Self-reliant mobile code: a new direction of agent security

摘要

The motivation for using mobile agent technology in the context of distributed application stems from its various advantages like intelligence, mobility, communication ability and fault tolerance capability. As every technological movement is aligned with its repercussions, the mobile agent technology also has its inherent security loop holes. Researchers have proposed various approaches to mitigate security bottlenecks but the threat of malicious execution environment in permissible and effectual conduct is still vague and unresolved. In this paper, we introduced a security protocol to protect mobile agent from different kinds of security attacks. The basic building blocks of our protocol are built on the foundation of integrity based confidentiality and self-protection approach based on agent driven security. The general idea behind self-protection is to make mobile agent less interactive during its execution. In order to achieve agent driven security, we bring forth a novel concept of symmetric key's component distribution, wherein a key component is distributed in secure manner and other key component is derived from ensuring integrity of data collected at run time. In order to verify the validity of our approach in overcoming different kind of security attacks, we present Petri net based formal representation of our protocol to strengthen the belief of distributed applications. In addition, we implement our approach on JADE (Java agent development framework) platform and compare it with well-known self-protection approach on the basis of computational complexity and services offered.