Evaluating the security of mobile agent platforms

Mobility of software agents requires additional security measures. While the theoretical aspects of mobile agent security have been widely studied, there are few studies about the security levels of current agent platforms. In this paper, test cases are proposed to assess agent platform security. These tests focus on malicious agents trying to attack other agents or the agency. Currently, they have been carried out for two agent platforms: JADE and SeMoA. These tests show which of the known theoretical security problems are relevant in practice. Furthermore, they reveal how these problems are addressed by the respective platform and what security flaws are present.     

A timed mobile agent planning approach for distributed information retrieval in dynamic network environments

The number of mobile agents and total execution time are two factors used to represent the system overhead that must be considered as part of mobile agent planning (MAP) for distributed information retrieval. In addition to these two factors, the time constraints at the nodes of an information repository must also be taken into account when attempting to improve the quality of information retrieval. In previous studies, MAP approaches could not consider dynamic network conditions, e.g., variable network bandwidth and disconnection, such as are found in peer-to-peer (P2P) computing. For better performance, mobile agents that are more sensitive to network conditions must be used. In this paper, we propose a new MAP approach that we have named Timed Mobile Agent Planning (Tmap). The proposed approach minimizes the number of mobile agents and total execution time while keeping the turnaround time to a minimum, even if some nodes have a time constraint. It also considers dynamic network conditions to reflect the dynamic network condition more accurately. Moreover, we incorporate a security and fault-tolerance mechanism into the planning approach to better adapt it to real network environments.     

Using cooperative mobile agents to monitor distributed and dynamic environments

Monitoring the changes in data values obtained from the environment (e.g., locations of moving objects) is a primary concern in many fields, as for example in the pervasive computing environment. The monitoring task is challenging from a double perspective. First and foremost, the environment can be highly dynamic in terms of the rate of data changes. Second, the monitored data are often not available from a single computer/device but are distributed; moreover, the set of data providers can change along the course of time. Therefore, obtaining a global snapshot of the environment and keeping it up-to-date is not easy, especially if the conditions (e.g., network delays) change.In this article, a decentralized, loose, and fault-tolerant monitoring approach based on the use of mobile agents is described. Mobile agents allow easy tracking of the involved computers, carrying the monitoring tasks to wherever they are needed. A deadline-based mechanism is used to coordinate the cooperative agents, which strive to perform their continuous tasks in time while considering data as recent as possible, constantly adapting themselves to new environmental conditions (changing communication and processing delays). This approach has been successfully used in a real environment and experiments were carried out to prove its feasibility and benefits.     

Distributed debugging for mobile networks

Debuggers are an integral part, albeit often neglected, of the development of distributed applications. Ambient-oriented programming (AmOP) is a distributed paradigm for applications running on mobile ad hoc networks. In AmOP the complexity of programming in a distributed setting is married with the network fragility and open topology of mobile applications. To our knowledge, there is no debugging approach that tackles both these issues. In this paper we argue that a novel kind of distributed debugger that we term an ambient-oriented debugger, is required. We present REME-D (read as remedy), an online ambient-oriented debugger that integrates techniques from distributed debugging (event-based debugging, message breakpoints) and proposes facilities to deal with ad hoc, fragile networks – epidemic debugging, and support for frequent disconnections.     

一个移动Agent安全旅行协议

本文提出了一种保护移动Agent不受Agent平台攻击的旅行协议。该协议基于Agent旅行的历史记录,在一定的条件下允许Agent所有者检测对Agent代码、状态和执行流的非法篡改。这个协议具有很高的安全性能,能够检测旅行途中的Agent平台对Agent数据的篡改,能够防止重播攻击。     

Promoting the development of secure mobile agent applications

In this paper, we present a software architecture and a development environment for the implementation of applications based on secure mobile agents. Recent breakthroughs in mobile agent security have unblocked this technology, but there is still one important issue to overcome: the complexity of programming applications using these security solutions. Our proposal aims to facilitate and speed up the process of implementing cryptographic protocols, and to allow the reuse of these protocols for the development of secure mobile agents. As a result, the proposed architecture and development environment promote the use of mobile agent technology for the implementation of secure distributed applications.     

