A Framework to Protect Mobile Agents by using Reference States




A MOBILE AGENT-BASED COMMUNICATIONSMIDDLEWAREFOR DATA STREAMING IN THE BATTLEFIELDABSTRACTIn this paper we introduce the FlexFeed framework in the context of military combat operations. FlexFeed realizesthe notion of Agile Computing for streaming data communicationsand implements a flexible, robust and efficient]publish/subscribe infrastructure for dynamic ad hoc environmentunder resource and policy constraints. Theframework uses mobile software agents for underlyingconfiguration and policy enforcement. The paper illustratesthe effectiveness of the framework with quantitativeexperiments over simulated scenarios.INTRODUCTIONDependable communication capabilities are amongst the most important technical requirements for mission successin military operations. Complex missions involving coalitionforces, robotic support units, remote sensor beds andautonomous vehicles will require underlying communicationinfrastructures that are more flexible, efficient, androbust in order successfully operate in the face of enemyattacks.Most communications between peers in the battlefield areeither to exchange state and environmental information orto relay command and control messages. State informationincludes, for instance, relative position of troops and vehicles(enemy and friendly), sensor data from unmanned vehiclesor sensor beds, situation data, etc. This type of datais often transmitted as streams of arbitrary durations, suchas video-feeds from a camera sensor or continuous GPSposition data from moving vehicles or troops.Furthermore, the communications infrastructure must adjustto changes in overall mission goals and operationstempo. During monitoring and recognition missions, conservingpower might be the primary objective function toextend the life of network resources. However, as engagementtakes place, the communications infrastructure mayneed to quickly shift into a high performance mode to effectivelysupport and optimize the kill chain as the primaryobjective.In this paper we present FlexFeed, a mobile-agent basedcommunications framework, applied to the battlefield scenario.Our proposal leverages from years of research in thefields of mobile ad hoc networks and intelligent softwareagents to build an efficient, self-configurable, and selfhealingcommunications network for these types of environments.After an introductory description of the environment andsystem requirements, we will discuss the related work inthis area and the concepts proposed in FlexFeed. A briefdescription of the implementation details of frameworkwill be then followed by case studies, presented and experimentallyevaluated on a simulated network to illustrateFlexFeed capabilities.COMMUNICATIONS IN THE BATTLEFIELDAs part of the Army’s Objective Force to be deployedwithin the next decade, Future Combat Systems (FCS) isenvisioned as a system of systems that will integrate severallightweight, highly mobile components including newgenerations of manned and unmanned military vehicles, hese light vehicleswill partially replace heavy armored slower vehiclesin order to bring unprecedented levels of dynamism andagility to the combat theater.Furthermore, FCS operations will heavily rely on informationsuperiority to quickly take control of the battlefield and react to enemy movements and changesof strategy. This capability depends on the notion of universaltasking, where resources and information are directlyavailable at any timeto the edge warriors and commandersin the field.An enabling key-capability for this vision is an efficientand adaptive communications infrastructure to support andextend edge warrior capabilities and provide access tocritical information at any time, while at the same timeensuring optimal resource utilization and security both atthe infrastructure and information levels. Figure 1 shows aschematic view of some of the elements involved in theseeypes of operations.In general, a communications model capable of supportingFCS requirements is an ad-hoc publish/subscribe model.Soldiers and systems in the network will subscribe to sen2of 8 data and state information to plan and coordinate localtasks in response to high level instructions from the commandand control center.Figure 1 –Communications infrastructure in the battlefieldBased on FCS requirements, an appropriate data communicationsframework must be capable of satisfying the followingrequirements:a) Ad hoc: In most cases, as illustrated in figure 1, networksbetween nodes will be ad hoc, formed by proximityduring the operation itself. The communications infrastructuremust not depend on pre-established infrastructuralcomponents or centralized management stations. This capabilityis important both from a scalability and robustnessperspective, eliminating (or mitigating) single points offailure in the network.b) Efficiency: Communications and computational resourcesin the battlefield are expected to be limited andoften times, battery operated. Ad hoc sensor beds andsmall autonomous vehicles deployed during the operationwill have a life-span strictly limited by their battery life. Inmost cases, it is imperative that the communications infrastructure operate efficiently across different types of applicationsand scenarios to extend the life of network resources.c) Heterogeneity: Systems in the battlefield tend varygreatly in terms of computation and communications capabilities.Lightweight attack vehicles, small robotic units,and unmanned aerial vehicles will all have different degreesof computation and sensing capabilities andaccess tothe wireless environment.d) Application-aware Capabilities: A common limitation inmost communications frameworks currently available isthe lack of interaction between applications and theunderlyingdata transmission protocols. This limitation is oftenaccepted in lieu of the benefit of layer isolation and inmaking protocols interchangeable. For improved efficiencyhowever, the communications infrastructure canand should benefit from data-aware protocols at all levels.d) Robustness to External Attacks: The communicationsinfrastructure must be able to resist to both physical andnetwork attacks. Degradation with loss of communicationresources must be graceful and most importantly, must beselective. Special types of operations and tasks that arecritical to the overall operation must have precedence overless relevant tasks. This requirement goes beyond theconventionalnotion of quality of service in data networks.Ideally, the framework must be aware of the importance ofdata transmission not only in terms of data-type, source,and destination, but also in terms of high level goals andmission OPTEMPO in order to makeprioritization decisions.c) Robustness to Environmental Changes: The environmentalconditions, topology, and size of the network willvary significantly. In the battlefield, nodes can arbitrarilyjoin and leave the network. Nodes can be physically destroyedor made unavailable at any time. Anappropriatecommunications infrastructure must be able to cope withthese changes quickly and efficiently.e) Reactive and Proactive OPTEMPO Adaptability: Theframework must also be able to properly adapt to changein overall mission goals or situation in the battlefield. Forinstance, changes in operational tempo can be eitherpushed to or autonomously detected by framework nodes,which should automatically result in changes in the