Mobile Agents
By
Olga Gelbart
[email protected]
What is an agent?
• A program (“software agent”), e.g.,
•
•
•
•
Personal assistant (mail filter, scheduling)
Information agent (tactical picture agent)
E-commerce agent (stock trader, bidder)
Recommendation agent (Firefly, Amazon.com)
• A program that can
– interact with users, applications, and agents
– collaborate with the user
• Software agents help with repetitive tasks
http://agent.cs.dartmouth.edu/
Is everything an “agent”?
• Not all programs are agents
• Agents are
–
–
–
–
customized
persistent
autonomous
adaptive
http://agent.cs.dartmouth.edu/
What is a mobile agent?
Search
engine
Machine A
Machine B
Mobile agent: Agent that
• migrates from machine to machine
• in a heterogeneous network
• at times of its own choosing
http://agent.cs.dartmouth.edu/
Definition
In a broad sense, an agent is any program that
acts on behalf of a (human) user. A mobile
agent then is a program which represents a
user in a computer network, and is capable
of migrating autonomously from node to
node, to performs some computation on
behalf of the user.
How it works?
Host A
Agen
t
Agent
Network
Agent
Host B
Host C
Mobile Agent Attributes
• Code
• State
– Execution state
– Object state
• Name
– Identifier
– Authority
– Agent system type
• Location
Evolution of the “mobile agent”
paradigm
Assumptions about computer systems violated
by mobile agents
• Whenever a program attempts some action, we can easily identify a
person to whom that action can be attributed, and it is safe to assume
that that person intends the action to be taken.
• Only persons that are know to the system can execute programs on the
system.
• There is one security domain corresponding to each user; all actions
within that domain can be treated the same way.
• Single-user systems require no security.
• Essentially all programs are obtained from easily identifiable and
generally trusted sources
• The users of a given piece of software are restrained by law and
custom from various actions against the manufacturer’s interests
Assumptions violated by mobile agents
(cont’d)
• Significant security threats come from attackers running programs with
the intent of accomplishing unauthorized results.
• Programs cross administrative boundaries only rarely, and only when
people intentionally transmit them.
• A given instance of a program runs entirely on one machine; processes
do not cross administrative boundaries at all.
• A given program runs on only one particular operating system.
• Computer security is provided by the operating system
Benefits of mobile agents
•
•
•
•
Bandwidth conservation
Reduction of latency
Reduction of completion time
Asynchronous (disconnected)
communications
• Load balancing
• Dynamic deployment
Reason 1: Bandwidth conservation
Text documents,
numerical data, etc.
Dataset
Client/Proxy
Server
Dataset
Client/Proxy
Server
http://agent.cs.dartmouth.edu/
Reason 2: Reduce latency
Sumatra chat server
(a “reflector”)
1. Observe
high average
latency to
clients
2. Move to
better location
http://agent.cs.dartmouth.edu/
Reason 3: Reduce Completion Time
Efficiency
1. Send code with unique query
Low bandwidth channel
Mobile users
3. Return requested data
2. Perform multi-step
queries on large, remote,
heterogeneous databases
http://agent.cs.dartmouth.edu/
Reason 4:
Disconnected communication and operation
X
X
Before
X
X
After
http://agent.cs.dartmouth.edu/
Reason 5: Load balancing
Jobs/Load
Jobs/Load migrate in a heterogeneous network of machines
http://agent.cs.dartmouth.edu/
Reason 6: Dynamic Deployment
Map, terrain databases
Command post
Unique needs:
maps,
weather,
tactical updates....
Weather
Tactical updates
http://agent.cs.dartmouth.edu/
Threats posed by mobile agents
• Destruction of
– data, hardware, current environment
• Denial of service
– block execution
– take up memory
– prevention of access to resources/network
• Breach of privacy / theft of resources
– obtain/transmit privileged information
– use of covert channels
• Harassment
– Display of annoying/offensive information
– screen flicker
• Repudiation
– ability to deny an event / action ever happened
Protection methods against
malicious mobile agents
• Authenticating credentials
– certificates and digital signatures
• Access Control and Authorization
– Reference monitor
– security domains
– policies
• Software-based Fault Isolation
– Java’s “sandbox”
• Monitoring
– auditing of agent’s activities
– setting limits
• Proxy-based approach to host protection
• Code Verification - proof-carrying code
Threats to mobile agents
– Denial of service
– Unauthorized use or access of code/data
– Unauthorized modification or corruption
code/data
– Unauthorized access, modification, corruption,
or repeat of agent external communication
Possible attacks on mobile agents
• Denial of service
• Impersonation
– Host
– Agent
• Replay
• Eavesdropping
– Communication
– Code & data
• Tamper attack
– Communication
– Code & data
Protection of mobile agents
• Encryption
– code
– payload
• Code obfuscation
• Time-limited black-box security
Application: Technical reports
GUI on
home
machine
Machine 1
...
