Mobile Agent Platform Protection Mechanisms Based On Dynamic Loading Protocol

Mobile agent technology offers a new paradigm for distributed applications, especially for Web-based and Internet-based applications. Many mobile Agent Systems have been deployedover the past decades. However, security issues in Agent systems have not been addressed adequately. In order to make the mobile Agent paradigm more useful and acceptable, security considerations should go beyond the protection of basic Agent execution environments. Survivability is also an important issue to be considered in mobile Agent systems. A critical Agent system needs to continue its operation and provide confidentiality and integrity assurance even in the case of failures.In the circumstance of Agent's server, trust also exists between Agent and Agent's server and the choice of trust is also needed in Agent. Because the dynamic and uncertain circumstance of Agent, when Agent and Agent 'server transfer data with each other, they must know the trust. The trust of Agent not only includes the trust of the entity of Agent but also include the trust of behavior of the entity of Agent. Traditional security mechanism include the technology of encode and the control of access, which are used for authorization and attestation, solving the trust of the entity of Agent.The thesis will solve the host security problem of Mobile Agent system. This method, namely dynamic protocol, is to ensure the host security through the protection of resource and the validity of Agent. It is composed of two aspects: firstly, using the Java two sandbox to control the access of host resource, thus it can prevent the host resource from being accessed by Agents without authority; secondly, adopting a trust-based mobile Agent transfer protocol to control the transfer of Agents, refusing the transfer request of invalid Agent. Thus, it can guarantee that the Agent running in the host is valid, in other words, it avoids the illegal Agent performing in the host. Further more, it can be sure that the Agent status data haven't been tampered or replaced in the course of transfer. Resource policy can be set up flexibly on the basis of code base. And lastly the method can also prevent the resend attack of Agent.