Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anand Tripathi, University of Minnesota2 Mobile Agent Programming in Ajanta Anand Tripathi Department of Computer Science University of Minnesota Minneapolis.

Similar presentations


Presentation on theme: "Anand Tripathi, University of Minnesota2 Mobile Agent Programming in Ajanta Anand Tripathi Department of Computer Science University of Minnesota Minneapolis."— Presentation transcript:

1

2 Anand Tripathi, University of Minnesota2 Mobile Agent Programming in Ajanta Anand Tripathi Department of Computer Science University of Minnesota Minneapolis MN This work was supported by NSF grants ANIR and EIA

3 Anand Tripathi, University of Minnesota3 Outline Mobile Agent Paradigm Benefits, Obstacles, and Potential Applications Evolution of the Mobile Agent Paradeigm Ajanta Mobile Agent Programming System Conclusions and Future Directions

4 Anand Tripathi, University of Minnesota4 Contributors to Ajanta Project Neeran Karnik (currently with IBM New Delhi) Manish Vora (currently with Fore Systems) Tanvir Ahmed Ram Singh (currently with Cisco) Arvind Prakash (currently with Microsoft) Shremattie Jaman

5 Anand Tripathi, University of Minnesota5 Aspects of Mobile Agent Research Distributed System Research –Focus on system architectures and protocols for managing executions of mobile agent objects. –Security, fault tolerance, naming, yellow pages Programming Languages Research –Code mobility, safety, programming constructs –Agent communication languages Artificial Intelligence Research –Focus on intelligence, learning, and cooperation

6 Anand Tripathi, University of Minnesota6 What is an agent? An agent is a software component (object) which can perform one or more tasks in some predefined manner. Properties of an agent: –Mobility –Autonomy –Deliberative vs. Reactive –Learning –Cooperation See: IEEE Spectrum April 1998 paper by Morreale

7 Anand Tripathi, University of Minnesota7 Evolution parameters(data) ClientServer results (data) Remote Procedure Call: Code resides at the server Courier at Xerox PARC in 1980 Sun RPC 1984 DCE, CORBA late 1980s

8 Anand Tripathi, University of Minnesota8 Evolution … Process Migration Process migration allows a partially executed process to be relocated to another node. –Execution state of the process is migrated. Stack, memory, program counter, state of open files. Mainly used for load balancing. In the mid 1980s several mechanisms were investigated and supported in a local area network environments. –Locus (UCLA), Sprite (UC Berkeley), Condor (Wisconsin)

9 Anand Tripathi, University of Minnesota9 Evolution … Object Migration Object migration allows objects to be moved across address spaces at different nodes. –Requires mobility of objects code and data. Emerald supported object mobility under program control. (Univ. of Washington) (1986) Chorus distributed system (1988) supported object mobility with autonomous control by the object. Most of these system supported migration in a homogeneous system.

10 Anand Tripathi, University of Minnesota10 Evolution... Remote Programming and Code Mobility: procedure code + data Server Client results (data ) Code transported to the server Remote Evaluation model by Stamos and Gifford (MIT) (1990). Java Sun Microsystems (1995) allows code migration across heterogeneous platforms.

11 Anand Tripathi, University of Minnesota11 Mobile Agents A mobile agent is an object capable of autonomously migrating from one host to another in a distributed system to perform actions on behalf of its creator. Client agent (code+data) Mobile Agent Server 1 Server 3 Server 2

12 Anand Tripathi, University of Minnesota12 Mobile Agents A mobile agent is an object capable of autonomously migrating from one host to another in a distributed system to perform actions on behalf of its creator. Client agent (code+data) Mobile Agent Server 1 Server 3 Server 2

13 Anand Tripathi, University of Minnesota13 Potential Benefits and Capabilities Concurrency Reduced network usage (bandwidth + frequency) –No need to maintain client-server connection –Move processing closer to where needed Client-server asynchrony –Disconnected operations Installation of client-specific interfaces Dynamic interface upgrades

14 Anand Tripathi, University of Minnesota14 Examples of Potential Applications User-level applications –Search and information filtering agents –Personal assistants Middleware systems –Global file systems –Distributed collaboration and workflow systems System level tasks –Network status monitoring and control –Intrusion detection –Software distribution, installation, upgrades

