Please use this identifier to cite or link to this item: http://localhost:8081/xmlui/handle/123456789/1774
Title: DESIGN AND IMPLEMENTATION OF A SECURE MOBILE AGENT PLATFORM FOR DISTRIBUTED COMPUTING
Authors: Patel, Ram Bahadur
Keywords: NETWORK;DISTRIBUTED COMPUTING;ELECTRONICS AND COMPUTER ENGINEERING;SECURE MOBILE AGENT PLATFORM
Issue Date: 2004
Abstract: Mobile agent technology offers a new computing paradigm in which an autonomous program can migrate under its own or host control from one node to another in a heterogeneous network. In other words, the program running at a host can suspend its execution at an arbitrary point, transfer itself to another host (or request the host to transfer it to its next destination) and resume execution from the point ofsuspension. The use ofmobile code has a long history dating back to the use of remote job entry systems in the 1960s. Today's agent incarnations can be characterized in a number of ways ranging from simple distributed objects to highly organized software with embedded intelligence. Telescript developed by General Magic in the early 1990s, was the first system expressly designed for programming mobile agents. It was followed by several research systems such as Tacoma and Agent Tel in which agents were written using script languages. Aglets. Voyager. Grasshopper, SOMA, D'Agent, Ajanta, and Concordia are examples of Java-based mobile agent systems. There are two main areas in which mobile agents offer considerable advantages, namelv: systems and distributed management and information retrieval. Other areas where mobile agents are seen as offering potential advantages, are disconnected computing, also known as wireless or mobile computing, dynamic deployment of code, thin clients or resource-limited devices, personal assistants, and mobile agent-based parallel processing. The mobile agent paradigm raises many issues/problems which must be dealt with satisfactorily in order that mobile agent systems can be used in real life applications. The most important issue concerns security. Security mechanisms are necessary to safeguard the hosts' resources from the agents executing on them. Similarly, agents themselves may need to be protected from the hosts they visit. An agent is likely to carry as part of its state, sensitive information about the user it represents, which must not be revealed to unauthorized hosts or agents, nor must they be allowed to modify it arbitrarily. As larger and more complex systems of roaming agents are deployed, the problem of managing user agents becomes more pronounced. Scalable mechanisms are needed for naming and locating agents even as they migrate in the execution of their tasks. Application programmers need reliable control primitives for starting, stopping and issuing application specific commands to these agents. The agent system itself must incorporate robustness and fault tolerance mechanisms to allow such applications to operate over unreliable networks. VIII Currently, no system has a generic architecture to support flexible and reusable components for modular system construction. Most of today's mobile agent systems allow creation and cloning of agents, but effective mechanisms for termination of an agent and its clones are still missing, i.e., agents or clones move around in a network forever. Most systems lack efficient mechanisms for retransmission of an agent when a previously launched agent does not report after a fixed interval of time. When an agent accesses a host on the network, it uses its local resources. Therefore, there is a need for the resource management at a host. The agent should have the capability to negotiate with the hosting environment for charges. Most systems provide the fundamental features of agents, such as autonomy, intelligence, and mobility, but lack comprehensive support for resource utilization on failure at the next destination. In this thesis we have dealt with most of the above issues and proposed mechanisms for their solution. We have modified the existing mobile agent paradigm (MAP) to a new one which improves performance considerably. The modified MAP is an integration of the existing one with a stationary agent. In this paradigm, each server requires a stationary agent, which accepts the results generated by agents after completion of their assigned task. It also takes care of incomplete agents by re-injecting them in their itineraries. A new mobile agent platform PMADE-SF (Secure and Fault Tolerant Platform for Mobile Agent Distribution and Execution) has been designed and implemented, using this modified paradigm, and is used as the test bed for the proposed mechanisms. It is a secure, fault tolerant, flexible and dynamically extensible framework for experimenting with mobile agents. The design goals of PMADE-SF have focused on providing flexible agent mobility and architecture, scalable agent naming and location, resource optimization, reliable agent transmission, agent security and fault tolerance. A useful feature of PMADE-SF is its modularization to facilitate experimentation. It is possible to redesign and re-implement a single module within PMADE-SF, without affecting others. A novel hybrid agent architecture is developed, based on agent mobility and itinerary patterns, which provides fault tolerance to agents on open networks. It is an adaptable model which allows agents to modify their external and internal states. It allows agents to switch from one itinerary pattern to another whenever required for safety from network failures-. It also differentiates between an agent and a clone, in order to locate clones, by providing them with separate identities. The agent itinerary patterns divide agents into two categories. In the first category, implementation of agent management methods can be included in the agent IX itself, as part ofits architecture, allowing delegation ofspecific mobility functions to it. This frees the agent host from this responsibility. In the second category, an agent is managed by its host. PMADE-SF agents can also create other agents or clones at remote sites and dispatch them. This remote agent creation feature is unique for mobile agent systems. It can be efficiently used for mobile devices, where short message (SMS) can be used to trigger agents remotely. Ascalable mechanism for naming and locating mobile agents has been designed. Agent naming is