Mobile agents security

Mobile agents are identified as the future platform for distributed electronic services (F. Hohl). However, hosts visited by mobile agents can be malicious and try to analyse or modify the agent code, data or behaviour. In this paper we will present the state of the art of securing mobile agents against malicious hosts and an approach that we suggest. In such state of the art, we identify strong and high cost approaches based on the use of additional hardware and weak and low cost approaches based on software solutions. In our approach, we replace the additional hardware by a software that we call SVM (secure virtual machine). Thus, an agent is ciphered, signed (in part) and time stamped. On visited host, the agent will be executed by the secure virtual machine SVM without decrypting it. The cipher algorithm that we use is based on the segmentation of the agent, obfuscation of the segments, a symmetric encryption of every segment and the mess-up of segment execution sequence. In order to ensure the security of the entire system, SVM itself will be protected by the use of solution based on a smart card