communicationsbehavior. Forinstance, when precursors ofengagement are identified, the framework, in accordancewith global policies, must autonomously switch from apower efficient mode a low latency, high performancemode to support combat systems.f) Proactive Resource Manipulation for Survivability andImproved Efficiency: This notion was initially proposedwithin the context of Agile Computing (Suri, 2002). It refersto the notion of granting the framework with the abilityto proactively manipulate physical (or logical) resourcesin the framework in order to recover criticalconnectivity segments or to significantly improve performance.g) High Level Policies for Monitoring and Control: From ahuman perspective, monitoring and control of such complexsystems is a very difficult task. An appropriate frameworkfor these types of systems must support interfaces topolicy infrastructures that would allow humans to easilydefine and establish constraints and obligations to regulatethe overalloperation of the framework. From an optimizationperspective, most policies would ultimately result inlow level constraints taken into account by the frameworkwhen deciding about resource allocation.In the last few years, a number of research proposals havebeen introduced to address some of these mon to most of them is the notion of a customizablepublish/subscribe communications mechanism capable toefficiently support messaging and data streaming.RELATED WORKConventional topic-based publish/subscribe systems suchas such as Vitria (Skeen, 1998), TPS (Eugster et al., 2001)3 of 8and JORAM (Maistre, 2003) leveraged form multicast protocolsand the assumption of a clear hierarchy on data andevents to build efficient multicast groups for topic-baseddata distribution. Multicast based protocols often providean efficient solution to the problem but they assume thatonly nodes participating in the multicast group wouldshare the data for distribution (at the level of the multicasttree). Furthermore, most multicast protocols assume data(or events) to be strictly hierarchical and processing capabilitiesfor data transformation within the hierarchy mustbe available a priori at all nodes.A number of gossip-based (or epidemic) protocols werealso proposed in the same context (Lin and Marzullo,1999; Ganesh et al., 2001; Eugster et al., 2003). In general, these are efficient and scalable protocols but assume nodata hierarchy and often make no attempt for cost or constraintoptimization based on data stream aggregationandfiltering.Multicast protocols specifically designed for peer-to-peernetworks such Scribe (Rowstron et al., 2001) and HiCan(Ratnasamy et al., 2001) came to solve scalability issues inaddressing and group coordination. They too, however,assumed that only nodes subscribedto the multicast groupwould participate in the multicast tree and that data processingcapabilities are available at all nodes a priori.Alternatives to the multicast option were also proposed atthe level of unicast routing in the form of data-aware customizedad hoc routing protocols. An important exampleof these types of data-centric routing protocols is DirectedDiffusion (Intanagonwiwat et al. 2000). The Directed Diffusionprotocol proposes a highly scalable data-aware decentralizedrouting algorithm. The protocol supports thecreation of data distribution trees including nodes that arenot directly subscribing for the data. The protocol, however,also assumes that data transformation capabilities areavailable a priori at each node, which is not a realistic assumptionfor the types of environments envisioned in FCS.More recently, Baehni et al. (2004) proposed a data-awaremulticast protocol (daMulticast) for peer-to-peer networks.The approach leveraged from some of thedata-centrictechniques for data description and group membership,significantly improving reliability and at the same timereducing the memory complexity involved in maintaininggroup membership at each node.In the most part, the approaches share the notion of usingdata-aware techniques for resource or performance optimization.The problem, however, is that data-aware frameworksare usually highly customized to a set of applicationsor data types, often requiring significant time andeffort to support new scenarios or capabilities. In manycases, such changes are not even possible, as hardwaremight have been already deployed or might be under externaladministrative control, like in the case of combat orMilitary Operations Other than War (MOOTW) coalitionoperations.THE FLEXFEED FRAMEWORKIn this paper we propose FlexFeed, a mobile-agent basedcommunications framework designed to support highlycustomized data streams in mobile ad-hoc network environmentsunder policy and resource constraints.The concepts implemented in FlexFeed were first introducedby Carvalho et al. (2002). The fundamental ideas ofthe framework are based on the concepts of Agile Computing(Suri, 2002) where network and system resources areopportunistically exploited to transparently support applicationrequests in a manner that is efficient, robust, andadaptable to changes in the environment.The FlexFeed framework is essentially based on three coreconcepts: a) Opportunistic resource exploitation; b) Flexibilityand run time self-configuration via on-demand codeand process migration; and c) In-stream data processing.Inthe framework, these capabilities are combined and extendedto address the requirements identified in the typesof environments expected in FCS.The framework uses data-aware mobile agents to bettercustomize multicast trees and to provide in-stream dataprocessing (i.e. to take advantage of the multi-hop natureof the communications path in these types of environmentsto distribute computation data processing loads). Specializedagents can be injected in the framework by authorizedparties at run-time, allowing for great flexibility and supportof highly specialized data streams. The overall behaviorof the framework is regulated by high level policiesdefined, verified, and distributed by an integrated policyinfrastructure designed for multi-agent systems. A proof-concept version of the FlexFeed framework was developedand tested both in simulated and physical environments.The framework was also demonstrated in actuallive exercises conducted by theArmy (ARL QL2, 2004)and the demonstrations for the Navy (ONR NAIMT,2004). In the subsequent items, we will briefly discuss theimplementation details of the framework, followed by experimentalsimulation results of illustrative case studies.THE FRAMEWORK COMPONENTSThe FlexFeed framework is a distributed application-leveliddleware that is installed in all participating systems.te middleware provides an API that allows applications specify services or requests for data streaming.At heimplementation , the framework combines amobile agent system with resource coordination and allo4of 8cation mechanism and a policy infrastructure to determined configure, at runtime, efficient data distribution treesbetween applications.The mobile agent system gives the framework the abilityto move code and computation between nodes to enable,on demand, new data-specific capabilities in nodes thatwill participate in the data distribution tree. Process migrationis used to improve survivability and system performance.AlthoughFlexFeed can be easily configured to workwith different agent systems, our proof of concept implementationwas developed on top of the NOMADS agentsystem (Suri et al., 