Implementing mobile agent security in an untrusted computing environment

Abstract

Many researchers have agreed on the validity of the observation that the use of mobile agent systems will not attain a critical mass unless the problem of security is solved. As mobile agents are most likely to be used in an untrusted environment (such as the Internet) the various components of the agent system are to be protected against security threats. If security is not guaranteed, sensitive user data may be leaked or forged. This paper offers an overview of possible approaches to counter the most notorious of agent system security threats, the one presented by malicious agent hosts. The requirements for protection against such attacks are outlined, and new methods of protection are also introduced. I. INTRODUCTION By most researchers, mobile agent systems are considered to be a viable alternative to client-server systems in certain applications. Some of the often recited advantages of mobile agents over client-server architectures are: