A Security Model for Aglets

Mobile agents offer a new paradigm for distributed computation, but their potential benefits must be weighed against the very real security threats they pose. These threats originate not just in malicious agents but in malicious hosts as well.1 For example, if there is no mechanism to prevent attacks, a host can implant its own tasks into an agent or modify the agent’s state. This can lead in turn to theft of the agent’s resources if it has to pay for the execution of tasks, or to loss of the agent’s reputation if its state changes from one host to another in ways that alter its behavior in negative ways. Moreover, if mobile agents ultimately allow a broad range of users to access services offered by different and frequently competing organizations, then many applications will involve parties that may not trust each other entirely.2 The operation of a mobile agent system will therefore require security services that implement the agreements made by the involved parties, whether declared or tacit. Thus, the agreements cannot be violated, either accidentally or intentionally by the involved parties or by malicious or curious parties not bound by the agreements. Aglets are Java-based