一种基于移动Agent的分布式入侵检测系统模型MABDIDS

分析了当前的入侵检测技术的发展及存在的主要缺陷,介绍了移动Agent的概念及其优点,提出了一种新的基于移动Agent的分布式入侵检测模型MABDIDS。MABDIDS利用移动Agent的优点,设计了针对主机和网络两种环境而分别具有不同运行机制的两种检测主体,通过将多个监控节点组织成层次结构来协同实现分布式入侵检测,解决了当前分布式入侵检测系统中存在的主要问题。     

Perses: A framework for the continuous evaluation of the QoS of distributed mobile applications

The increasing capabilities of mobile devices have led to the emergence of new paradigms exploiting them. These paradigms foster the onload and distribution of functionalities on mobile devices, allowing the development of distributed mobile applications. This distribution reduces the latency and the data traffic overhead and improves privacy. As in any other mobile application, their success largely depends on the quality of service (QoS) they offer. Nevertheless, the evaluation of distributed mobile applications is particularly complex due to the number, heterogeneity, and interactions between the devices involved. Current techniques allow developers to assess the quality of a single device, but they are not designed for highly heterogeneous, distributed, and collaborative environments. This paper presents a framework called Perses, which allows the creation of virtual scenarios with multiple heterogeneous mobile devices to launch end-to-end tests to evaluate not only each device but also the interactions among them. The framework was evaluated against a real deployment, showing that the behavior and the quality attributes measured are similar to those of the real deployment, allowing developers to evaluate these applications before launching them. Finally, Perses was integrated into a DevOps methodology to automate its execution and further facilitate its adoption by software companies.     

SelfMotion: A declarative approach for adaptive service-oriented mobile applications

Modern society increasingly relies on mobile devices. This explains the growing demand for high quality software for such devices. To improve the efficiency of the development life-cycle, shortening time-to-market while keeping quality under control, mobile applications are typically developed by composing together ad-hoc developed components, services available on-line, and other third-party mobile applications. Applications are thus built as heterogeneous compositions, whose characteristics strongly depend on the components and services they integrate. To cope with unpredictable changes and failures, but also with the various settings offered by the plethora of available devices, mobile applications need to be as adaptive as possible. However, mainstream adaptation strategies are usually defined imperatively and require complex control strategies strongly intertwined with the application logic, yielding to applications that are difficult to build, maintain, and evolve. We address this issue by proposing a declarative approach to compose adaptive heterogeneous mobile applications. The advantages of this approach are demonstrated through an example inspired by an existing worldwide distributed mobile application, while the implementation of the proposed solution has been validated through a set of simulations and experiments aimed at illustrating its performance.     

The Hopfield-Tank neural network applied to the mobile agent planning problem

Mobile agent planning (MAP) is increasingly viewed as an important technique of information retrieval systems to provide location aware services of minimum cost in mobile computing environment. Although Hopfield-Tank neural network has been proposed for solving the traveling salesperson problem, little attention has been paid to the time constraints on resource validity for optimizing the cost of the mobile agent. Consequently, we modify Hopfield-Tank neural network and design a new energy function to not only cope with the dynamic temporal features of the computing environment, in particular the server performance and network latency when scheduling mobile agents, but also satisfy the location-based constraints such as the starting and end node of the routing sequence must be the home site of the traveling mobile agent. In addition, the energy function is reformulated into a Lyapunov function to guarantee the convergent stable state and existence of the valid solution. Moreover, the objective function is derived to estimate the completion time of the valid solutions and predict the optimal routing path. Simulations study was conducted to evaluate the proposed model and algorithm for different time variables and various coefficient values of the energy function. The experimental results quantitatively demonstrate the computational power and speed of the proposed model by producing solutions that are very close to the minimum costs of the location-based and time-constrained distributed MAP problem rapidly. The spatio-temporal technique proposed in this work is an innovative approach in providing knowledge applicable to improving the effectiveness of solving optimization problems.     

