Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Olga Gelbart rosa@seas.gwu.edu Mobile Agents By Olga Gelbart rosa@seas.gwu.edu.

Published byCristobal Steptoe Modified over 10 years ago

Similar presentations

Presentation on theme: "By Olga Gelbart rosa@seas.gwu.edu Mobile Agents By Olga Gelbart rosa@seas.gwu.edu."— Presentation transcript:

1 By Olga Gelbart rosa@seas.gwu.edu
Mobile Agents By Olga Gelbart

2 What is an agent? A program (“software agent”), e.g.,
Personal assistant (mail filter, scheduling) Information agent (tactical picture agent) E-commerce agent (stock trader, bidder) Recommendation agent (Firefly, Amazon.com) A program that can interact with users, applications, and agents collaborate with the user Software agents help with repetitive tasks

3 Is everything an “agent”?
Not all programs are agents Agents are customized persistent autonomous adaptive

4 What is a mobile agent? Mobile agent: Agent that
Search engine Machine A Machine B Mobile agent: Agent that migrates from machine to machine in a heterogeneous network at times of its own choosing

5 Definition In a broad sense, an agent is any program that acts on behalf of a (human) user. A mobile agent then is a program which represents a user in a computer network, and is capable of migrating autonomously from node to node, to performs some computation on behalf of the user.

6 How it works? Agent Host A Host B Host C Network

7 Mobile Agent Attributes
Code State Execution state Object state Name Identifier Authority Agent system type Location

8 Evolution of the “mobile agent” paradigm

9 Assumptions about computer systems violated by mobile agents
Whenever a program attempts some action, we can easily identify a person to whom that action can be attributed, and it is safe to assume that that person intends the action to be taken. Only persons that are know to the system can execute programs on the system. There is one security domain corresponding to each user; all actions within that domain can be treated the same way. Single-user systems require no security. Essentially all programs are obtained from easily identifiable and generally trusted sources The users of a given piece of software are restrained by law and custom from various actions against the manufacturer’s interests

10 Assumptions violated by mobile agents (cont’d)
Significant security threats come from attackers running programs with the intent of accomplishing unauthorized results. Programs cross administrative boundaries only rarely, and only when people intentionally transmit them. A given instance of a program runs entirely on one machine; processes do not cross administrative boundaries at all. A given program runs on only one particular operating system. Computer security is provided by the operating system

11 Benefits of mobile agents
Bandwidth conservation Reduction of latency Reduction of completion time Asynchronous (disconnected) communications Load balancing Dynamic deployment Reduction of communication Communication latency can be reduced since an agent can carry a sequence of service requests across the network, and there is no need to send these requests separately. Moving the agent to the data source can reduce communication bandwidth. In this case, only the resulting data is transmitted to the client thus reducing the data before transmission. Reduction of network connection time is also important. In the case of mobile code, a client needs to be connected only twice: while sending an agent and while receiving results back. Asynchronous tasks This goes in hand with reducing network connection time: after transferring a task to the network (via a mobile agent), a client can disconnect from the network and connect again only to receive results (which can be hours of days later). Clearly, this allows for execution on asynchronous tasks. Dynamic Protocols and Intelligent Data Some initial mutual protocol is required for the client and the server to start communication and for the server to receive a mobile agent. But after the initial communication is established a mobile agent can dynamically adapt to an appropriate protocol required for communication back to its home server. For example, an agent transmitting news updates can use a specialized multicast protocol for transmission to clients utilizing different communication protocol. An agent can dynamically adapt to this kind of situation. Software Deployment Mobile agents can be used for automation of software installations and upgrades. Temporary Applications Java applets can serve as examples of temporary applications: small applications, which do not require installation, can be temporarily downloaded and discarded when their task is finished. Route planners for travelers are examples of such applications. Distributed Heterogeneous Computing Mobile agents can provide a communications infrastructure for tasks in a distributed environment. For example, agents can collect data on one node and transfer is to another (an agent collects raw data from a system and submits it to a graph plotter server – can be faster than transmitting a whole image). Scalable applications As an example, we can look at a searching program. In a typical client-server situation, retrieved documents (from various data sources) are transferred to the client and sorted or filtered there. The client as part of the network creates a bottleneck. Mobile agents can perform content-based filtering on the spot and also get rid duplicate or redundant documents before transferring results back to the client.

12 Reason 1: Bandwidth conservation
Text documents, numerical data, etc. Dataset Client/Proxy Server Dataset Client/Proxy Server

13 Reason 2: Reduce latency
Sumatra chat server (a “reflector”) 1. Observe high average latency to clients 2. Move to better location

14 Reason 3: Reduce Completion Time
Efficiency 1. Send code with unique query Low bandwidth channel Mobile users 3. Return requested data 2. Perform multi-step queries on large, remote, heterogeneous databases

15 Reason 4: X X X X Disconnected communication and operation Before
After

16 Reason 5: Load balancing
Jobs/Load Jobs/Load migrate in a heterogeneous network of machines

17 Reason 6: Dynamic Deployment
Unique needs: maps, weather, tactical updates.... Command post Tactical updates Map, terrain databases Weather

