Abstract
Mobility of software agents requires additional security measures. While the theoretical aspects of mobile agent security have been widely studied, there are few studies about the security levels of current agent platforms. In this paper, test cases are proposed to assess agent platform security. These tests focus on malicious agents trying to attack other agents or the agency. Currently, they have been carried out for two agent platforms: JADE and SeMoA. These tests show which of the known theoretical security problems are relevant in practice. Furthermore, they reveal how these problems are addressed by the respective platform and what security flaws are present.
Similar content being viewed by others
References
Borselius N. (2002) Mobile agent security. Electronics & Communication Engineering Journal, 14(5): 211–218
Karmouch, A., Magedanz, T., & Delgado, J. (Eds.) (2002). In Proceedings of the 4th International Workshop on Mobile Agents for Telecommunication Applications. Volume 2521 of LNCS, Springer.
Yang, K., Galis, A., Guo, X., & Liu, D. (2003). Rule-driven mobile intelligent agents for real-time configuration of IP networks. In Knowledge-Based Intelligent Information and Engineering Systems: 7th International Conference, KES 2003 (pp. 921 – 928). LNCS, Vol. 2773. Springer: Oxford, UK.
Fok, C., Roman, G., & Lu, C. (2005). Mobile agent middleware for sensor networks: An application case study. In Proceedings of 4th Internatoinal Symposium on Information Processing in Sensor Networks, IEEE CNF 2005, pp. 382–387.
Brewington B., Gray R., Moizumi K., Kotz D., Cybenko G., Rus D. (1999) Mobile agents in distributed information retrieval. In: Klusch M.(eds) Intelligent information agents. Springer-Verlag, Heidelberg, Germany
Thati P., Chang P., Agha G. (2001) Crawlets: Agents for high performance web search engine. In: Picco G.P.(eds) Mobile agents, Proceedings of the 5th International Conference (MA 2001) LNCS, Vol. 2240. Springer, Atlanta USA, pp 119–134
Geirland, J. (2002). The feature: mobile intelligent agents. http://www.thefeature.com/article?articleid=26051.
Beizer, B. (1990). Software testing techniques. International Thomson Computer Press.
JADE. (2007). http://jade.tilab.com.
SeMoA. (2007). http://www.semoa.org.
Gray, R., Kotz, D., Cybenko, G., & Rus, D. (1999). D’Agents: Security in a multiple-language, mobile-agent system. In G. Vigna (Ed.), Mobile agents and security (pp. 154–187) LNCS. Springer.
Jansen, W., & Karygiannis, T. (1999). Mobile agent security. Special Publication 800-19, NIST.
Roth, V. (2002). Programming Satan’s agents. In K. Fischer & D. Hutter (Eds.), Proceedings of the 1st International Workshop on Secure Mobile Multi-Agent Systems, SEMAS 2001. Elsevier.
Binder, W., & Roth, V. (2002). Secure mobile agent systems using java: where are we heading? In Proceedings of the 2002 ACM Symposium on Applied Computing, pp. 115–119.
Hohl, F. (1998). Time limited blackbox security: protecting mobile agents from malicious hosts. In Mobile agents and security (pp. 92–113). LNCS, Vol. 1419. Springer.
Jansen, W. (2002). A privilege management scheme for mobile agent systems. In Electronic Notes in Theoretical Computer Science, SEMAS 2001, 1st International Workshop on Security of Mobile Multiagent Systems, Vol. 63.
Tschudin, C. (1999). Mobile agent security. In M. Klusch (Ed.), Intelligent information agents: Agent based information discovery and management in the Internet, Chapter 18. Springer.
Vigna, G. (1997). Protecting mobile agents through tracing. In Proceedings of the 3rd ECOOP Workshop on Mobile Object Systems, Jyvalskyla, Finland.
Jansen W.A. (2000) Countermeasures for mobile agent security. Computer Communications, 23(17): 1667–1676
Burbeck, K., Garpe, D., & Nadjm-Tehrani, S. (2004). Scale-up and performance studies of three agent platforms. In Proceedings of the IEEE International Conference on Performance, Computing, and Communications, pp. 857–863.
Chmiel K., Gawinecki M., Kaczmarek P., Szymczak M., Paprzycki M. (2005) Efficiency of JADE agent platform. Scientific Programming, 13(2): 159–172
Fischmeister S., Vigna G., Kemmerer R.A. (2001) Evaluating the security of three Java-based mobile agent systems. Lecture Notes in Computer Science 2240: 31–41
Endsuleit, R., & Calmet, J. (2005). A security analysis on JADE(-S) V. 3.2. In Proceedings of NordSec, pp. 20–28.
Braun, P., & Rossak, W. (2005). Mobile agents. Basic concepts, mobility models and the tracy toolkit. dpunkt.verlag.
Santana Torrellas, G. (2004). A network security architectural approach for systems integrity using multi agent systems engineering. In International Symposium on Parallel Architectures, Algorithms and Networks (ISPAN).
Hahn C., Fley B., Florian M., Spresny D., Fischer K. (2007) Social reputation: A mechanism for flexible self-regulation of multiagent systems. Journal of Artificial Societies and Social Simulation 10(1): 2
AgentLink (2007). European co-ordination action for agent-based computing. http://eprints.agentlink.org/view/type/software.html.
FIPA: Foundation for Intelligent Physical Agents (2007). http://www.fipa.org.
JADE Board (2005). JADE security guide. http://jade.tilab.com.
Roth, V., Jalali, M., & Pinsdorf, U. (2007). Secure mobile agents (SeMoA). http://www.inigraphics.net/press/brochures/sec_broch/sec/Security.pdf.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bürkle, A., Hertel, A., Müller, W. et al. Evaluating the security of mobile agent platforms. Auton Agent Multi-Agent Syst 18, 295–311 (2009). https://doi.org/10.1007/s10458-008-9043-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10458-008-9043-z