The Security Architecture of the M&M Mobile Agent Framework

Authors

Abstract

In the Mobile Agent programming model, small threads of execution migrate from machine to machine, performing their operations locally. For being able to deploy such a model into real world applications, security is a vital concern. In the M&M project we have developed a system that departures from the traditional platform-based execution model for mobile agents. In M&M there are no agent platforms. Instead there is a component framework that allows the applications to become able of sending and receiving agents by themselves in a straightforward manner. In this paper we examine the security mechanisms available in M&M, and how integration with existing applications is done. One difficult aspect of this work is that all the features must work with the security mechanisms that already exist on the applications. This is so because the components are integrated from within into the applications, which already have security mechanisms in place. Currently, M&M provides features like fine-grain security permissions, encryption of agents and data, certificate distribution using LDAP and cryptographic primitives for agents. For validating the approach and solutions found, we have integrated the framework into several off-the-shelf web servers, having the security mechanisms running, with no problems.

Subject

Mobile Agents