15 Anand Tripathi, University of Minnesota15 Basic Requirements A mobile agent system needs to support migration of a partially executed agent object from one node to another. –Code migration to the destination node –Agent state migration –There are two approaches to state migration –Strong mobility refers to transfer of system level execution state, such as execution stack, program counter, memory –Weak mobility refers to application level state transfer IEEE TSE May98 paper by Fugetta, Picco, Vigna

16 Anand Tripathi, University of Minnesota16 Obstacles -- Security Issues Protection of host resources –Unauthorized access to host resources files, processes, system programs –privacy concerns –Damage to resources –Denial of service attack –annoyance attacks Privacy & integrity of agent data –Passive & active attacks Beyond applet security model

17 Anand Tripathi, University of Minnesota17 Obstacles -- Robustness Issues Fault Tolerance Issues –Exceptions during agents remote execution –Unavailability of server –Loss of an agent during migration Status Monitoring and Control –Support to monitor an agents status –Support to recall or terminate an agent

18 Anand Tripathi, University of Minnesota18 Obstacles - Programming Support Programming model and APIs Programming infrastructure and services Naming scheme for servers, agents, resources Agent transfer protocol Inter-agent communication protocol Debugging facilities

19 Anand Tripathi, University of Minnesota19 Mobile Agent Systems - Approaches Mobile Agent Systems LanguagesMiddleware Systems OO Language BasedScript Language Based Telescript Oblique Java basedTcl, Python, Perl

20 Anand Tripathi, University of Minnesota20 Agent Programming Systems Telescript - A language developed by General Magic in the early 1990s. OO language for programming mobile agents. Designed with security requirements. It was used for It was used in Sonys Magic Link personal digital assistant linking to messaging and services of AT&T and AOL Now discontinued in favor of Odyssey.

21 Anand Tripathi, University of Minnesota21 Agent Programming Systems Tacoma - Tcl based system developed at Cornell and Tromso University ( ) Agent Tcl - Tcl based system developed at Dartmouth College. ( ) DAgents Aglets - Java based system from IBM. (1996) Concordia - Java based system from Mitsubishi Research. (1997) Voyager - Java based system from ObjectSpace Odyssey - Java based system from General Magic See

22 Anand Tripathi, University of Minnesota22 Ajanta Mobile Agent System Ajanta System Architecture Agent Programming Primitives Agent Server Architecture and Security Agent Protection Patterns for Agent Migration Agent-Based Applications Conclusions and Future Directions

23 Anand Tripathi, University of Minnesota23 Ajanta System Architecture A mobile agent in Ajanta is a Java object Infrastructure for agent-based applications –The base Agent and AgentServer classes Infrastructure for hosting agents –Applications extend the generic agent server to define Name service –Location information and public-key distribution –Based on Uniform Resource Naming (URN) framework

24 Anand Tripathi, University of Minnesota24 Mobile Agents in Ajanta Host-AHost-B Object byte array serializedeserialize n e t w o r k 4 state mobility using Java object serialization 4 code mobility based on on-demand class loading 4 Agent transfer is lightweight (no code or thread state transfer) weak mobility 4 execution context - control flow by method chaining

25 Anand Tripathi, University of Minnesota25 Agent Programming Support Base Agent class defines basic functionality for creating and launching an agent. Agent execution model –arrive and depart methods define entry and exit protocols at a host. ItinAgent class defines itinerary based agents Migration patterns for itinerary composition Exception handling by guardians.

26 Anand Tripathi, University of Minnesota26 Defining an Application Agent An application specific agent is defined by inheriting from Ajantas base Agent class. The base Agent class has empty definitions for run, arrive, and depart methods. Application specific agent class must suitably redefine these methods.

27 Anand Tripathi, University of Minnesota27 Agent Credentials Credentials object includes: –agent name (its own identity, in URN format) –owner (URN of the human user it represents) –creator (program/application that created it) –guardian (its home site/exception handler) –code base (class bytecode server) –owners signature on the above

28 Anand Tripathi, University of Minnesota28 Agent Migration Request go(destination,methodName, parameter description) If no method is specified, by default run method is executed at the destination server. Absolute vs Relative migration (co-location with other agents/resources)

29 Anand Tripathi, University of Minnesota29 Agent Execution at a Server When an agent arrives at a server: Its credentials are verified. A thread is created for its execution. This thread first executes the arrive method of the agent. It then executes the requested method. Finally it executes the depart method.

