Mobile Software Agents Tomasz Müldner

inexpensivebossesΚινητά – Ασύρματες Τεχνολογίες

12 Νοε 2013 (πριν από 3 χρόνια και 7 μήνες)

44 εμφανίσεις

Mobile Software Agents

Tomasz Müldner

October 2, 1998

Introduction:
History


research on agents was
originated by J. McCarthy in
the mid
-
1950’s



the term
agent

was coined
by O.G. Selfridge

Introduction:
According to some...

Agent



is an
intelligent

robot, or
“humanoid”, that has
emotions, feelings and
perceptions, and therefore is
concerned with cognitive
science, speech acts, etc.

“...asking the question of what an
agent

is to a DAI researcher is as
embarrassing as the question of
what
intelligence

is for an AI
researcher...”


Carl Hewitt

Introduction:
DAI

Introduction:
contents of this talk


concentrate on
mobile

agents


discuss:


communication


security


MALs

Agents
-

what are they?

a tool to perform client
-
server computing by
transmitting running programs

between
clients and servers; (White 1994)



Agents
-

what are they?

server


find

and
filter

information



customize

views of information (e.g. email)



automate

work (respond to events, such as a
new version)

Agents
-

what can they do?


make recommendations

and perform
corporate tasks; e.g. scheduling of meetings



execute diagnostics
, e.g. in networks



rapid (re)
deployment

of applications



active network

load balancing

Agents
-

what can they do?


distributed OO


adaptive learning systems


AI, expert systems, genetic algorithms


electronic commerce


collaborative environment


mobile

(nomadic) computing

Agents
-

where are they used?

Agents
-

main characteristics


autonomous

execution (life); have control
over their own actions and may operate
without the direct intervention of humans



intelligent

(perform domain oriented
reasoning)

Agents
-

main characteristics


perceive

their environment



adaptive

(they learn)



mobile

(they move)



persistent

(they have their own idea as to
how to accomplish a task)

Agents
-

main characteristics


goal oriented

(they realize a set of goals)



reactive

(or reflexive); they
perceive

environment and timely and accurately
respond to changes that occur in it



active
, or proactive: act to accomplish goals
(take initiative not only respond to the
environment)

Agents
-

main characteristics


An
intelligent

agent has some artificial
intelligence; for example based on a set of
facts and inference rules



learning

agents are adaptive; they can learn
themselves about a subject in question by
statistically matching subjects of interest
with particular people

Intelligent Agents

Basic Definitions


An
agent system

can create, interpret,
execute, transfer and terminate agents



A
host

can contain several agent systems;
each is uniquely identified by its name and
address.

Basic Definitions


Both, an agent and an agent system have an
authority
; a person or organization for
whom they act



An agent executes in a context, called the
place
; there may be one or more places
within an agent system

Basic Definitions


agents have
locations

(names of their
current places)



agents have
names

(the agent’s authority
and identity; a unique value within the
scope of the authority)

Basic Definitions

Basic Definitions

There

are

two

kinds

of

agents
:


stationary agent

is permanently
attached to a place; often resource
managers, server programs or
search engines



mobile agent

can move from one
place to another

Mobility

is

not

new
:


submitting batch jobs on mainframes


perform distributed, real
-
time
processing by executing scripts on
networks of mini
-
computers


databases have been using
stored
procedures
.

Basic Definitions



Agents and DOOP

L. Lamport:

A distributed system is one in which I
cannot get something done because a
machine I have never heard of is down
.



Agents and DOOP:
DOOP


distribute applications and use a number
of network nodes, rather than a single node



communicate; for example by


messaging (asynchronous)


RPC (synchronous)



CORBA supports language and system
independence



Agents and DOOP:
Efficiency

Which is better



to send data to the program




to send a program to the source of data
(move the code closer to data)





Agents and DOOP:
Robustness

Agents are better in their ability to recover
from server breakdowns or unavailability



(
disconnected

operations)



Agents and DOOP:
Flexibility


Mobile agents are particularly useful for
rapid deployment of applications and
dynamic updates of software;

a code server can provide required code
(this is also called
code on demand
).



agents can be used for dynamic extensions
of server services.