Securing the distributed word processing network

There has been little concern for the security of stand-alone and shared-logic word processor systems although the threats are there and the loss from breaches of security can be very expensive. Word processors usually store processed information rather than data and modification or destruction of a document can lead to poor or delayed decisions. Inherent controls of paper-based systems are lost when the typing function is automated. Word processing networks are particularly vulnerable with reliance placed on the software system to secure documents. The weakest configuration in distributed word processing systems is in moderate size networks which cannot justify sophisticated hardware to support sophisticated operating systems and security software. Therefore, either additional physical security for each terminal or a more sophisticated authorization routine must be provided. The first is nearly impossible and the second rarely exists on these systems. As the trend toward hard disks for these units continues, the best solution may be the inclusion of a cryptographic routine.     

Autonomous mobile agent routing for efficient server resource allocation

Mobile agents are becoming increasingly important in the highly distributed applications frameworks seen today. Their routing/dispatching from node to node is a very important issue as we need to safeguard application efficiency, achieve better load balancing and resource utilization throughout the underlying network. Selecting the best target server for dispatching a mobile agent is, therefore, a multi-faceted problem that needs to be carefully tackled. In this paper we propose distributed, adaptive routing schemes (next node selection) for mobile agents. The proposed schemes overcome risks like load oscillations, i.e., agents simultaneously abandoning a congested node in search for other, less saturated node. We try to induce different routing decisions taken by agents to achieve load balancing and better utilization of network resources. We consider five different algorithms and evaluate them through simulations. Our findings are quite promising both from the user/application and the network/infrastructure perspective.     

EXEM: Efficient XML data exchange management for mobile applications

In the past decade, the number of mobile devices has increased significantly. These devices are in turn showing more computational capabilities. It is therefore possible to envision a near future where client applications may be deployed on these devices. There are, however, constraints that hinder this deployment, especially the limited communication bandwidth and storage space available. This paper describes the Efficient XML Data Exchange Manager (EXEM) that combines context-dependent lossy and lossless compression mechanisms used to support lightweight exchange of objects in XML format between server and client applications. The lossy compression mechanism reduces the size of XML messages by using known information about the application. The lossless compression mechanism decouples data and metadata (compression dictionary) content. We illustrate the use of EXEM with a prototype implementation of the lossless compression mechanism that shows the optimization of the available resources on the server and the mobile client. These experimental results demonstrate the efficiency of the EXEM approach for XML data exchange in the context of mobile application development.

A mobile agent platform for distributed network and systems management

The mobile agent (MA) technology has been proposed for the management of networks and distributed systems as an answer to the scalability problems of the centralized paradigm. Management tasks may be assigned to an agent, which delegates and executes management logic in a distributed and autonomous fashion. MA-based management has been a subject of intense research in the past few years, reflected on the proliferation of MA platforms (MAPs) expressly oriented to distributed management. However, most of these platforms impose considerable burden on network and system resources and also lack of essential functionality, such as security mechanisms, fault tolerance, strategies for building network-aware MA itineraries and support for user-friendly customization of MA-based management tasks. In this paper, we discuss the design considerations and implementation details of a complete MAP research prototype that sufficiently addresses all the aforementioned issues. Our MAP has been implemented in Java and optimized for network and systems management applications. The paper also presents the evaluation results of our prototype in real and simulated networking environments.     

Defend mobile agent against malicious hosts in migration itineraries

Agent integrity verification and fault-tolerance are the two prevalent methods among the solutions to the Problem of Malicious Hosts in Mobile agent system. Agent integrity verification enables the owner of the agent to detect upon its return whether a visited host has maliciously altered the state of the agent based on agent integrity verification [6]. A known drawback of such method is that it cannot detect the tampering of agent immediately, and the tampering can be detected only when the agent returned. Agent fault-tolerance is one method that achieves agent fault-tolerance in migration itineraries by agent replication and majority voting [11]. The drawback of such method is that the agent replication and majority voting can produce many agent replicas in every agent migration step, which may cost significant resource and time. Aiming at those drawbacks, the paper incorporates the two methods, and presents a novel agent migration fault-tolerance model based on integrity verification, which can defend mobile agent against malicious hosts in migration itineraries effectively. The novel agent fault-tolerance model cannot only realize the fault-tolerant execution, but also reduce the complexity and resource cost of agent migration communication.