security mechanism, a grid-based general-purpose MA middleware, Everest, is developed to enhance Globus Toolkit’s security support for mobile agent applications.

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article


[1] Borselius, N., 2002. Mobile agent security. Electronics & Communication Engineering Journal, 14(5):211-218.

[2] Chander, A., Mitchell, J.C., Shin, I., 2001. Mobile Code Security by Java Bytecode Instrumentation. Proceedings of the DARPA Information Survivability Conference & Exposition, DISCEX-II 2001, Anaheim, CA.

[3] Farmer, W.M., Guttman, J.D., Swarup, V., 1996. Security for Mobile Agents: Authentication and State Appraisal. Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS), Springer-Verlag, p.118-130.

[4] Foster, I., Kesselman, C., Tsudik, G.., Tuecke, S., 1998. A Security Architecture for Computational Grids. Proc. 5th ACM Conference on Computer and Communications Security Conference, ACM Press, NY, p.83-92.

[5] Foster, I., Kesselman, C., Tuecke, S., 2001. The anatomy of the grid: enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 15(3):200-222.

[6] Jansen, W., 2001. A Privilege Management Scheme for Mobile Agents. Workshop on Security of Mobile Multi-Agent Systems: Proceedings of the 5th International Conference on Autonomous Agents.

[7] Necula, G.., Lee, P., 1996. Safe Kernel Extensions Without Run-Time Checking. Proceedings of the 2nd Symposium on Operating System Design and Implementation (OSDI’96), Seattle, p.229-243.

[8] Sander, T., Tschudin, C.F., 1998. Protecting Mobile Agents Against Malicious Hosts. In: Vigna, G. (Ed.), Mobile Agents and Security. Springer-Verlag, p.44-60.

[9] Schneider, F.B., 1997. Towards Fault-Tolerant and Secure Agentry. Proceedings of 11th International Workshop on Distributed Algorithms, Saarbrucken, Germany.

[10] Vigna, G., 1997. Protecting Mobile Agents Through Tracing. Proceedings of the 3rd ECOOP Workshop on Mobile Object Systems, Jyvälskylä, Finland.

[11] Wilhelm, U.G.., Staamann, S., Buttyàn, L., 1999. Introducing Trusted Third Parties to the Mobile Agent Paradigm. In: Vitek, J., Jensen, C. (Eds.), Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Springer-Verlag, p.471-491.

[12] Wong, H.C., Sycara, K., 1999. Adding Security and Trust to Multi-Agent Systems. Proceedings of Autonomous Agents’99 (Workshop on Deception, Fraud and Trust in Agent Societies), Seattle, Washington, p.149-161.

Open peer comments: Debate/Discuss/Question/Opinion


Please provide your name, email address and a comment

Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - Journal of Zhejiang University-SCIENCE