2000; Groth and Suri, 2000).NOMADS is a mobile agent system for Java-based agents.It provides two implementations: Oasis and Spring. Oasisincorporates a custom Java-compatible Virtual Machine(named Aroma) whereas Spring is a pure Java implementation.The Aroma VM is a clean-room VM designed toprovide the enhanced capabilities of execution state captureand resource control.The resource coordination component (referred to in thispaper as the ‘coordinator’) is the intelligent part of theframework. It is responsible for realizing the notion of agilecomputing in the context of data streaming. The ‘coordinator’can be implemented as a distributed process or asa centralized component operating in one of the nodes ofthe framework. All experiments and examples shown inthis paper are based on one specific implementation of acentralized coordination algorithm (ULM) but decentralizedalternatives are also available.The policy infrastructure is independent of the framework.The goal of the policy framework is to provide a high levelinterface to the system in order to allow both human operatorsand applications to establish, query and modify highlevel requirements and constraints that will regulate howthe framework should operate. Furthermore, the policyinfrastructure is also responsible for validation, verification,disambiguation, and distribution of policies throughoutthe system. Policies can also be used to regulate andconstrain the autonomous behavior of the framework, providingbounds for self-adjustments to operation tempo andto the proactive manipulation of resources. Currently,FlexFeed uses KAoS (Bradshaw et al., 1997; Bradshaw etal. 2002; Bradshaw et al., 2003) as its policy framework.Access to these components is available at each nodethrough a common API. In order to participate in theframework, applications at each node can obtain an instanceof the FlexFeedManager Component (Figure 2).The FlexFeedManager provides the access API to the framework and allows applications to register, advertisecapabilities, and request data streams from other resources.Transparent to the applications, FlexFeedManagers at communicate in a peer-to-peer fashion to exchangestate and plan resource utilization. When a client places arequest for a data stream from a sensor as illustrated infigure 2, it specifies the source of the data and the requirementsfor the data stream (for example, resolutionand frame rate in the case of a video stream).That information, along with resource availability informationfrom local nodes, is used to build the data distributiontree from source to client. If using a centralized coordinator,the planning is done at one single location using globalstate data. Decentralized coordination algorithms rely onpeer to peer negotiation between FlexFeedManagers anduse only local state for planning.The client is allowed to specify any type of data, grantedthat it provides to the framework the necessary informationfor cost calculation and the code (in the form of mobileagents) necessary to manipulate (e.g. aggregation and filtering)the data for optimization. Because FlexFeed supportson-demand code deployment, trusted applicationscan provide new components to the framework at run time,enabling the support of previously unknown data types.The client can also provide complex data processing requestssuch as the one illustrated in figure 3. In that example,the client is specifying (through a graph structure) twodistinct data sources that should be merged with a specific(client-provided) processing element (FS) and then, discriminativelydelivered to two sink nodes. Details aboutthe data types and processing elements are embedded inthe graph node and edge components, using a pre-defineddata structure provided by the framework.The FlexFeed framework will load the appropriate softwarecomponents specified by the client (either from theclient host of from a common codebase) and will identifythe network resources necessary to support the request.The location of the logical fusion element (FS) can be atany intermediate node between the source and sink elements,based on resource availability, policies, and overallcosts for computation and data transmission.After mapping the request to the physical network, theframework will monitor environmental changes (such assignificant variations in resource availability or link failure)to transparently recalculate and adjust the data treeuntil the request is terminated by the client.CASE STUDIES AND EXPERIMENTAL RESULTSThe framework was tested in a simulated network wherepacket drops and bandwidthconstraints could be carefullycontrolled. The goal of these tests was to demonstrate theeffectiveness of on demand configuration of data-awarestreaming in the improvement of data quality and reductionof jitter. These metrics are highly relevant to applicationssuch as the remote control of unmanned vehicles.The overhead of the framework was also measure in termsof induced latency in the stream. The computational overheadfor running intermediate processing elements andfilters was disregarded and the coordination mechanismused in the experiments was the centralized ULM (Carvalho,2005) algorithm, based on an iterative version ofDijkstra’s shortest path algorithm applied in localized partsof the graph.The experiments were conducted on a 100baseT networkwith full connectivity. Bandwidth limitations betweenUA V and other nodes were simulated on a fixed wirednetwork. Figure 4 provides a schematic view of the testnetworks.Figure 4 – Schematic illustration of the environment consideredfor experiments In this configuration, nodes ‘S1’ and ‘S2’ represent two dismounted soldiers in direct communications range witheach other and with a tank nearby ‘T2’. All nodes are incommunications range with an unmanned aerial vehicle‘UA V’ on a fixed flying pattern over enemy territory.The bandwidth available from the UA V to the remainingnodes is variable and can be severely constrained at differenttimes. Our experimental procedure explores differentoperational scenarios on top of this configuration. The goalis to quantitatively illustrate how the FlexFeed frameworkimproves data communications by reducing delays betweenimage updates and the variance between packet arrivaltimes (jitter). In our experimental setup, each node isrepresented by a separate laptop. The bandwidth limitationson the UAV are simulated by a gateway runningNISTNet (Carson, 2002). Figure 5 shows the experimentalsetup designed to simulate the environment illustrated infigure 1.The centralized coordination node (not shown in figure 5)receives state information such as CPU and bandwidthavailability from each of the 4 nodes involved in the test.The frequency of updates is proportional to the rate ofchange in these metrics. When a client makes a request fora data stream, it specifies the source node (UA V), framerate, and resolution. The coordinator nodewill receive therequest and will handle it appropriately, building a datadistribution tree from the source, based on current globalsystem state.Optimizing Bandwidth UtilizationIn the first scenario, soldier ‘S1’ temporarily assumes controlof the UA V, taking it o ut of the flying pattern andcloser to enemy positions. Unaware of the fact that the vehicleis now under remote control, soldier ‘S2’ also requestsa video stream from the UA V’s camera. In this example,both video streams were requested at a 320x240resolution with 3 frames per second.Under