Information Technology Reference
In-Depth Information
Assume, for instance that place
P
1
fails while executing
A
1
(Figure 2). While
P
1
is down, the execution
of the mobile agent cannot proceed, that is, it is blocked. Blocking occurs if a single failure prevents the
execution from proceeding. In contrast, an execution is non-blocking if it can proceed despite a single
failure, the blocked mobile agent execution can only continue when the failed component recovers. This
requires that recovery mechanism be in place, which allows the failed component to be recovered. If
no recovery mechanism exists, then the agent's state and potentially its code may be lost. In the fol-
lowing, we assume that such a recovery mechanism exists (e.g., based on logging [Ghezzi & Vigna,
1997]). Replication prevents blocking. Instead of sending the agent to one place at the next stage, agent
replicas are sent to a set of
M
i
places
P
i
0
,
P
i
1
,..,
P
i
n
(Figure 2). We denote by
A
i
j
the agent replica of
A
i
executing on place
P
i
j
, but will omit the superscripted index if the meaning is clear from the context.
Although a place may crash (i.e., Stage 1 in Figure 2), the agent execution does not block. Indeed,
P
2
1
can take over the execution of a1 and thus prevent blocking. Note that the execution at stages
S
0
and
S
2
is not replicated as the agent is under the control of the user. Moreover, the agent is only configured at
the agent source and presents the results to the agent owner at the agent destination. Hence, replication
is not needed at these stages.
Despite agent replication, network partitions can still prevent the progress of the agent. Indeed, if
the network is partitioned such that all places currently executing the agent at stage
S
i
are in one parti-
tion and the places of stage
S
i+1
are in another partition, the agent cannot proceed with its execution.
Generally (especially on the Internet), multiple routing paths are possible for a message to arrive at its
destination. Therefore, a link failure may not always lead to network partitioning. In the following, we
assume that a single link failure merely partitions one place from the rest of the network. Clearly, this
is a simplification, but it allows us to define blocking concisely. Indeed, in the approach presented in
this chapter, progress in the agent execution is possible in a network partition that contains a majority
of places. If no such partition exists, the execution is temporally interrupted until a majority partition is
established again. Moreover, catastrophic failures may still cause the loss of the entire agent. A failure
of all places in
M
1
(Figure 2), for instance, is such a catastrophic failure (assuming no recovery mecha-
nism is in place). As no copy of
A
1
is available any more, the agent
A
1
is lost and, obviously, the agent
execution can no longer proceed. In other words, replication does not solve all problems. The definition
of non-blocking merely addresses single failures per stage as they cover most of the failures that occur
in a realistic environment.
security issues of the MoBile agent
Any distributed system is subject to security threats, so is a mobile agent system. Issues such as encryp-
tion, authorization, authentication, non-repudiation should be addressed in a mobile agent system. In
addition, a secure mobile agent system must protect the hosts as well as the agents from being tampered
with by malicious parties.
First, hosts must be protected because they continuously receive agents and execute them. They
may not be sure where an agent comes from, and are at the risk of being damaged by malicious code
or agents (Trojan horse attack). This problem can be effectively solved by strong authentication of the
code sources, verification of code integrity, and limiting the access rights of incoming agents to local
resources of hosts. This is mostly realized by the Java security model (Hohl, 1998). The main security
challenge of mobile agent systems lies on the protection of agents. When an agent executes on a remote
Search WWH ::
Custom Search