Enforcing history-based security policies in mobile agent systems

Abstract

The mobile agent paradigm used in modern distributed systems has revealed some new forms of common security threats, such as abusive resource consumption or illegitimate information flow between different and noncooperative entities. This problem is aggravated when an agent's host doesn't know anything about the agent's past activities, visited hosts and interactions with other agents. Thus, robust and efficient authorization platforms should be considered in order to avoid undesired actions from malicious agents. We present an authorization platform designed for a mobile agent system, MobileTrans, which supports the definition and enforcement of history-based security policies, allowing hosts to decide on the authorization of an agent's action upon its past behaviour.