30 Anand Tripathi, University of Minnesota30 Exception Handling -- Guardian Agent Creator Agent Server Guardian Agent transfer on exception Agent Exception Agent colocates with the Guardians and calls its Report method Agent launch Code Base Server

31 Anand Tripathi, University of Minnesota31 Protection of Server Resources Agents should be granted controlled access to host resources based on their credentials. – Access to files, network, application resources Agents should be prevented from bringing impostor code for security sensitive classes. Agents should be prevented from transferring a resource to a remote site.

32 Anand Tripathi, University of Minnesota32 Protection of Server Resources Based on JDK 1.1 security model Protection domains for agents –Thread groups in Java –Using the thread-group ID to identify the agent –The Domain Registry –Class loading in Java [Lindholm & Yellin 1996] –Class loader-based namespace isolation –One class loader per agent (domain) On-demand, secure code transfer

33 Anand Tripathi, University of Minnesota33 Agent and Server - Interactions Agent Environment Resource Registry Agent Transfer Domain Registry host StateCode M1 M2 M3 current Itinerary AGENT AGENT SERVER Server Interface ATP Resource AccessProtocol Proxy1 Proxy2 Unprotected Data AppendOnly Data Targeted Data ReadOnly Data Credentials RMI

34 Anand Tripathi, University of Minnesota34 Proxy Based Resource Access Agents arent given references to resource objects Proxy interposition [Shapiro 1986] Proxy as identity-based capability [Gong 1989] –access control –dynamic revocation –usage metering Assumption: agent server is not malicious Agent2 Resource Proxy2 Agent1 Proxy1

35 Anand Tripathi, University of Minnesota35 AccessProtocol Proxy2 Proxy1 Resource binding protocol Agent Resource Agent Environment Resource Registry Domain Registry 1 Server Interface Agent Transfer Resource registers its URN 2. Agent requests a resource 3. Server locates resource in registry 4. getProxy method is invoked 5. New proxy object is returned to agent 6. Agent accesses resource via proxy

36 Anand Tripathi, University of Minnesota36 Security against potential attacks Indirect access to the embedded resource: prevented using Java encapsulation ( private ). Copying of embedded resource via serialization: prevented using Javas transient keyword. Use of proxy class that compromises embedded resource: Ajanta class loader only loads trusted proxy classes. Typecasting of proxy: not possible, since proxy class has no ancestors (other than the base Java class Object ). Cloning of proxy: not allowed, since proxy class does not implement Cloneable interface.

37 Anand Tripathi, University of Minnesota37 Inter-agent Communication Inter-agent communication for co-located agents: using proxy-based binding Remote communication with agent using RMI: –leakage of sensitive data via remote invocation –proxy interposition between remote caller and agent –the createRMIProxy primitive –proxy screens (authenticates) incoming RMI calls –security manager screens outgoing connections

38 Anand Tripathi, University of Minnesota38 Protection of Agent State On the network: ATP uses encryption Types of objects contained in an agent –read-only (constants) –append-only (logs, write-once data) –targeted (private, for specific servers)

39 Anand Tripathi, University of Minnesota39 Agent Control Primitives Remote agents can be terminated or recalled home: –public void terminate (URN agent,...); –public void recall (URN agent,...); –public void retract (URN agent,...); Authentication necessary for these primitives –public Ticket authenticate (URN caller, int nonce);

40 Anand Tripathi, University of Minnesota40 Agents and Itineraries Host A, action M Host B, action M Host C, action M Host D, action M Host E, action M Host F, action M Current next An example of a simple itinerary

41 Anand Tripathi, University of Minnesota41 Migrations Patterns An itinerary is a sequence of patterns. A pattern is a collection of patterns. (Recursive) ItinEntry - primitive pattern host, action Sequence of patterns: execute the patterns in a sequential order Set of patterns: execute in any arbitrary order 3143 Selection of one pattern among a set of patterns 1

