Download presentation
Presentation is loading. Please wait.
Published byCristobal Steptoe Modified over 10 years ago
1
By Olga Gelbart rosa@seas.gwu.edu
Mobile Agents By Olga Gelbart
2
What is an agent? A program (“software agent”), e.g.,
Personal assistant (mail filter, scheduling) Information agent (tactical picture agent) E-commerce agent (stock trader, bidder) Recommendation agent (Firefly, Amazon.com) A program that can interact with users, applications, and agents collaborate with the user Software agents help with repetitive tasks
3
Is everything an “agent”?
Not all programs are agents Agents are customized persistent autonomous adaptive
4
What is a mobile agent? Mobile agent: Agent that
Search engine Machine A Machine B Mobile agent: Agent that migrates from machine to machine in a heterogeneous network at times of its own choosing
5
Definition In a broad sense, an agent is any program that acts on behalf of a (human) user. A mobile agent then is a program which represents a user in a computer network, and is capable of migrating autonomously from node to node, to performs some computation on behalf of the user.
6
How it works? Agent Host A Host B Host C Network
7
Mobile Agent Attributes
Code State Execution state Object state Name Identifier Authority Agent system type Location
8
Evolution of the “mobile agent” paradigm
9
Assumptions about computer systems violated by mobile agents
Whenever a program attempts some action, we can easily identify a person to whom that action can be attributed, and it is safe to assume that that person intends the action to be taken. Only persons that are know to the system can execute programs on the system. There is one security domain corresponding to each user; all actions within that domain can be treated the same way. Single-user systems require no security. Essentially all programs are obtained from easily identifiable and generally trusted sources The users of a given piece of software are restrained by law and custom from various actions against the manufacturer’s interests
10
Assumptions violated by mobile agents (cont’d)
Significant security threats come from attackers running programs with the intent of accomplishing unauthorized results. Programs cross administrative boundaries only rarely, and only when people intentionally transmit them. A given instance of a program runs entirely on one machine; processes do not cross administrative boundaries at all. A given program runs on only one particular operating system. Computer security is provided by the operating system
11
Benefits of mobile agents
Bandwidth conservation Reduction of latency Reduction of completion time Asynchronous (disconnected) communications Load balancing Dynamic deployment Reduction of communication Communication latency can be reduced since an agent can carry a sequence of service requests across the network, and there is no need to send these requests separately. Moving the agent to the data source can reduce communication bandwidth. In this case, only the resulting data is transmitted to the client thus reducing the data before transmission. Reduction of network connection time is also important. In the case of mobile code, a client needs to be connected only twice: while sending an agent and while receiving results back. Asynchronous tasks This goes in hand with reducing network connection time: after transferring a task to the network (via a mobile agent), a client can disconnect from the network and connect again only to receive results (which can be hours of days later). Clearly, this allows for execution on asynchronous tasks. Dynamic Protocols and Intelligent Data Some initial mutual protocol is required for the client and the server to start communication and for the server to receive a mobile agent. But after the initial communication is established a mobile agent can dynamically adapt to an appropriate protocol required for communication back to its home server. For example, an agent transmitting news updates can use a specialized multicast protocol for transmission to clients utilizing different communication protocol. An agent can dynamically adapt to this kind of situation. Software Deployment Mobile agents can be used for automation of software installations and upgrades. Temporary Applications Java applets can serve as examples of temporary applications: small applications, which do not require installation, can be temporarily downloaded and discarded when their task is finished. Route planners for travelers are examples of such applications. Distributed Heterogeneous Computing Mobile agents can provide a communications infrastructure for tasks in a distributed environment. For example, agents can collect data on one node and transfer is to another (an agent collects raw data from a system and submits it to a graph plotter server – can be faster than transmitting a whole image). Scalable applications As an example, we can look at a searching program. In a typical client-server situation, retrieved documents (from various data sources) are transferred to the client and sorted or filtered there. The client as part of the network creates a bottleneck. Mobile agents can perform content-based filtering on the spot and also get rid duplicate or redundant documents before transferring results back to the client.