compliant with the MASIF standard. Using this mechanism, agents can locate and initiate communication with any number of agents simultaneously. It also allows the application developer to control agents roaming on open networks by issuing application specific commands, to add new itinerary elements, remove old ones, or terminate the agent and its clones and call them back while located at remote sites. The mechanism generates fewer overheads in comparison to some existing ones. A system level novel communication infrastructure is designed for mobile agent systems using a modular approach, so that it is easily extendible. The communication service is responsible for all remote interactions that take place between its distributed components, such as inter-agent communication, agent transfer, etc. Anumber of protocols are proposed for direct, multicast, broadcast or federated communication between agents. The communication system facilitates agents to join another agent which is already in communication with others. We have compared the performance of PMADE-SF (version 1.0), with that ofAglets (version 2.0.1) and Grasshopper (version 2.2.3b) systems, by conducting experiments on a setup of three networks. Performance indices chosen for studying the communication protocols are agent migration time, itinerary time, clone creation time and cloning power with variable sized data and CPU overhead with varying number of agents. It is found that PMADE-SF generates fewer overheads in comparison to Aglets and Grasshopper and shows better performance in all respects. We have defined security measures for both safe transport and safe execution of agents and developed a common security framework usable on any mobile agent system. An agent visits hosts in the network according to a fixed itinerary, which is a list of hosts it is authorized to visit or can update on its owner's request. Techniques for providing security of agent itineraries, integrity of agent code and data and agent host are proposed, designed and implemented. A distributed, designated sealed object concept has been suggested and implemented, i.e., one sealed object for one host, which includes all parameters required for starting agent execution at a remote host. This provides confidentiality to agents and their data. No part of the agent's state can be modified. If intermediate states of agents are required at the next destination, these are packed separately. The result is also saved separately for security. A novel trusted host (re-router) has been developed to provide security and robustness to mobile agents itineraries. This trusted host could be used to provide interoperability to reroute agents of the other platforms, if the sealed object is implemented in them. For this we need to add only one common stationary agent to every platform, to communicate with the trusted host to receive agents temporarily. This trusted host re-injects the agent in its predefined itinerary, after it is forced to skip an unreachable host. We have developed three protocols, which provide both security and robustness to agent itineraries, in a separate middleware layer that is flexible, since it can be suitably modified as per requirement. The proposed techniques have been implemented and tested on the PMADE-SF system and the results of a comparison of these techniques, with existing models like Mir and Westhoff are also reported. Several mechanisms have been developed for making agents persistent, for reactivating them and their state activity after a failure, and for reliably transporting them between various agent hosts. These mechanisms are meant for tolerating node, agent and communication failures on a network and for recovering agents and agent hosts from them. They are based on a novel 3-Layered Monitor System (3LMS) to fault-tolerance, which avoids single point failures of centralized systems, while still maintaining the scalability of distributed systems. It provides fault-tolerance at the local host level, between hosts on a single network and between different networks in a global system. Depending on where the fault has occurred, the corresponding layer performs recovery. Thisoptimizes network traffic, reduces unnecessary communication delays and provides fast recovery. For agent recovery on failure, some existing schemes use Watchdog/Witness agents which travel on the network and create unnecessary traffic. Instead we have proposed a scheme based on checkpointing of intermediate states/results and registration and deregistration messages between routers and hosts. A thread-based protocol is developed for monitoring agent status locally on the host. On any update, i.e., arrival of new agent, migration of old agents, etc, occurring at a host, it checks for status changes in the agent's thread objects. The advantage of this protocol is that no network overhead is generated for recovering the agent and agent host on software failure. XI This protocol also improves the performance of the system by avoiding agent blocking at a host. The 3LMS technique has been implemented and tested on PMADE-SF and the results of acomparison with fault tolerance protocols given by Lyu and WC-ARP is also reported. Finally, we have validated PMADE-SF through a list of experiments on a cluster of computers connected in a large heterogeneous Intranet. A banking system and a network management system have been implemented using PMADE-SF agents. The main objectives ofthe experimentation were to exercise the agent hosting and execution framework, and test the agent programming capabilities of PMADE-SF. These systems also help to demonstrate the utility ofdifferent itinerary patterns in designing agent-based applications. The PMADE-SF system has proved very successful in real applications. This is demonstrated by the fact that it is being used by many PG and UG students of the department to develop efficient agent-based applications for network management, network traffic analysis, intrusion detection, etc.
URI: http://hdl.handle.net/123456789/1774
Other Identifiers: Ph.D
Research Supervisor/ Guide: Garg, Kumkum
metadata.dc.type: Doctoral Thesis
Appears in Collections:DOCTORAL THESES (E & C)

Files in This Item:
File Description SizeFormat 
DESIGN AND IMPLEMENTATION OF A SECURE MOBILE AGENT PLATFORM FOR DISTRIBUTED COMPUTING.pdf118.26 MBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.