unconstrained conditions, the combined streamsrequire the UA V to send approximately 50 KBps of data.In the initial condition the bandwidth limitation is 100KBps (equivalent to unconstrained bandwidth in this example)so there are no packet drops and the average delaybetween images is 271 milliseconds, which represents astream of approximately 2.69 frames per second. Note thatthe resulting frame-rate, even under unconstrained bandwidthconditions, only approximates the requested framerate.This is due to the delays involved in actual imagecapture (which is camera dependent), compression, andserialization.The bandwidth available from the UA V is then progressivelyreduced to a maximum of 40 KBps, 30 KBps, and6 of 8then 24 KBps. At each step, the average delay betweenimages is measure at each client ‘S1’ and ‘S2’.When the coordinator is inactive, that is, when the frameworkis not making any attempt to optimize data streams,the sensor (UA V) sends a unicast stream to each of theclients. Both streams will compete for the limited bandwidthand the delays at each client increase significantlywith the reduction in bandwidth availability. These resultsare shown in figure 6, with their 95% confidence errormargins.Figure 6 – Effects of bandwidth reduction without datastream coordination.In this example, as the bandwidth availability decreases,the delays quickly increase to the point where criticaltasks, such as the remote control of the UA V, are completelycompromised. A minimum frame-rate of 2 fps isrequired1, in this example, to safely navigate the UA V so itis clear that even small constraints in bandwidth availabilitycan compromise this task. Furthermore, we can verifythe well known bandwidth stealing behavior between clients,where bandwidth is not equally shared betweenstreams. This behavior has been previously reported in IPnetworks (Tschudin and Ossipov, 2004) and could compromisecritical tasks such as the control of the UA V.Figure 4 – Data distribution tree created by FlexFeedWhen the FlexFeed coordinator is enabled, the frameworkidentifies the stream requests and attempts to globally optimizedata distribution. In this specific case, the coordinator(which, is a centralized process) determines that bothstreams are similar (in fact, equal) and the overall bandwidthutilization can be reduced with a multicast-like datadistribution tree. The framework opportunistically identi-1 Although it is commonly accepted that a minimum of four frames persecond is necessary to remotely operate robotic vehicles, for illustrationpurposes in this example, the minimum requirement for teleoperationis assumed to be two frames per second.fies node ‘T2’ as a potential intermediate processing elementand builds the distribution tree illustrated in figure 4.Under the same bandwidth constraints, the framework ensuresthat the lowest capacity link (from the UA V) is notsaturated and delays between images are kept within reasonablebounds.Furthermore, the variance in delay (jitter) is significantlysmaller, ensuring that critical processes maintain minimum levels of throughput and quality of service.FlexFeed OverheadThe overhead of framework basically falls into two maincategories: a) the number of additional control messagesinvolved on sharing state between nodes (or betweennodes and the centralized coordinator) and b) the time requiredto determine, locate, and configure the nodes thatwill participate in the data stream. Both factors are highlydependent on the type of coordination mechanism used inthe framework (centralized, zone-based, or local), the complexityof the data, the scale of the network, its level ofconnectivity, and the frequency of state updates.In our example, the network topology is static and variationsin resource availability are small so our attention isfocused primarily on the delays (latency) caused by thecentralized coordination algorithm. Table 1 shows the averagedelays and their 95% confidence error margins observedin each test, both with and without the coordinator.The delays were measured as the average between the timeof the second client ‘S2’ request and the time when thefirst image is delivered to that client.When the coordinator is present (second column), there isan up-front cost in terms of latency that is due to the timespend in identifying and configuring network resources fordata distribution. When the coordinator is not present, theresponse to the data request is relatively fast at first but thedelays increase as the bandwidth is reduced. This is basicallydue to the fact that initial images are being lost on thesaturated channel when the coordinator is not present.FlexFeed versus MulticastThe data distribution tree presented in this example resemblesa data multicast tree, often obtained with conventionaldata multicast algorithms. As previously noted, FlexFeed7 of 8goes beyond conventional and data-aware multicast approachesby building a tree that include nodesthat are notnecessarily part of the multicast group (node T2 in thiscase). These nodes are opportunistically discovered andconfigured, at runtime by the framework, based on its currentresource availability, role in the network, and systempolicies.Furthermore, the configuration of node T2 can be highlydata-dependent and arbitrarily complex. In these examples,the intermediate node was use merely as a splitting pointfor the data distribution tree. It could also have receivedcustomized code to perform in-stream data transformationor specialized filtering.Consider the case where the request place by soldier ‘S2’was for a lower res olution video stream from the samesource. Multicast algorithms would often regard this as anindependent request or would have assumed that one of thenodes in the multicast group would be able to reduce theresolution of the stream to include the new request in thedata hierarchy. Data-centric protocol like Directed Diffusionwould also depend on an intermediate node’s a prioricapabilities to construct the low resolution data from thehigh resolution stream.In FlexFeed, the request placed by soldier ‘S2’ can sp ecifyreferences to data-specific code that will be installed, ondemand, on node ‘T2’ to act as a processing element. Thecode would be installed only in the necessary nodes (asdetermined by the coordination algorithms) and would beremoved when no longer necessary.Another extension of the same capability is the transparentenforcement of information release policies. In this case,upon S2’s data request, FlexFeed would query the policyframework for constraints or obligations involving the request.Consider, for example, that policies were previouslydefined to constrain unrestricted access from S2 to thatspecific data source. In that case the framework will,transparent to node ‘S2’, identify an intermediate node forpolicy enforcement and will deploy the customized datafilters (specified as part of the policy) to ensure compliancewith the specified requirements. This feature of Flex-Fleed has been extensively demonstrated by (Suri, Bradshawet al, 2003; Suri, Carvalho et al, 2003) in multiplesimulations and real life exercises.CONCLUSIONS AND FUTURE WORKIn this paper we have introduced the FlexFeed frameworkin the context of military combat operations. The conceptproposed in FlexFeed goes beyond current data-centricrouting approaches and data-aware multicast. It realizesthe notion of agile computing in the context of data communicationsand offers the basis for a truly customizablemiddleware for data communications in extreme environments.The framework is currently implemented and has beentested in several small scale exercises including soldiersoperating in conjunction with robotic units and remote systems.The framework currently relies on a centralized coordinationalgorithm for resource allocation. We are currentlydeveloping fully decentralized (and zone-based)algorithms to improve scalability, robustness, and performance.。