18 Threats posed by mobile agents
Destruction of data, hardware, current environment Denial of service block execution take up memory prevention of access to resources/network Breach of privacy / theft of resources obtain/transmit privileged information use of covert channels Harassment Display of annoying/offensive information screen flicker Repudiation ability to deny an event / action ever happened Destruction of: files on the internal / external data storage. These files can be an kind ranging from configuration (operating system specific) to data files. This can be either deletion of corruption. Hardware : hardware-intensive executions which eventually may destroy it destruction of current execution environment: processes, stack, etc Denial of service: block execution of other processes take up all memory by replication prevention of access to data resources internally or from the network (a host is a server on some kind of a network) Breach of privacy & theft of resources: Malicious mobile agents can obtain privilege levels higher than required for an agent execution and gain unauthorized access to private information stored in internal data storage or external data storage (which could be a disk array or a database server). This private information (such as medical data or financial records) can then be take by the agent when it leaves and transmitted. Secret recording from a computer microphone and the following transmission of information to an unauthorized cite. Us of covert channels to transfer information to an unauthorized cite. Harassment: Display of annoying or offensive materials onto computer screen, periodic screen flicker are more damaging to the human user than to the computer itself, but should still be considered, since this is a threat to human working conditions. It’s dangerous especially if the screen flicker is introduced at a frequency known to cause seizures in sensitive people. Repudiation: ability to deny an event ever happened and get away with it. This is more of an “after effect”, but is still important. If an unwanted event happens, there should be some way to prove that it was caused by a malicious mobile agent.

19 Protection methods against malicious mobile agents
Authenticating credentials certificates and digital signatures Access Control and Authorization Reference monitor security domains policies Software-based Fault Isolation Java’s “sandbox” Monitoring auditing of agent’s activities setting limits Proxy-based approach to host protection Code Verification - proof-carrying code

20 Threats to mobile agents
Denial of service Unauthorized use or access of code/data Unauthorized modification or corruption code/data Unauthorized access, modification, corruption, or repeat of agent external communication

21 Possible attacks on mobile agents
Denial of service Impersonation Host Agent Replay Eavesdropping Communication Code & data Tamper attack

22 Protection of mobile agents
Encryption code payload Code obfuscation Time-limited black-box security

23 Application: Technical reports
GUI on home machine Machine n Machine 1 ... 1. Send agent 2. Send child agents / collect partial results 3. Return merged and filtered results Dynamically selected proxy site

24 Application: Military
Wired network Wireless Network Technical specs Troop positions Orders and memos

25 Application: e-commerce
Arbiter VendorA VendorB Bank Agent Agent Yellow pages

26 Mobile agent systems

27 More examples and “bots”
Tryllian mobile agent system Bots mysimon.com amazon.com - customer preferences

28 Current trends lead to mobile agents
Increased need for personalization Server-side Information overload “Customization” Mobile code to server or proxy Too many unique, dispersed clients to handle Diversified population Proxy-based Multiple sites to visit Mobile Agents Bandwidth gap Avoid large transfers Mobile code to client Avoid “star” itinerary Mobile users and devices Disconnected Operation High latency

29 Migrating to migrating code
Applets Proxies that accept servlets Services that Proxies provided by existing ISP’s Mobile Agents Intranet Internet

30 Conclusion: Cons Security is too big a concern
Overhead for moving code is too high Not backward compatible with Fortran, C …. Networks will be so fast, performance not an issue

31 Conclusion: Pros A unifying framework for making many applications more efficient Treats data and code symmetrically Multiple-language support possible Supports disconnected networks in a way that other technologies cannot Cleaner programming model

32 For more information... Mysimon.com
D’Agents: Tryllian: Aglets:

Download ppt "By Olga Gelbart rosa@seas.gwu.edu Mobile Agents By Olga Gelbart rosa@seas.gwu.edu."

Similar presentations

Intermediate 2 Computing

Intermediate 2 Computing
Agents & Mobile Agents.

Agents & Mobile Agents.
Information System Security AABFS-Jordan Summer 2006 Mobile Code Security Prepared by: Mossab Al Hunaity Supervised by: Dr. Loai Tawalbeh.

Information System Security AABFS-Jordan Summer 2006 Mobile Code Security Prepared by: Mossab Al Hunaity Supervised by: Dr. Loai Tawalbeh.
Mobile Agents Mouse House Creative Technologies Mike OBrien.

Mobile Agents Mouse House Creative Technologies Mike OBrien.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Christian Devalez (Sunday, 19 April 2015) Mobility and Progressive Application Streaming.

Christian Devalez (Sunday, 19 April 2015) Mobility and Progressive Application Streaming.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Internet, Intranet and Extranets

Internet, Intranet and Extranets
Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.

Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Context-based Information Sharing and Authorization in Mobile Ad Hoc Networks Incorporating QoS Constraints Sanjay Madria, Missouri University of Science.

Context-based Information Sharing and Authorization in Mobile Ad Hoc Networks Incorporating QoS Constraints Sanjay Madria, Missouri University of Science.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,

Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
The Mobile Code Paradigm and Its Security Issues Anthony Chan September 13, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan September 13, 1999.
AgentOS: The Agent-based Distributed Operating System for Mobile Networks Salimol Thomas Department of Computer Science Illinois Institute of Technology,

AgentOS: The Agent-based Distributed Operating System for Mobile Networks Salimol Thomas Department of Computer Science Illinois Institute of Technology,
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Similar presentations

Ads by Google