Similar articles

Abstract: New challenges are introduced when people try to build a general-purpose mobile agent middleware in grid environment. In this paper, an instance-oriented security mechanism is proposed to deal with possible security threats in such mobile agent systems. The current security support in grid Security Infrastructure (GSI) requires the users to delegate their privileges to certain hosts. This host-oriented solution is insecure and inflexible towards mobile agent applications because it cannot prevent delegation abuse and control well the diffusion of damage. Our proposed solution introduces security instance, which is an encapsulation of one set of authorizations and their validity specifications with respect to the agent’s specific code segments, or even the states and requests. Applications can establish and configure their security framework flexibly on the same platform, through defining instances and operations according to their own logic. Mechanisms are provided to allow users delegating their identity to these instances instead of certain hosts. By adopting this instance-oriented security mechanism, a grid-based general-purpose MA middleware, Everest, is developed to enhance Globus Toolkit’s security support for mobile agent applications.

[1] Borselius, N., 2002. Mobile agent security. Electronics & Communication Engineering Journal, 14(5):211-218.

[2] Chander, A., Mitchell, J.C., Shin, I., 2001. Mobile Code Security by Java Bytecode Instrumentation. Proceedings of the DARPA Information Survivability Conference & Exposition, DISCEX-II 2001, Anaheim, CA.

[3] Farmer, W.M., Guttman, J.D., Swarup, V., 1996. Security for Mobile Agents: Authentication and State Appraisal. Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS), Springer-Verlag, p.118-130.

[4] Foster, I., Kesselman, C., Tsudik, G.., Tuecke, S., 1998. A Security Architecture for Computational Grids. Proc. 5th ACM Conference on Computer and Communications Security Conference, ACM Press, NY, p.83-92.

[5] Foster, I., Kesselman, C., Tuecke, S., 2001. The anatomy of the grid: enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 15(3):200-222.

[6] Jansen, W., 2001. A Privilege Management Scheme for Mobile Agents. Workshop on Security of Mobile Multi-Agent Systems: Proceedings of the 5th International Conference on Autonomous Agents.

[7] Necula, G.., Lee, P., 1996. Safe Kernel Extensions Without Run-Time Checking. Proceedings of the 2nd Symposium on Operating System Design and Implementation (OSDI’96), Seattle, p.229-243.

[8] Sander, T., Tschudin, C.F., 1998. Protecting Mobile Agents Against Malicious Hosts. In: Vigna, G. (Ed.), Mobile Agents and Security. Springer-Verlag, p.44-60.

[9] Schneider, F.B., 1997. Towards Fault-Tolerant and Secure Agentry. Proceedings of 11th International Workshop on Distributed Algorithms, Saarbrucken, Germany.

[10] Vigna, G., 1997. Protecting Mobile Agents Through Tracing. Proceedings of the 3rd ECOOP Workshop on Mobile Object Systems, Jyvälskylä, Finland.

[11] Wilhelm, U.G.., Staamann, S., Buttyàn, L., 1999. Introducing Trusted Third Parties to the Mobile Agent Paradigm. In: Vitek, J., Jensen, C. (Eds.), Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Springer-Verlag, p.471-491.

[12] Wong, H.C., Sycara, K., 1999. Adding Security and Trust to Multi-Agent Systems. Proceedings of Autonomous Agents’99 (Workshop on Deception, Fraud and Trust in Agent Societies), Seattle, Washington, p.149-161.