Security in the Ajanta mobile agent system

A mobile agent is an object which can autonomously migrate in a distributed system to perform tasks on behalf of its creator. Security issues in regard to the protection of host resources, as well as the agent themselves, raise significant obstacles in practical applications of the agent paradigm. This article describes the security architecture of Ajanta, a Java-based system for mobile agent programming. This architecture provides mechanisms to protect server resources from malicious agents, agent data from tampering by malicious servers and communication channels during its travel, and protection of name service data and the global namespace. We present here a proxy based mechanism for secure access to server resources by agents. Using Java's class loader model and thread group mechanism, isolated execution domains are created for agents at a server. An agent can contain three kinds of protected objects: read-only objects whose tampering can be detected, encrypted objects for specific servers, and a secure append-only log of objects. A generic authentication protocol is used for all client-server interactions when protection is required. Using this mechanism, the security model of Ajanta enforces protection of namespaces, and secure execution of control primitives such as agent recall or abort. Ajanta also supports communication between agents using RMI, which can be controlled if required by the servers' security policies.