EEL 6938

Mobile agents

EEL 6938 Engineering Applications of Autonomous Agents

Lotzi Bölöni

EEL 6938

Mobile agents

• Mobile agents are autonomous programs which move though a network and maintain their identity through this move.

• This is a stronger concept than “code mobility” such as Java applets, or client-side Javascript.

• Many agent systems were implemented with support for mobility.– And for many researchers, agents == mobile agents

EEL 6938

Motivation for mobility (cont’d)

• Mobile agents can provide better support for mobile clients.– Reduction of network traffic– Asynchronous interaction (good in case of intermittent

connection)– Remote searching and filtering

• Mobile agents facilitate semantic information retrieval.– Move one step above simple keyword based search.

• Mobile agents facilitate real-time interaction with a server– Eg. space probes, real time control of a machine tool

• Mobile agent based transactions avoid the need to preserve process state in clients and servers– Instead, the process state is carried in an agent

EEL 6938

Motivations for mobility (cont’d)

• Agent based transactions scale better than RPC-based transactions

• Secure agent-based transactions have lower overhead than secure RPC.

• Mobile agents allow users to personalize server behaviour.

• Agents enable semantic routing.

• Not all these arguments are valid.

EEL 6938

Counter arguments and answers

• Most counter arguments are based on the fact that – What can be done with mobile agents can be done with

RPC or– What can be done on the server, you can do it on the

client.

• The “software engineering counterargument”: whereas each individual case can be addressed in some (ad-hoc) manner without mobile agents, a mobile agent framework addresses them all of them at once.

EEL 6938

Mobile code

• != mobile agents– But, the majority of mobile agent systems imply mobile

code

• Transferring code between (heterogeneous) machines.

• Implies machine independent code.– Usually, it is implemented with some kind of virtual

machine– But it can be also implemented with adaptation,

recompilation etc.

• Types of mobile code:– Partially Turing machine complete languages (e.g. SQL,

SVG)– Interpreted programming languages (Perl, Python,

Javascript)– Virtual machine based compiled languages (Java,

Telescript)

EEL 6938

Mobile code - applications

• Client-server queries (SQL)• Client side browser applets:

– Java applets– Javascript– ActiveX controls

• Remote code updates:– Software updates– Plugins

• Active E-mail– Confirmations– Javascript, Visual Basic for Applications– E-mail viruses and worms

• Mobile agents

EEL 6938

Mobile agents without code mobility

• Seeing control handoff as mobility– No code mobility involved.– Multithreading involves problems.

• Distributed systems as mobile agent systems

• In this approach, mobility is an analysis approach, not a design principle.

EEL 6938

Strong mobility

EEL 6938

Strong mobility

• Strong mobility assumes that agents can move at any point during their execution

• They are usually relying on:– Specially designed programming languages (eg.

Telescript).– Modified virtual machines (eg. NOMADS / AromaVM)

EEL 6938

Custom language: Telescript

• Proprietary language, created by General Magic around 1994-95– Highly influential, without being highly successful

• Interpreted language, which runs on a Telescript engine. – The company implemented engines running on PDA’s,

PC’s etc

• “High Telescript”: – Object oriented language, inspired by Smalltalk– Compiled to Low Telescript

• “Low Telescript”– Postfix syntax for stack based implementation

EEL 6938

Telescript (cont’d)

• The basic network configuration is to run a Telescript Engine on each node of the network.

• A network of Telescript Engines provides a homogenous environment on which to build distributed systems.

• Basic class: Process. Telescript supports preemptive, prioritized multi-tasking of Process objects. A Process instance can be thought of as an object with a life of its own.

• A Place object represents a virtual space in which other objects can interwork (through local communication). Each Telescript Engine can support a number of places.

EEL 6938

Telescript (cont’d)

• An Agent object is a Process object which can migrate between Places. An agent may move between Places on the same Engine, or between Places which exist on different Engines. – The Telescript notion of a distributed system is a number of

distinctly located places and a number of Agents which move between these Places.

• Places provide meeting locations for Agents. At a Place, Agents can exchange information and perform computation. Places also route travelling Agents.

• Persistent Objects --- Telescript Engines implicitly save and recover object state information.

• The Telescript world is divided into "regions". Each Engine uses a "regions" database to route migrating Agents. Places and Agents are identified using "Telenames": – Telename(Locally-Unique-Name, Region-Name)

EEL 6938

Telescript security

• Agents have "attributes" such as "identify" and "owning authority" which uniquely identify the Agent and the entity responsible for it. These attributes may be used for authentication. Telescript objects also have a "permit" attribute which may be used to limit the amount of resources which they may consume (e.g. a Place may ask an Agent to pay it 30 "Teleclicks" before granting it access to some resource).

• A secure "permits" feature is crucial to stop Agents from creating a crash-limited number of clones of themselves, exhausting resources, or other such anti-social behaviour. – Apparently you can't define a legal Telescript Place which

holds visiting Agents to ransom unless you can circumvent security features and hack the Interpreter code!)