42 Anand Tripathi, University of Minnesota42 Applications of mobile agents A Calendar Management System –a calendar server maintaining users calendars –agents for scheduling meetings using patterns: Global File Access System –agent-based remote file access system Web Index Search Service – built above the file access system. Agents are used for searching a users web-page directory. Distributed Collaboration

43 Anand Tripathi, University of Minnesota43 Distributed Calendar System Each person in a group maintains a calendar and runs a calendar server. Calendar is a collection of events, organized by days. An event has: start time, duration, description To schedule a meeting of a set of people, an agent is sent to check each participants calendar server with proposed meeting times.

44 Anand Tripathi, University of Minnesota44 Calendar Agent and Servers Cal Server of User A Calendar Cal Server of User CCal Server of User D Cal Server of User B Agent

45 Anand Tripathi, University of Minnesota45 Files with ACL Global File Access System User As File Access Server User As File Access Server Files with ACL User As File Access Server Files with ACL Client Agent Migration Agent to fetch/deposit files

46 Anand Tripathi, University of Minnesota46 Global File Access System File load, store, transfer, stat, keyword search Interface primitives: –fetchFile (URN fileName); –transferFile (URN fileName, URL dest); –depositFile (byte[] data, URN fileName); –getFileStat (URN fileName); –search (String keywords); root directory, and access control list

47 Anand Tripathi, University of Minnesota47 Web Index Search Service A user can run a Web-Index Server for his/her web directory. This server stores an index for the users web directory. This index is prepared using Glimpse, an indexing and search tool from the University of Arizona. A client can send an agent to one or more web- index servers to search for files containing some given set of words.

48 Anand Tripathi, University of Minnesota48 Agent Based Web Search Server Client Launch Agent Search/Filter Glimpse index of the.www File Server Thread Results View Processing Browser

49 Anand Tripathi, University of Minnesota49 Global File System Requirements - open, read and write a remote file - support for different consistency model (AFS, Sprite, NFS etc) - dynamically configurable cache module (block size, cache size etc) - centralized as well as distributed caching policy

50 Anand Tripathi, University of Minnesota50 File System Initialization and Open Command Agent AjfsFile open File Server Agent File Client Agent File Client Agent Client Agent Environment File Server 4 Agent Transfer 5 getProxy 6 Data and Control channel

51 Anand Tripathi, University of Minnesota51 Agent-based Distributed Collaboration Agent can be used as workflow objects. Agents can be installed or transported to different users nodes for executing coordination protocols. Specify workflow constraints for a dynamic collaboration Role based access-control

52 Anand Tripathi, University of Minnesota52 Approach Define a collaboration environment in terms of user roles, shared objects, security and coordination requirements using XML DTD A written contract between Ajanta Collaborative System and a convener. Specify a collaboration plan in XML This plan conforms to the DTD and shared Role are assigned to people Execute the Ajanta Collaborative System

53 Anand Tripathi, University of Minnesota53 Steps in Building a Collaboration Collaborative Environment in XML DTD XML Specification of a Collaborative Plan Agent based Distributed Collaborative System using Ajanta

54 Anand Tripathi, University of Minnesota54 Agent-based Collaborative System abdc User Interface Shared Replicated Objects (Object Space) Agent-based Coordination Facility User A abdc User Interface Shared Replicated Objects(Object Space) Agent-based Coordination Facility User B Communication Network Dispatching of a Coordination Agent

55 Anand Tripathi, University of Minnesota55 Agent Environment Collaborative Authoring System AccessProtocol AGENT from a remote users UCI User Interface Document Manager Proxy Objects created from XML plan

56 Anand Tripathi, University of Minnesota56 Future Directions Further investigations into agent security issues, and analysis of integrity and security of the Ajanta mechanisms Scale of operations with a number of different kinds of applications involving a significant number of agents. –Robustness and fault-tolerance Agent group coordination and management Support for debugging agent applications High level language for agent programming

57 Anand Tripathi, University of Minnesota57 Resource Implementation Resource ResourceImpl CalendarImplCalendarProxy Calendar AccessProtocol = provided by Ajanta = written by resource provider = implementation inheritance = interface inheritance

