Security in the Ajanta mobile agent system

Neeran M. Karnik, Anand R. Tripathi

Research output: Contribution to journalArticlepeer-review

68 Scopus citations

Abstract

A mobile agent is an object which can autonomously migrate in a distributed system to perform tasks on behalf of its creator. Security issues in regard to the protection of host resources, as well as the agent themselves, raise significant obstacles in practical applications of the agent paradigm. This article describes the security architecture of Ajanta, a Java-based system for mobile agent programming. This architecture provides mechanisms to protect server resources from malicious agents, agent data from tampering by malicious servers and communication channels during its travel, and protection of name service data and the global namespace. We present here a proxy based mechanism for secure access to server resources by agents. Using Java's class loader model and thread group mechanism, isolated execution domains are created for agents at a server. An agent can contain three kinds of protected objects: read-only objects whose tampering can be detected, encrypted objects for specific servers, and a secure append-only log of objects. A generic authentication protocol is used for all client-server interactions when protection is required. Using this mechanism, the security model of Ajanta enforces protection of namespaces, and secure execution of control primitives such as agent recall or abort. Ajanta also supports communication between agents using RMI, which can be controlled if required by the servers' security policies.

Original languageEnglish (US)
Pages (from-to)301-329
Number of pages29
JournalSoftware - Practice and Experience
Volume31
Issue number4
DOIs
StatePublished - Apr 10 2001

Keywords

  • Distributed systems
  • Internet programming
  • Java security model
  • Mobile agents
  • Mobile objects
  • Security

Fingerprint Dive into the research topics of 'Security in the Ajanta mobile agent system'. Together they form a unique fingerprint.

Cite this