Security Framework for Mobile Agents-Based Applications

Introduction

Mobile agents are autonomous programs, typically written in interpreted machine-independent languages. They act on behalf of users and have some level of intelligence (Bradshaw, 1997). Users can delegate mobile agents to accomplish different tasks such as access remote resources, cooperation with other mobile agents to perform complex tasks, e-trading, or filtering information autonomously from potential service providers for decision making purposes.

Mobile agents have advanced distributed computing as they exhibit special characteristics including mobility, persistence, autonomy, flexibility, cooperation, and adaptation. They control where they execute and can run on heterogeneous environments and are adaptable to changes in environments. Agents can remain stationary filtering incoming information or become mobile searching for specific information across the internet and retrieving it. The actions of an agent are not entirely pre-established and defined. The agent is able to choose what to do and in which order according to the external environment and user’s requests. They can accomplish their tasks while the user might go off-line.

They traverse the internet from one platform to another through various architectures to access remote resources or even to meet, cooperate and communicate with other programs and agents to accomplish their tasks. They migrate from one platform to another based on a predefined agent itinerary or platforms dynamically allocated in response to any changes in the environment. Agents and platforms in the Mobile Agent System are not always trusted. Honest agents may run on unknown and non-trusted platforms or there might be malicious agents that concurrently execute on the platform. Moreover, agents might transfer through insecure communication channels where they might be intercepted and intruded by malicious agents during their migration. Both agent code and data are vulnerable to security threats. Conversely, a genuine platform might run non-trusted agents that might illegally get access to resources or services at the platform or breach its security.

The implementation of mobile agents in distributed computing has introduced many advantages. They overcome limitations of latency, connectivity, and bandwidth. Also, they allow a large degree of flexibility in creating computations and organize the use of distributed resources on the internet. Moreover, they allow remote software distribution and network management. Mobile agents have been used in various areas such as Forensics analysis, Intrusion detection, E-commerce, E-health, and Resource management (Chess, Harrison, & Kershenbaum, 1997; Franklin & Graesser, 2006; Karjoth, 2000). Shopping agents in E-commerce applications are employed to search the marketplace for offers, negotiate the terms of agreements, or even purchase goods or services.

The Mobile Agent System is vulnerable to direct security attacks by malicious agents or/and non-trusted platforms. Hence, security is of concern as agents or/and platforms might handle very sensitive and critical information that should remain intact during the execution of mobile agents on agent platforms. It is essential to establish a secure framework for mobile agents to accomplish the delegated tasks successfully, and thus, gain trust of clients and service providers. Without a secure framework for Mobile agent System, the implementation of mobile agents in important application domains will be limited. Research is still ongoing for advances in securing the Mobile Agent System. The security refers to certain security properties, such as authenticity, confidentiality, integrity, etc. The security techniques can be divided into two categories: (a) preventive techniques, and (b) detective techniques. The preventive techniques hinder malicious acts to take place, whereas the detective techniques reveal the malicious acts that took place through verification processes.