58 Anand Tripathi, University of Minnesota58 Access control in the proxy The Calendar proxy: private transient Calendar ref;// the hidden resource private Method[] enabledMethods; boolean isFree (TimeRange t) { // Use Java reflection to find the isFree Method object thisMethod = myClass.getMethod (isFree,……); if (isEnabled(thisMethod)) return ref.isFree(t); // pass it through to ref else // throw security violation exception }

59 Anand Tripathi, University of Minnesota59 Server and Agent: Interactions OS File System Access Control List Agent File Server Agent Thread File System Thread File System Resource Job buffer File System Proxy

60 Anand Tripathi, University of Minnesota60 Team Members Anand Tripathi –Associate Professor, Computer Science –B.Tech (Elect. Eng.), 1972, IIT Bombay –Ph.D. 1980, University of Texas at Austin – , Senior Principal Research Scientist, Honeywell Inc. Minneapolis – Program Director for Operating Systems and Systems Software program at the National Science Foundation.

61 Anand Tripathi, University of Minnesota61 Team Members Anand Tripathi ( Principal Investigator) Current Team Members Tanvir Ahmed (M.S. student) Ram Singh (M.S. student) Arvind Prakash (M.S. student) Graduated Team Members : Neeran Karnik (Ph.D.) Manish Vora (M.S.)

62 Anand Tripathi, University of Minnesota62 RESEARCH GOALS The primary goal of the Ajanta project is to investigate and build an agent programming infrastructure for programming secure, high-confidence agent-based applications.

63 Anand Tripathi, University of Minnesota63 Current Research Activities 1The Ajanta infrastructure –agent execution, migration & binding –agent programming primitives –secure, remote control of agents –Location-independent naming based on the URN framework 2Secure Agent Transfer 3Mechanisms for server resource protection

64 Anand Tripathi, University of Minnesota64 Current Research Activities 4Secure inter-agent communication using RMI 5Authentication protocol for client-server interactions 6Mechanisms to protect agent state –Read-only state, Append-only state, Targeted state –the ElGamal cryptosystem in Java

65 Anand Tripathi, University of Minnesota65 Evolution ClientServer Client parameters(data) results (data) procedure (code) results (data) RPC REV

66 Anand Tripathi, University of Minnesota66 Applications of mobile agents A Global File System –Agents to act as client-side protocol managers with dynamic policies for caching and synchronization. –Agents as mobile shared objects –Server should be able to control the client-side protocol managers behavior dynamically Active Mail System –Agents as multimedia mail carriers –On-demand retrieval of multimedia

67 Anand Tripathi, University of Minnesota67 Patterns for Itinerary Composition Itinerary = sequence of patterns A pattern is a collection of patterns. (Recursive) Pattern types: –ItinEntry (server + method specification) –Sequence (ordered list of patterns) –Set (unordered list of patterns) –Selection (any one from a list of patterns) –Loop (iterate over a sequence of patterns) –Split (create one child agent per pattern in list) –SplitJoin (wait for child agents to return)

68 Anand Tripathi, University of Minnesota68 Secure Agent Transfer Requirements: –Code and state transfer –Security requirements (secrecy, integrity, authentication) –Failure/exception handling –Name service updates –Audit trails –Garbage collection –Thread allocation Absolute vs Relative migration (co-location with other agents/resources)

69 Anand Tripathi, University of Minnesota69 Applications of mobile agents Global File Access System –Currently we have a simple agent-based remote file access system –An agent can be used to fetch/deposit files at remote users node. Web Index Search Service –This is built on the file access system. Agents are used for searching a users web-page directory. –User runs a web-index server

70 Anand Tripathi, University of Minnesota70 Web Index Sever and Agent The server uses Glimpse to search the index and get the list of files satisfying the given search query. The agent is given the URLs of these files. Agent can bring back some initial parts of files. The agent returns home and creates an HTML document with these URLs as hypertext links. The result document also shows the frequency of occurrence of the search string in each document.


Download ppt "Anand Tripathi, University of Minnesota2 Mobile Agent Programming in Ajanta Anand Tripathi Department of Computer Science University of Minnesota Minneapolis."

Similar presentations


Ads by Google