Browse Prior Art Database

Privilege Management of Mobile Agents

IP.com Disclosure Number: IPCOM000125609D
Original Publication Date: 2000-Oct-01
Included in the Prior Art Database: 2005-Jun-09
Document File: 9 page(s) / 92K

Publishing Venue

National Institute of Standards and Technology

Related People

Wayne Jansen: INVENTOR [+2]

Abstract

Most mobile agent systems use internal data structures within an agent to control and specify its security requirements and properties. These structures typically contain authorization information regarding access to computational resources on distributed systems and conceptually serve as an internal passport for the agent. While these structures are often very similar semantically, they differ greatly in their implementation, depending to a large extent on the mechanisms used to protect their contents. This paper considers a general scheme for managing privileges using attribute certificates. An attribute certificate can be viewed as an external, digitally signed agent passport, which allows greater flexibility in meeting the needs of an application and overlaying a suitable management scheme. The paper presents the benefits of this approach and gives an example of how an agent system could be enhanced with this mechanism.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 9% of the total text.

Page 1 of 9

Privilege Management of Mobile Agents

     Wayne Jansen, Tom Karygiannis National Institute of Standards and Technology

Abstract: Most mobile agent systems use internal data structures within an agent to control and specify its security requirements and properties. These structures typically contain authorization information regarding access to computational resources on distributed systems and conceptually serve as an internal passport for the agent. While these structures are often very similar semantically, they differ greatly in their implementation, depending to a large extent on the mechanisms used to protect their contents. This paper considers a general scheme for managing privileges using attribute certificates. An attribute certificate can be viewed as an external, digitally signed agent passport, which allows greater flexibility in meeting the needs of an application and overlaying a suitable management scheme. The paper presents the benefits of this approach and gives an example of how an agent system could be enhanced with this mechanism.

Introduction

A software agent is loosely defined as a program that exercises an individual's or an organization's authority, and autonomously meets and interacts with other agents and its environment while working toward a goal. Possible interactions among agents include such things as contract and service negotiation, auctioning, and bartering. Software agents may be either stationary or mobile. Stationary agents remain resident at a single platform, while mobile agents travel among platforms by suspending their execution, moving themselves to another platform, and resuming execution upon arrival.

A number of models exist for describing agent systems. For the purpose of discussing mobile agent security issues, however, a simple model consisting of only two components, the agent and the agent platform, is sufficient. An agent consists of the code, data, and state information needed to carry out some computation. The agent platform provides the computational environment in which an agent operates. Multiple agents can cooperate with one another to carry out some task and are able to move or hop among agent platforms. The platform where an agent is instantiated and commences activity is referred to as the home platform, and normally is the most trusted environment for an agent. One or more hosts may make up an agent platform, and an agent platform may support multiple locations or meeting places where agents can interact. Since some of these details do not affect the discussion of security issues, they are omitted from the agent system model illustrated in Figure 1, which depicts the movement of an agent among several platforms.

Place

Agent

Agent Agent

Home

Platform

Agent

Platform

Figure 1: Agent System Model

Mobile agent computing is an extreme form of distributed computing, which poses a severe challenge to the security of an application. One difficult class of threats introduced by mobili...