Wayne Jansen
National Institute of Standards and Technology
USA
This paper describes a method for controlling the behavior of mobile agent-system entities through the allocation of privileges. Privileges refer to policy rules that govern the access and use of computational resources and services by mobile agents. Our method is based on extending the platform processing environment, using the capabilities present in most mobile agent systems, and applying two forms of privilege management certificates: attribute certificates and policy certificates. Privilege management certificates are digitally signed objects that allow various policy-setting principals to govern the activities of mobile agents through selective privilege assignment. The approach overcomes a number of problems in existing agent systems and provides a means for attaining improved interoperability of agent systems designed and implemented independently by different manufacturers. The paper also describes applying the scheme to Java-based agent systems.
Keywords: Mobile Agents, Security Management, Digital Certificates, Security Policy