A Protection Scheme for Mobile Agents on Java

1
A Protection Scheme for Mobile Agents on Java

• D. Hagimont , L. Ismail
• ACM/IEEE, September 1997, Pages 215-222

2
Mobile Agent

• An mobile agent is roughly a process with its own
  context,including code and data,that may travel
  among several sites in order to perform its task
• Java is the best runtime environment

3
Motivation

• Protection is a crucial aspect of distributed
  computing
• Agent may travel among several sites
• Protection is the condition to the acceptance of
  mobile agent

4
Protection Scheme

• Based on software capabilitiesLevy84
• Allows mutually suspicious agents to dynamically
  exchange access rights
• Advantages
• Evolution
• Decentralization
• Mutual suspicion
• Modularity
• Portability

5
Software Capabilities (Levy 84)

• Definition
• A token,ticket or key that gives the processor
  permission to access an entity or object in a
  computer system
• Contains
• Unique object identifier and Access rights
• Provides
• Mechanism to address both primary and secondary
  memory
• Mechanism to address both hardware and software
  resources

6
Protection in Mobile Agent

• Isolation
• Agent only access to its own objects or objects
  which it has been granted by other agents
• Access Control
• The definition of the policy
• The protection policy determines when and how
  these access rights are exported
• Authentication
• Associate an identity with each agent

7
Design Protection Scheme

• Evolution
• Evolve access rights dynamically
• Decentralization
• Agent is responsible for its own protection
  policy
• No need a third party protection server.
• Mutual Suspicion
• All agents are equal with respect to protection
• Modularity
• Separating the definition of protection from the
  application code
• Portability

8
Java Environment

• Java Virtual Machine
• Allows classes to be dynamically loaded from
  remote nodes
• Serialization feature that allows instances to be
  transferred during runtime
• Interface An interface is a definition of the
  signatures of the methods of a class which is
  independent from any implementation

9
Managing Mobile Agents on Java

• Execution of agents on the runtime
• Creates a new thread to execute the agent
• Migration of agents between different runtimes
• When an agent migrates, two kinds of objects have
  to be transferred classes and instances
• Using RMI and Serialization
• Sharing of objects between agents on one runtime
• Exchange object references
• Requires a Name Server
• Associate symbolic names with object references

10
Protection Model - Capability-Based Protect Model

• Based on software capabilities
• Objective
• Allow access rights to evolve dynamically
• A capability is a token that identifies an object
  and contains access rights

11
Print Server Example
12
Protection Model - Exchanging Capabilities

• Issue
• How to provide agent programmers with a means for
  controlling rights exchanges with other agents
• Interface
• Dont provide extensions to the programming
  language
• Define capability exchanges between interacting
  agents using IDL
• IDL(Interface Definition Language)

13
Protection Model - Exchanging Capabilities (cont.)

• View
• A view is an interface that includes the
  definition of an access control policy
• Contains access rights and capability exchange
  policy
• Structure of a Capability

14
Protection Model - Exchanging Capabilities (cont.)

• Two views are associated with a capability
• The view of caller agent
• Methods that are authorized
• Input parameter of a method
• Output parameter of a method
• The view of callee agent
• Input parameter of a method
• Output parameter of a method

15
Protection Model - Example

• interface Printer_itf
• void init () // initialize the printer
• Job_itf run (Text_itf text) // send a text to
  the printer
• interface Text_itf
• String read() // read the text
• void write (String s) // write the text
• interface Job_itf
• void stop () // kill the current job

16
Protection Model Example(cont.)

• The definition of protection aims at avoiding the
  following problem
• Printer doesnt want the client to invoke the
  init method
• Client doesnt want the printer to invoke the
  write method

17
Protection Model Example(cont.)

• Client and server will define the following views

Client view client implements Printer_itf void
init () Job_itf run (Text_itf text pass
reader) view reader implements Text_itf
String read() void not write (String s)
Printer server view server implements Printer_itf
void not init () Job_itf run (Text_itf
text)
18
Protection Model Example(cont.)
19
Management of filters
20
Management of filters(cont.)
21
(No Transcript)
22
Related Work

• Integrate an authentication service with our
  protection scheme
• AgentTcl
• Aglet
• Telescript
• Voyager

23
Conclusion

• The protection model is based on software
  capabilities and allows access rights to exchange
  dynamically
• Future work
• Implement a full mobile agent system
• Experiment with larger mobile application