Security

The TAgents Mobile Agent System provides in its actual version a good base for a Mobile Agent Platform. But there are still many things missing until it could be considered as in production state. This chapter will give an overview about the things still under work or to be done in future.

The most important task is to build a good security environment for the System. The design of the platform tries to separate the Agents from other parts of the System, but they still have access to many resources they are not always allowed to. The security should provide a fine grained access control to all parts, especially to resources from System Agents and the System. The first step is to implement the already existing security manager which will be the base of the security environment. The security should give the service the possibility to check if an Agent is allowed to call a special method, or more generally, to access this special part of the resource offered by them. Some calls to the security manager are already implemented, but still do not check the rights of the Agent.

Another part of the security is the authentication of an Agent and an Agent System. A good approach for this is the use of a standard authentication service like LDAP [LDAP]. LDAP is a directory service which can provide authentication and access control. Every Agent should have an authority which has several rights to do things. The authority is mainly the authority of the user for who the Agent acts. A System Agent should be given the possibility to let the access for a certain resource be checked by the security environment.

The last part (as it appears today) for security is the secure transportation and communication between Agent Systems. In the actual version an Agent which travels can be altered during transport. The content of its variables could be altered or copied by an attacker from outside. To prevent this for communication there should be used a secure protocol as for example SSL [SSL]. Also have the sender and receiver to be authenticated when starting communication. An attacker could for example pretend to be a trusted Agent System to bypass the other security checks. This can be prevented by using a public / private key based authentication mechanism, which are available for all languages and systems now. This can be used with the directory service which can hold the public keys of the parts of the Agent System and can work as control service for the authentication of the handled keys.

Another method provided by the Java language of the possibility to sign code like jar - files. Agents with their code signed can be trusted more then Agents with their code loaded from the internet with no signature. The most secure way is to just allow Agents be created from a trusted source or from a signed code base.

With an appropriate security environment there could be defined trusted hosts from which code for System Agents and other parts of the System can be loaded when needed. Also Agents coming from a trusted host do not need to be checked for their authentication anymore.