A Framework to Protect Mobile Agents by Using Reference States*Fritz HohlInstitute of Parallel and Distributed High-Performance SystemsUniversity of Stuttgart, D-70565 Stuttgart, GermanyFritz.Hohl@informatik.uni-stuttgart.deAbstractTo protect mobile agents from attacks by their execution environments,or hosts,one class of protection mechanisms uses“reference states”to detect modification attacks.Ref-erence states are agent states that have been produced by non-attacking,or reference hosts.This paper examines this class of mechanisms and presents the bandwidth of the achieved protection.First,the notion of reference states is introduced.This notion allows to define a protection scheme that can be used to realize a whole class of mecha-nisms to protect mobile agents.To do so,after an initial analysis of already existing approaches,the abstract fea-tures of these approaches are extracted.A discussion exam-ines the strengths and weaknesses of the general protection scheme,and a framework is presented that allows an agent programmer to choose an appropriate protection level us-ing this scheme.An example illustrates the usage of the framework and its overhead.1.IntroductionMobile agents are program instances that are able to mi-grate from one agent platform to another,thus fulfilling tasks on behalf of a user or another entity.They consist of three parts:code,a data state(e.g.instance variables),and an execution state that allows them to continue their pro-gram on the next platform.For the area of mobile agents, security is a very important aspect since neither the provid-er of an agent platform or an agent-based service,nor the owner of an agent wants to be harmed by employing this technology.This is a non-trivial requirement in mobile agent systems,asfirst,the executing party has no vital in-terest to execute a program correctly,and second,the em-ployer of a program has to give away the control over the execution.While the mechanisms that allow the executing party to protect its system seem to be feasible today,the protection of the agent,and,in turn its owner,is still subject of ongo-ing research.One way to protect agents is to follow an organizational approach,i.e.to make sure that only trustworthy parties ex-ecute an agent.Unfortunately,such an approach either se-verely restricts the agent’s autonomy,requires a critical mass of infrastructure in order to be used or disallows a number of advantages of the mobile agent technology.An-other way to protect agents is to use special,trusted, tamper-free hardware(see e.g.[9]).This approach seems to be not attractive since it requires a host to buy specialized hardware that does notfit into existing systems and may not scale up efficiently,If neither organizational mechanisms nor special hard-ware can be used,mobile agents have to be protected by software means only.Currently,there are two approaches that try to protect an agent from all major attacks.Thefirst approach,which is called Mobile Cryptography[7],aims at converting agents into programs that work on encrypted da-ta,i.e.the operations use encrypted parameters and return encrypted results without the need to decrypt these data during execution.The second approach based completely on software is called Time-limited Blackbox Protection [3].Here,the agent code is obfuscated using techniques that are hard to analyse by programs.Since such an obfus-cation can be broken by a human attacker given enough time,the agent bears an expiration date,after which the agent gets invalid.Successful attacks before this expiration date are impossible.Unfortunately,both approaches are not yet mature enough to be used.As long as complete software protection does not suc-ceed,other protection mechanisms have to be examined. These mechanisms will not be able to prevent every attack, but will provide at least protection from certain attack classes.As we will see,one important class of protection mechanisms uses“reference states”,i.e.agent states that have been produced by non-attacking,or reference hosts to detect modification attacks of malicious hosts.* This work was funded by the Deutsche Forschungs-gemeinschaft (DFG) by grant no. RO 1086/4-2.2.Attacks, Reference behaviour, and Reference States 2This paper will examine this class of mechanisms and present the bandwidth of the achieved protection.For that purpose,a new general definition of attacks against mobile agents is presented in Section 2.To allow a practicable pro-tection scheme,the notion of reference states is introduced.This notion allows to realize a whole number of mecha-nisms to protect mobile agents.After an initial analysis of existing approaches in Section 3,the abstract features of these approaches are extracted.A discussion of the strengths and weaknesses of the general protection scheme is given in Section 4.In Section 5,a framework is presented that allows an agent programmer to choose a specific level of protection using the reference states scheme.An exam-ple illustrates the advantages of the framework in Section 6.After having measured the example in terms of over-head, Section 7 concludes this paper.2.Attacks, Reference behaviour, and Refer-ence StatesIn this section,we will examine the question of what an attack against a mobile agent is,and whether and how the answer leads to protection schemes.First,the used agent model is defined.2.1Agent execution modelIn this paper,the following model of the execution of a mo-bile agent will be used (see Figure 1).The agent is a construct consisting of code,data state,and execution state.The aim of an agent is to fulfil a task on behalf of its owner.For this purpose,the agent migrates along a sequence of hosts.The host takes the initial agent state,i.e.data and execution state,and starts an execution session.In this session,the host processes the agent using the code and some input,producing a resulting agent state.The input includes all the data injected from the outside of the agent,i.e.both communication with partners residing on other hosts and data received directly by or via the cur-rent host.The latter e.g.includes results from system calls like random numbers or the current system time.When the agent migrates to another host or dies,the execution ses-sion is finished on this host.The resulting state produced by one host is used as the initial state on the next host.Sincecode and other constant parts of an agent are digitally signed, an attacker cannot modify them undetected.2.2Attacks and reference behaviourThe term “attack”related to mobile agent protection is rarely defined explicitly,but most often used in an intuitive manner.Since the term is normally understood as a viola-tion of the expectations of the agent programmer or owner we can define attack as follows:Definition:An attack is a difference in behavior between the attacking host and a non-attacking or refer-ence host,i.e.one that acts as expected (“reference behav-ior ”)given the same state and resources (and