17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana

Determining Privileges of Mobile Agents

Wayne Jansen
National Institute of Standards and Technology

This paper describes a method for controlling the behavior of mobile agent-system entities through the allocation of privileges. Privileges refer to policy rules that govern the access and use of computational resources and services by mobile agents. Our method is based on extending the platform processing environment, using the capabilities present in most mobile agent systems, and applying two forms of privilege management certificates: attribute certificates and policy certificates. Privilege management certificates are digitally signed objects that allow various policy-setting principals to govern the activities of mobile agents through selective privilege assignment. The approach overcomes a number of problems in existing agent systems and provides a means for attaining improved interoperability of agent systems designed and implemented independently by different manufacturers. The paper also describes applying the scheme to Java-based agent systems.

Keywords: Mobile Agents, Security Management, Digital Certificates, Security Policy

Read Paper Read Paper (in PDF)