Countermeasures for mobile agent security

Security is an important issue for the widespread deployment of applications based on software agent technology. It is generally agreed that without the proper countermeasures in place, use of agent-based applications will be severely impeded. However, not all applications require the same set of countermeasures, nor can they depend entirely on the agent system to provide them. Instead, countermeasures are applied commensurate with the anticipated threat profile and intended security objectives for the application. While countermeasures typically include any action, device, procedure, technique, or other measure that reduces the vulnerability of or threat to a system, our focus here is specifically on technical mechanisms, as opposed to procedural or non-technical measures. Such countermeasures can be integrated directly into an agent system, or incorporated into the design of an agent to supplement the capabilities of an underlying agent system. This paper gives an overview of the threats associated with software agent systems and their technical countermeasures, including the strengths and weaknesses of the techniques involved. Emphasis is on mobile software agents, since they typically face a more severe set of threats than do static agents and, therefore, demand more rigorous