unambiguous, complete specifications).In this definition,attacks include different behaviour due to (unintentional)errors,caused by a misinterpretation of the specifications or by technical faults.Although this definition seems to be intuitively under-standable,the term “reference behaviour”needs more ex-planation.One can argue that first,no two implementations of a specification behave equally,and second,the behav-iour of even the same implementation may differ,depend-ing on external factors,such as e.g.the actual state of thread scheduling.This may be true for a number of sys-tems,but not on the level our notion of behaviour is situated on.We denote with “behaviour”the level of expectation of the agent programmer,i.e.the way the system has to be-have in order to execute an agent.If this behaviour differs from the specification,the system acts in a way the pro-grammer did not expect,so it is likely the agent will fail to run.This expectation of the programmer,based on the specification,will probably not determine the behaviour of the system in every detail (e.g.the implementation of inte-gers at the bit level),but is,at an overall level,an adequate model of the system.Therefore,the difference in behaviour cannot be measured automatically on a low level,but by us-ing the knowledge of the programmer to compare two exe-cutions instead.The attack definition above leads to a protection scheme where the difference in behaviour is measured to prove or at least detect misbehaviour.There are two problems that restrict the practicability of this solution.First,some of the behaviour of the host cannot be observed from the outside of the host.In principle,either all malicious behaviour sooner or later results in perceptible actions,or -if the ma-licious behaviour does not result in a perceptible action -this behaviour does not matter since it has no consequenc-es.Practically,it is too difficult to control all future actions of a host.Second,it is at least difficult to provide the reference host with the state and resources of the untrusted host.As aa g e n t c r e a t i o ninputexecutionhost 1inputexecutionhost 2inputexecutionhost 3inputexecutionhost 4a g e n t t e r m i n a t i o nm i g r a t i o nm i g r a t i o nm i g r a t i o ninitial state resulting stateFig. 1: Agent execution modelhost may e.g.offer a whole database,such a provision would require the transfer of possibly very much data.Ad-ditionally,if this data has to be transported from the un-trusted host,no one can check the equivalence of this data set to the one stored in the untrusted host.2.3Reference statesWhat can be done practically is to measure not the dif-ference in behaviour between an untrusted and a reference host,but the difference in the variable parts of an agent computed from the untrusted host on one hand and a refer-ence host on the other hand,given the complete input dur-ing the computation. This leads us to:Definition:A reference state consists of the variable parts(i.e.the state)of a mobile agent executed by a host showing reference behavior.The input includes all the data injected from the outside of the agent,i.e.both communication with partners resid-ing on other hosts and data received directly by or via the current host.The latter includes e.g.results from system calls like random numbers or the current system time.If we are able to measure the difference in state,we are able to detect attacks,that differ in the resulting state from a reference state.These attacks include write or modifica-tion attacks of the variable parts of the agent and attacks, where the agent code is not executed according to the spec-ifications.What cannot be detected by this approach are read attacks and attacks where the party that mediates input and output modifies or suppresses them.3.Analysis of Existing ApproachesIn this section,we will analyse three existing approach-es that use a kind of reference state to detect attacks by the host.First,we will describe the mechanisms and state the level of protection they offer.Afterwards we will classify them according to criteria like the used moment of check-ing and the used reference data.3.1State appraisalFarmer,Guttman and Swarup present in[2]a“state ap-praisal”mechanism that checks the validity of the state of an agent as thefirst step of executing an agent arrived at a host.This checking mechanism only considers the current state of the arrived agent.The mechanism can consist e.g. of a set of conditions that have to be fulfilled after the exe-cution session.In this case,the reference data is structured as a set of rules.These rules are formulated by the program-mer who stated relations between certain elements of the state.The check is done by the host that received an agent,and it is in the interest of this host to do so as it wants to execute only valid,i.e.untampered agents(which else might attack him).If the host does not check the agent(e.g. because the host collaborates with the attacking host),an attack against an agent cannot be detected.The question of which further attacks cannot be detected depends partly on the used checking mechanism.If e.g.for the conditions,only boolean and numerical operators are used(i.e.constructs that are not turing complete),there are computations that can be done by programs,but not by con-ditions.Therefore,there may be computations that cannot be checked by this kind of rules.The lack of the input to the agent also leads to attacks that cannot be detected.Imagine e.g.an agent that remotely receives prices for a good from different shops.Then a lowest price is computed and the other prices are removed.The host may modify the execu-tion and/or the prices at its will without being detected as it is impossible tofind an inconsistency in the resulting state without the used prices.3.2Server replicationIn[6],Minsky et al.propose to use a fault tolerance mechanism to also detect attacks by malicious hosts.The authors assume for every stage,i.e.an execution session on one host,a set of independent,replicated hosts,i.e.hosts that offer the same set of resources(e.g.the same data),but do not share the same interest in attacking a host(e.g.be-cause they are operated by different organizations).Every execution step is processed in parallel by all replicated hosts.After the execution,the hosts vote about the result of the step.At all hosts of the next step,the votes(i.e.the re-sulting agent states)are collected.The executions with the most votes wins,and the next step is executed.Obviously, even(n/2-1)malicious hosts can be tolerated.From our point of view,this means that an execution is checked by using a set of other executions,and by counting the number of equal results.Since the hosts work in parallel,the input to the agent has to be shared and one host must not be able to hold back input to the other hosts.The server replication approach can detect all attacks that result in a different agent state.Collaboration attacks of up to(n/2-1)malicious hosts of the same step can be detected.Additionally,even attacks between collaborating hosts of different steps can be found as long as the above condition holds.3.3Execution tracesApart from checking the inherent integrity of agents or comparing agent states resulting from parallel execution, the third major idea to check the execution of an agent is tolet the executing host produce an execution protocol or trace.In[8],Vigna presents an approach that uses this idea to allow an agent owner to check the execution sessions at different hosts when a fraud is suspected.For this purpose, every host records a trace that looks like the one in Figure 2b.A trace consists of pairs(n,s)where n denotes the identifier of the executed code statement.In case this state-ment modifies the state of the agent using information from the outside of the agent(i.e.