12
Reason 1: Bandwidth conservation
Text documents, numerical data, etc. Dataset Client/Proxy Server Dataset Client/Proxy Server
13
Reason 2: Reduce latency
Sumatra chat server (a “reflector”) 1. Observe high average latency to clients 2. Move to better location
14
Reason 3: Reduce Completion Time
Efficiency 1. Send code with unique query Low bandwidth channel Mobile users 3. Return requested data 2. Perform multi-step queries on large, remote, heterogeneous databases
15
Reason 4: X X X X Disconnected communication and operation Before
After
16
Reason 5: Load balancing
Jobs/Load Jobs/Load migrate in a heterogeneous network of machines
17
Reason 6: Dynamic Deployment
Unique needs: maps, weather, tactical updates.... Command post Tactical updates Map, terrain databases Weather
18
Threats posed by mobile agents
Destruction of data, hardware, current environment Denial of service block execution take up memory prevention of access to resources/network Breach of privacy / theft of resources obtain/transmit privileged information use of covert channels Harassment Display of annoying/offensive information screen flicker Repudiation ability to deny an event / action ever happened Destruction of: files on the internal / external data storage. These files can be an kind ranging from configuration (operating system specific) to data files. This can be either deletion of corruption. Hardware : hardware-intensive executions which eventually may destroy it destruction of current execution environment: processes, stack, etc Denial of service: block execution of other processes take up all memory by replication prevention of access to data resources internally or from the network (a host is a server on some kind of a network) Breach of privacy & theft of resources: Malicious mobile agents can obtain privilege levels higher than required for an agent execution and gain unauthorized access to private information stored in internal data storage or external data storage (which could be a disk array or a database server). This private information (such as medical data or financial records) can then be take by the agent when it leaves and transmitted. Secret recording from a computer microphone and the following transmission of information to an unauthorized cite. Us of covert channels to transfer information to an unauthorized cite. Harassment: Display of annoying or offensive materials onto computer screen, periodic screen flicker are more damaging to the human user than to the computer itself, but should still be considered, since this is a threat to human working conditions. It’s dangerous especially if the screen flicker is introduced at a frequency known to cause seizures in sensitive people. Repudiation: ability to deny an event ever happened and get away with it. This is more of an “after effect”, but is still important. If an unwanted event happens, there should be some way to prove that it was caused by a malicious mobile agent.
19
Protection methods against malicious mobile agents
Authenticating credentials certificates and digital signatures Access Control and Authorization Reference monitor security domains policies Software-based Fault Isolation Java’s “sandbox” Monitoring auditing of agent’s activities setting limits Proxy-based approach to host protection Code Verification - proof-carrying code
20
Threats to mobile agents
Denial of service Unauthorized use or access of code/data Unauthorized modification or corruption code/data Unauthorized access, modification, corruption, or repeat of agent external communication
21
Possible attacks on mobile agents
Denial of service Impersonation Host Agent Replay Eavesdropping Communication Code & data Tamper attack
22
Protection of mobile agents
Encryption code payload Code obfuscation Time-limited black-box security
23
Application: Technical reports
GUI on home machine Machine n Machine 1 ... 1. Send agent 2. Send child agents / collect partial results 3. Return merged and filtered results Dynamically selected proxy site
24
Application: Military
Wired network Wireless Network Technical specs Troop positions Orders and memos
25
Application: e-commerce
Arbiter VendorA VendorB Bank Agent Agent Yellow pages
26
Mobile agent systems
27
More examples and “bots”
Tryllian mobile agent system Bots mysimon.com amazon.com - customer preferences
28
Current trends lead to mobile agents
Increased need for personalization Server-side Information overload “Customization” Mobile code to server or proxy Too many unique, dispersed clients to handle Diversified population Proxy-based Multiple sites to visit Mobile Agents Bandwidth gap Avoid large transfers Mobile code to client Avoid “star” itinerary Mobile users and devices Disconnected Operation High latency
29
Migrating to migrating code
Applets Proxies that accept servlets Services that Proxies provided by existing ISP’s Mobile Agents Intranet Internet
30
Conclusion: Cons Security is too big a concern
Overhead for moving code is too high Not backward compatible with Fortran, C …. Networks will be so fast, performance not an issue
31
Conclusion: Pros A unifying framework for making many applications more efficient Treats data and code symmetrically Multiple-language support possible Supports disconnected networks in a way that other technologies cannot Cleaner programming model
32
For more information... Mysimon.com
D’Agents: Tryllian: Aglets:
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.