1. Send agent
2. Send child agents /
collect partial results
3. Return merged
and filtered results
Dynamically selected
proxy site
http://agent.cs.dartmouth.edu/
Machine n
Application: Military
Wired network
Troop
positions
Technical
specs
Orders and
memos
http://agent.cs.dartmouth.edu/
Wireless
Network
Application: e-commerce
Arbiter
Bank
Agent
VendorA
Agent
http://agent.cs.dartmouth.edu/
VendorB
Yellow pages
Mobile agent systems
Mobile Agent System Author
Language
Secure Communication Server Resource
Agent Protection
Telescript
General Magic
Created their own
OO, type-safe
language
Not supported
Tacoma
D'Agents
Cornell University
University of Tromso,
Norway
Dartmouth College
Agent transfer is authenticated Capability-based
using RSA and encrypted
resource access. Quotas
using RC4
can be imposed.
Authorization based on
agent's identity
Not supported
Not supported
Aglets
IBM
Voyager
ObjectSpace
Concordia
Mitsubishi Electric
Ajanta
University of
Minnesota
Tcl, but is created
to be written in other
scripting languages
Tcl interpreter, mo- Uses PGP for authentication
dified to execute
and encryption
scripts and capture
state of execution at
thread level
Java. IBM developed Not supported
a separate class
library to create
mobile agents
Java. Unique feature Not supported
is a utility which
takes any Java class
and creates a remotely-accessible version of it.
Java. Has Itinerary Agent transfer is encrypted and
object, which keeps authenticated using SSL
track of an agent's
migration path
Java
Transfer is encrypted using
DES and authenticated using
ElGamal protocol
Not supported
Uses safe-Tcl as its
Not supported
secure execution envireon
ment. No support for
owner-based authorization
Statically specified access Not supported
rights, based on only two
security categories:
trusted and untrusted
Programmer must extend Not supported
Security Manager. Only
two security categories:
native and foreign.
SecurityManager screen
acceses using a statically
configured ACL based on
agent owner identity
Capability-based resource
access. Authorization
based on agent's owner
Agents protected from
other agents via the
resource access
mechanism
Mechanisms to detect
tampering of agent's
state and code
More examples and “bots”
• Tryllian mobile agent system
• Bots
– mysimon.com
– amazon.com - customer preferences
Current trends lead to mobile agents
Information
overload
Increased need
for personalization
“Customization”
Diversified
population
Bandwidth
gap
Server-side
Too many unique,
dispersed clients to handle
Proxy-based
Multiple
sites to visit
Mobile
Agents
Avoid large
transfers
Mobile code
to client
Mobile users
and devices
Mobile code
to server
or proxy
Avoid
“star”
itinerary
Disconnected
Operation
High
latency
Migrating to migrating code
Intranet
Applets
Proxies
provided
by existing
ISP’s
Proxies that
accept
servlets
Services that
accept
servlets
Mobile
Agents
Internet
Conclusion: Cons
• Security is too big a concern
• Overhead for moving code is too high
• Not backward compatible with Fortran, C ….
• Networks will be so fast, performance not an issue
Conclusion: Pros
• A unifying framework for making many applications
more efficient
• Treats data and code symmetrically
• Multiple-language support possible
• Supports disconnected networks in a way that other
technologies cannot
• Cleaner programming model
For more information...
•
•
•
•
Mysimon.com
D’Agents: http://agent.cs.dartmouth.edu/
Tryllian: http://www.tryllian.com
Aglets: http://www.trl.ibm.co.jp/aglets
Descargar

Mobile Agents - George Washington University