“input”in our terms),s de-notes the list of variable-value pairs that state the content of these variables after executing this statement.After the execution,the host creates a hash of the trace and a hash of the resulting agent state.Theses hashes are signed by the host and are sent to the next host,together with the code and state of the agent.The trace itself has to be stored by the host.The agent continues to fulfil its task and returns to its home host afterwards.Now,the agent owner can decide whether he/she wants to check the agent or not.In case of a suspicion,he/she requests the traces from the corresponding hosts starting at thefirst host.First, he/she computes a hash of the received trace and compares this hash with the one stored at the next host.If these hashes are identical,the host commits on this trace.Then the agent with its initial state is re-executed.In case of statements that used input from the outside,the values recorded in the trace are used.If a hash of the resulting state of the agent on this host is equal to the one signed by this host(which can be provided also by the next host),this host did not cheat,and the checking process continues.The case that the following host pretends to have received a different in-itial agent state,is prevented by sending back a signed mes-sage that commits this state back to the sending host.This approach detects all attacks that result in a different state as long as the host does not lie about the input to the agent.Note that the owner can only determine which host played wrong,but not the difference in the agent state as only hashes of the final states exist.3.4AnalysisTo obtain a better understanding of the protection band-width of the class of mechanisms that use a reference state, we have to extract the generic attributes from the presented mechanisms and the relations between these attributes. These attributes are:Moment of checkingThe reference state can be checked eithera) after every execution session on one hostb) after the agent has finished its taskSince the overall aim is to identify the host(s)that at-tacked an agent during its journey,and since malicious hosts may occur anywhere along the route,choosing b)also means thatfirst,the route,i.e.the list of visited hosts has to be stored somewhere in a secure way.This can happen ei-ther by dynamically recording the stations,appending this information digitally signed to the agent data,or by sending this information to the owner upon every migration,or by having an apriori,signed itinerary.Second,the used refer-ence data has to be stored for every of the execution ses-sions,since,without this precaution,the malicious host cannot be identified.In principle,one could think of checking in smaller time intervals,e.g.on the level of single statements.In reality though,you have to wait until an agent has left a host since a host can always run two agents,a correctly executed one and a manipulated one.Then,the agent that was executed correctly can be used to produce the(correct)checking out-put while the manipulated agent migrates to the next host. Therefore,using a smaller time interval would not prove the correct execution of the migrated agent.Used reference dataDepending on the moment of checking,the reference data used by the algorithm might differ.If the execution is checked after an execution session or after the agent ful-filled its task,a combination of the initial state,the resulting state,the input to the session,the execution log and the rep-licated resources can be used.Used checking algorithmIndependent from the moment of checking,any of the following checking algorithms can be used(note that the presented algorithms mark only some points in the contin-uous bandwidth of possible algorithms):rulesThis term subsumes simple(i.e.non turing complete) rule mechanisms that allow to check e.g.postconditions in form of first order logic (like moneySpent + mon-eyRest = moneyInitial). As has been argued in Section3.1, such mechanisms may not detect all attacks, butoften rules are easy to state and to check. Rules mayuse any of the presented reference data.re-executionRe-executions aims at executing an agent according to the reference specification given the same set of con-ditions (i.e. input) as the execution to check. As forrules, the whole checking process can be automated,10read(x)11y=x+z12m=y+113k=cryptInput 14m=m+kFig. 2a: Code frag-ment 10x=5111213k=214Fig. 2b: Trace of the code fragment4.Strengths and Weaknesses of Mechanisms Using Reference States5i.e. supported by system mechanisms. After having re-executed the specified amount of statements (i.e. one, or a session, or a task), both executions are compared.This can be done either by comparing the “execution logs” that can contain e.g. changes in data and execu-tion state, or by comparing the resulting agent states.Therefore, re-execution needs input, initial agent state, and execution log or resulting agent state as reference data.The power of the approach depends on the level of detail of the execution log. In case of using only theresulting state,the host can lie about the messages sent to communication partners (such as “send $100 to the host”).Even if the log contains such messages,it is not possible to check whether such a message was actually sent by just looking at the logs.It can be argued that it is impossible to restore theconditions of the original executions for checking asthese conditions may include e.g. racing conditions in case of parallel threads (this is no problem for agentsystems that allow only one thread per agent). Imaginee.g.that an agent computes a list out of an input,wherethe ordering of the elements depends on the timing of two threads the agent uses.Then the list cannot be com-pared simply with the list of another execution as the other list may contain the same elements, but in differ-ent order. To solve this problem and the problem that input should be authenticated, a more powerful algo-rithm is needed.arbitrary programThis is the most powerful algorithm as it includes the presented ones and allows for more, e.g. to check the reception of messages. Since this algorithm is notknown in advance, the system can offer only basic sup-port, i.e. the possibility to execute the program when checking is required. Therefore, any of the referencedata may be used by this checking mechanism.The combination of these attributes opens a space of po-tential mechanisms that is much larger than the three ap-proaches we have seen in this section.If we want to allow the programmer to choose a protection mechanism that is appropriate for his/her specific application,we have to of-fer him/her a framework instead of a single mechanism.4.Strengths and Weaknesses of MechanismsUsing Reference StatesAs mentioned before,mechanisms using reference states cannot detect all possible attacks by malicious hosts. In this section,we will analyse the bandwidth of the result-ing protection,identify applications that cannot be protect-ed and discuss possible extensions.4.1Resulting protection