EEL 6938

Specialized JVM: NOMADS/Aroma

• NOMADS/Aroma is a Java based agent system with strong mobility support, developed at Boeing and University of West Florida.

• The standard Java JVM does not allow explicit execution state capture, thus we can not implement hard mobility.

• There are several solutions:– Modify (patch) the Sun JVM

» Difficulty because of the native thread usage.– Implement a new JVM– Use preprocessors and a standard JVM.

EEL 6938

NOMADS

• Is composed of two parts: the agent execution environment (called Oasis) and the AromaVM. This provides two key enhancements:

• Strong mobility: the ability to capture and transfer the full execution state.

• Safe execution: the ability to control the resources consumed by the agents thereby facilitating guarantees of quality of service and protecting against denial of service attacks.

• These features, however come with a performance penalty.

EEL 6938

Weak mobility

EEL 6938

Weak mobility

• In the case of weak mobility, agents are allowed to transfer data only at specific instances.

• Weak mobility puts smaller requirements on the agent systems:– Traditional programming languages can be used: Java,

Perl, Python, Lisp– Smaller performance penalty

• But there are still a number of challenges:

EEL 6938

Challenges in soft mobility

• Platform independent code– How do I handle heterogeneous systems?– What about _extremely_ heterogeneous systems?

• How to collect state / data?• How to mark checkpoints (when is mobility

possible)?• Authorization, security, resource

management• Reliability problems• How do I handle open files and other local

resources?• How do I handle global names? How do I

send a message to a mobile agent? What is the address of the agent?

EEL 6938

Agent systems with weak mobility

• Most agent system designers considered that migration is a relatively rare even in the life of the agent system.– Thus: weak mobility

• The agent system is allowed to migrate, but migration is not a fundamental type of operation, but a problem to be solved– In Telescript, migration was the basic communication

primitive!

• Examples:– Aglets, Jade, Concordia, Grasshopper, Bond 2, aIsland

(JXTA)– About 60 agent systems on the Mobile Agent List– http://mole.informatik.uni-stuttgart.de/mal/mal.html

EEL 6938

Standards for weak mobility

• Object Management Group (OMG), an international consortium dealing with interoperability specifications (e.g. CORBA)

• MASIF: Mobile Agent Facility– A specification, released in 2000, specifying how CORBA

based agents should implement weak mobility– There are a number of conformant agent systems (eg.

Grasshopper, partially Aglets)

• As of yet, FIPA did not release any standard for agent mobility. – But they did for mobile (nomadic) users, eg. PDAs etc.

EEL 6938

Aglets

• Java based mobile agent system– I have chosen to present this because of its major focus

on mobility

• Research project at IBM Japan (from 1996)– Danny Lange and Mitsuro Oshima– http://www.trl.ibm.com/aglets/index_e.htm

• As IBM decided to phase out the project it was released as an Open Source project– http://aglets.sourceforge.net/

EEL 6938

Aglets (cont’d)

• Goal: “Provide an easy and comprehensive model for programming mobile agents without requiring modifications to Java VM or native code”

EEL 6938

Aglet Lifecycle

EEL 6938

Agent lifecycle

• Instantiating:– Creating a new aglet from the codebase– Cloning (the clone has the same state as the original but

different identity)

• An aglet can dispatch itself to a remote server by calling the Aglet.dispatch(URL dest) primitive. To be more precise, an aglet occupies the aglet context and can move from this context to others during its execution. Because the server may serve multiple contexts within one Java VM, and one host may serve multiple servers in one host the context are named as the following set– the address of the host, typically IP-address.– the port number to which the server is listening.– the name of context within the server.– Example: atp://aglets.ibm.com:1434/context_name– ATP:// Aglets Transport Protocol

EEL 6938

Aglet lifecycle (cont’d)

• Dispatching causes an aglet to suspend its execution, serialize its internal state and bytecode into the standard form and then to be transported to the destination. On the receiver side, the Java object is reconstructed according to the data received from the origin, and a new thread is assigned and executed.

• Aglets can be persistent. Since a mobile aglet needs to be serializable into a bit-stream, all mobile aglet can be persistent in nature. The Aglet.deactivate(long timeout) primitive causes an aglet to be stored in secondary storage and to sleep for a specified number of milliseconds.

EEL 6938

Migration events in Aglets

EEL 6938

Security issues in aglets / mobile agents

• For secure agent execution, the agent system must provide the following security services:

• Authentication of the Sender, the Manufacturer and the Owner of the Agent.– Who is responsible for this agent?– Who is responsible for the agent code?– Has the agent (code and state) been tampered with?

• Authorization of the Agent (or Its Owner)– What can this agent do? (E.g, can this agent access files?)

• Secure Communication between Agent Systems.– Can the agent protect its privacy?

• Non-repudiation and Auditing.– How can we ensure that a deal has been actually carried

out?– Security-sensitive activities of agents must be recorded,

and an administrator must be able to audit them.