Agents and DOOP:
Design


Designing a client/server architecture
requires making all decisions about the
communication between the server(s) and
the client(s). These decisions are tightly
coupled with the underlying problem of
specific design and are very difficult or
even impossible to change



supports

rapid

deployment

of

applications,

by

using

a

“thin”

bootstrap

program

and

code
-
on
-
demand

approach



objects serialization



local dynamic linking


remote linking

that would fetch the code to be
linked from a remote site


reflection

Agents and DOOP:
Java





code servers



applets
-

no need for installation

Agents and DOOP:
Java




Java

does

not

support

mobility


Agents and DOOP:
Java



Mobile Agent Languages




An executing unit,
EU

is a single process
(or thread) image of execution.

EU is always considered in the context of a
place, which contains components; either
EUs, or resources, such as files.



A
MAL

is a language designed for
distributed systems, which supports EUs
migrating between various places.

Mobile Agent Languages:
Definitions




An

EU

consists

of



a

static

code segment


a program state:


data space containing accessible resources


execution state

containing system information such
as program counter and return address.


The EU has a
distributed state

if its data
space exists in more than one place.

Mobile Agent Languages:
Definitions




For an agent to be moved, first it has to be
suspended. An
entry point

is a point where
execution of a suspended agent is resumed


Two kinds of resumption:


standard resumption

(after “go”)


itinerary
; one or more entry points may be
explicitly specified.

Mobile Agent Languages:
Definitions




strong mobility

means that the entire code
and execution state of EUs can be moved


Strong mobility combined with standard
resumption == strong MAL (implies that it
must be possible to save the state of the
execution, and later, to restore this state)

Mobile Agent Languages:
Definitions




Strong MALs:


Java with a modified JVM


Tcl with modified interpreter


Scheme (no modifications)


Weak MALs:


aglets

Mobile Agent Languages:
Definitions



Mobile Agent Languages:

Dynamic Linking




Name resolution

must be able to bind names
to both local and remote entities


remote code dynamic linking
: the code
downloaded from a remote site and linked
with an EU


local resource dynamic linking
:
arriving EU
links with resources available in this place;
e.g. link with libraries.

Mobile Agent Languages:

Dynamic Linking




the
standard class loader

provides local
resource linking and the user defined class
loader can support remote code linking


The programmer has a choice of


fully resolving

the class, i.e. load the code
closure


partially resolving

the class, i.e. postpone
resolving dependent classes until later time.

Mobile Agent Languages:

Dynamic Linking in Java



Mobile Agent Languages:

Dynamic Linking in MALs



library site

provides precompiled code
that can be picked up by an agent to use at
other sites



we consider four kinds of dynamic
linking. For each kind, we consider an
example of a search on a list of sites, using
a
search

procedure
.

Mobile Agent Languages:

Local only Dynamic Linking

All the bindings are
voided

when a
program moves.

For our example,
search

is rebound at
every site
.

Mobile Agent Languages:


Code
-
with
-
a
-
reference
-
is
-
sticky
Dynamic Linking

A binding is retained as long as there is at
least one

reference; otherwise it is garbage
-
collected.

In our example, the first site provides
binding which will be retained for
remaining sites.




The user specifies the initial binding which
is then retained (as long as there is a
reference).



In our example, the user can specify which
version of
search

should be used for the
traversal.

Mobile Agent Languages:


User
-
specified
-
sticky links

Dynamic Linking


Gives

the

programmer

complete

control

over

linking
.




In

our

example,

the

user

can

specify

which

version

of

search

should

be

used

for

the

traversal
.



Mobile Agent Languages:


User
-
specified

Dynamic Linking

Mobile Agent Languages:
Communication




agent to service agent
; this is typically a client/
server type of interaction (e.g. based on RPC)


agent to agent
; this a peer
-
to
-
peer type of
interaction and could be supported by messaging


agent to group
; this is a group communication
(e.g. based on an observer pattern)


user to agent interaction
; this a standard human
-
computer interaction, HCI.

