Mobile Agent Security Issues

Tom Karygiannis

Computer Security Division
National Institute of Standards and Technology
karygiannis@nist.gov

2:00pm Friday September 24, 1999
Lecture Hall V, ECS

Mobile agents are autonomous software objects that can halt their execution, ship themselves to another agent-enabled host on the network, and continue their execution, deciding where to go and what to do along the way. Mobile agents are goal-oriented, can communicate with other agents, and can continue to operate even after the machine that launched them has been removed from the network.

The mobile agent computing paradigm raises several privacy, accountability, and security concerns, which clearly are one of the main obstacles to the widespread use and adaptation of this new technology. Mobile agent security issues that need to be resolved include authentication, identification, secure messaging, certification, trusted third parties, non-repudiation, and privacy. Moreover, the mobile agent frameworks must be able to counter new threats as agent hosts must be protected from malicious agents, agents must be protected from malicious hosts, and agents must be protected from malicious agents. This lecture will outline mobile agent security issues and will present various countermeasures being developed to address the associated security risks.

Mobile agents applications are currently being developed by industry, government, and academia for use in such areas as telecommunications systems, personal digital assistants, information management, on-line auctions, service brokering, contract negotiation, distributed information retrieval, parallel processing, and computer simulation.