bandwidthThe protection bandwidth depends on the used at-tributes.i.e.the moment of checking,the used reference da-ta,and the checking algorithm.A mechanism at the lower end of the protection scale uses only the weakest attributes, i.e.it checks after the execution task,uses the resulting agent state,and employs rules to check the execution.Since the agent is checked after fulfilling its task,a compromised agent continues to work on other hosts.Unwanted actions the agent may have done as a result of the attack in interac-tions with honest partners can be blamed to the attacker,but it may be difficult to compensate them after the agent re-turned home.Checking only the resulting states by using rules does not allow to detect all attacks.If a rule e.g. checks whether the initial money equals the spent sum plus the remaining amount,an attack that led to an unwanted purchase cannot be uncovered.Although this mechanism can be performed very efficiently and does not delay the ex-ecution on the different hosts,it is not very powerful from a security point of view.A mechanism at the higher end of the protection scale checks after every execution session,uses all possible ref-erence data and allows for an arbitrary checking algorithm. If the next host checks the execution of the former host,it can be sure to execute an untampered agent in case of a suc-cessful check.Since the mechanism allows for re-execut-ing the agent,the computation of a former host is compre-hensible.Obviously,this mechanism is more powerful than the simple one above.But its disadvantage is its computa-tional and communication overhead:first,the computation is roughly doubled,and second,the system has to transport one more agent state plus the input at a host.In case of the detection of a fraud,the question of the consequences remains.In a setting where an attacker can harm a party without consequences,just detecting attacks is useless.Only if legal,organizational or social steps can be taken, schemes like the presented one make sense.4.2Applications that cannot be protectedAttacks that do not result in a different agent state can-not be detected by using the presented protection scheme. Especially read attacks,i.e.attacks that aim solely at the knowledge of agent data,lie outside the scope,as these at-tacks do not leave traces in the agent state.If the goal is to achieve a complete agent protection,other mechanisms have to be developed for this purpose.Other attacks that cannot be detected arefirst,attacks where the executing host lies about the input an agent receives.Second,attacks, where the host forces the agent to do something(like buy-ing a good),and,subsequently,migrates another,not com-promised version of the agent.5. A Checking Framework for Mobile-Agents-Systems65. A Checking Framework for Mobile-Agents-SystemsIn this section,a framework is presented that supports the implementation of a wide range of checking mecha-nisms using reference states.It provides functionality for employing the generic attributes found in the last section. The idea is to let the agent programmer decide about the check mechanism a host has to execute and to offer basic functionality like signing by the framework.Although it is implemented for the mobile agents system Mole[1],the presented scheme can be used for nearly every mobile agent platform implemented in Java that uses a weak mi-gration scheme,and offers callback methods in agents to the host.This is the case for most systems.Since we want to support the generic attributes,we explain the framework in relation to these attributes.Moment of checkingHere we need callbacks for the different moments(see Fig.3),i.e.after an execution session on one host,and after the agent fulfilled its task.The callback for the check mo-ment after an execution session is called check-AfterSession.It is called as thefirst action on the next host,as it would be useless to check a session on the same host since then the host could also manipulate the check. The callback for the moment after the agentfinishes its task is called checkAfterTask.It is called by the last host that executes the agent, often the home host of the agent. Used reference dataHere we have to make sure that,at the end of an execu-tion session,we have the needed data in a form that allows to check the execution.The initial and resulting states are no problem since it is exactly this portion of data that has to be transported to and from the executing host.Replicated resources are simply objects that are appended to the agent (although this part may be large).To create an input list or an execution log,two ways can be followed.Either this in-formation is collected by a modified Virtual Machine,or written to special containers by code that is instrumented either automatically or ing manually instru-mented code has the advantage that the programmer can specify the type and format of the data,which can be more efficient if the checking algorithm is also provided by him/ her.Finally,we want to choose which reference data will be used for checking.In case of creating reference data by manually instrumented code,this is done by the program-mer in the routines that create this data,but if we have au-tomatic support for creating reference data,this has to be pointed out to the framework.This can be done by declar-ing the implementation of interfaces named Initial-StateRequester,ResultingStateRequester, Input-Requester,ExecutionLogRequester, and ResourceRequester,similar to the usage of Clonable in Java.Used checking algorithmAs the“arbitrary program”alternative is the most pow-erful approach and includes all other alternatives,it is enough to execute code written by the agent programmer when we want to check an execution.If we want to support the other approaches,we can let the programmer include supporting code.Rules can be supported by encoding the rules manually as program statements.Support for re-exe-cution may happen on different levels.The problem is the question of how the original code can be used for re-execu-tion.First,the code has to be executed a second time using the input taken from the reference input data.Second,out-put actions can be suppressed as they are not needed for checking the execution.Third,the resulting state has to be compared with the one of the original execution in a man-ner that can be specified by the agent programmer(due to the problems discussed in the last section).Solutions to this problem include a modified execution environment(i.e.a Java Virtual Machine)that is able to use the reference input set instead(in this case the unmodified code can be used), a copy of the original code,automatically instrumented by statements that do the needed actions(i.e.second execu-tion,output suppression,and state comparison),andfinally, a copy of the original code that is instrumented manually by the programmer.To explore this aspect,the last solution was examined for the example application(see next sec-tion).Callbacks in the agent checkAfterSession()Host calls this method when agent arrives checkAfterTask()This method is called by the last host Interfaces implemented by agent InitialStateRequesterdeclares need for initial state ResultingStateRequesterdeclares need for resulting state InputRequesterdeclares need for input ExecutionLogRequesterdeclares need for execution log ResourceRequesterdeclares need for replicate host resources Fig. 3: Framework methods agent。