Mobile Agent Languages:


Types of

Communication




agent to service agent and agent to agent are
session oriented

Mobile Agent Languages:


Types of
Communication



Security





a
security policy

is a set of guidelines describing
whether various actions are allowed or not

(may also include royalties)


a security policy is
static

if its guidelines do not
depend on external conditions; otherwise it is
dynamic.


a security policy may include
credentials
, or
level of trust.

Security:

Definitions




Java Security Manager

implements a static
security policy, which controls access to
resources such as file I/O, network access, and
others.

There is no provision to limit access to other
resources such as CPU cycles.

Security:

Definitions



In general, we need to:



protect agent hosts from agents


agents from agent hosts


one agent from another


one agent host from another


a group of hosts


the communication between agent hosts.

Security:


Protection





Doable, but two agents operating on the same host
share the same interpreter and they share memory
(no hardware faults)


Software

Fault

Isolation

inserts

a

checking

code

before

each

unsafe

instruction



Sandboxing

before each unsafe instruction inserts
a code which sets the high order bits of the target
address to the correct segment identifier

Security:


Protecting

one agent from another




cryptography can be used to authenticate
credentials


a credential means that the receiver will
trust

the sender


access
-
level monitoring and control

uses a
security manager which maintains a list of
allowed activities (perhaps associated with fees)

-

can be misleading

Security:


Protecting

agent hosts from agents




code verification

by the host may try to examine
the code of the agent (does not help if the agent is
self
-
modifiable)


the host can apply various
limitation
techniques
, e.g. limit the time, or record all
agent activities.

Security:


Protecting

agent hosts from agents




A static
byte code verifier

checks for the right
magic number in the class file, and performs
data flow analysis on each method to test for
things such as branches must be within the
bounds of the code, or there is no attempt to
access variables which are not in the scope



JVM performs various run
-
time checks.

Security:


Protecting

agent hosts from agents




Trail obscuring

means that the agent
constantly modifies its image so it can avoid
tracing by hosts



Code obfuscation

means that the agent is
sent together with a kind of interpreter, so the
host doesn’t really see the code of this agent.

Security:


Protecting

agent hosts from agents




a host can steal information (
normal routing
)


a host can mutate an agent (e.g.
rerouting
)


since

the

host

agent

has

access

to

an

agent,

it

is

not

possible

to

protect

an

agent

from

the

agent

host

(unless

a

specialized

hardware

is

used)

Security:


Protecting

agent

from agents hosts




visit only trusted sites and from there use
safer mechanisms, such as RPC or stateless
agents


maintain reliable data that can be used (after the
fact) to determine whether the agent has been
tampered with


divide an agent into components, encrypted
each component (when traveling through
untrusted sites); update only while on trusted
sites

Security:


Protecting

agent from agents hosts




maintain a safe migration history and use it
against rerouting attacks; or keep audit logs



there is new research on encrypting
programs which are equivalent to the original
programs, are directly executable and
produce encrypted output.

Security:


Protecting

agent from agents hosts



Network Awareness



Network Awareness:

Requirements




awareness

-

an ability to monitor resources



agility

-

an ability to react to changes in
resources




authority

-

an ability to control the way
resources are used on their behalf by support
code.

Network Awareness:

Requirements



Resource awareness can be represented by:


on
-
demand monitoring


continuous monitoring (specific filters should
be used to avoid jitters).

Network Awareness:

Requirements



Authority can


give a complete control over resources, with
explicit authorization for every use (like in
applets)



consider a resource violation as an
asynchronous event and associate a handler
with every restriction on resource.

Criticism



Criticism



Sheinderman:


“There is a growing danger that agents will be
a deception and an empty promise.”


“… machines are not people, nor can they
ever become so ...”


“… For me, computers have no more
intelligence that a wooden pencil ...”