Ismail Khalil Summer Semester 2009

Transcription

1 Cooperative Systems - VO Intelligent Agents Ismail Khalil Summer Semester 2009

2 Course Unit 10 Mobile Agents

3 What is a mobile agent? A software agent ( so far) computer program autonomous behaviour represent some entity has authority (delegation) reacts and learn about environment communications using high level ACL moves from one computer to another in a heterogeneous network at times of its own choice User directed or autonomous

4 Traditional Techniques of Mobility: RPC Invocation (parameter) RPC Client Results (data) Server Queued RPC Queued invocations Client Queued results 1 2 Server No mobile code Client constrained to server s interface All requests and results over client s network link No latency or bandwidth reduction Blocked if link goes down

5 Stored Procedures and REV 1. Send procedure code to server 2. Call procedure Server Client Proc Client Stored procedures 3. Send results 1. Send procedure code and arguments to server - procedure called immediately Server Client Proc Serv Proc Client REV 2. Send results (and maybe a server procedure) Perfect if accessing one server Difficulties if accessing more than one server Procedures usually can not communicate with each other Procedures usually can not send out their own procedures (e.g., no proxy)

6 Applets and Servlets Web Pages Applets Web Server Web Pages Servlets Web Server Servlet 1. Request Web page Browser Applet 2. Receive page and embedded applet; execute applet 1. Send servlet Browser 2. Get results Same limitations as stored procedures and REV But more attention to security

7 Mobile Agents 1. Agent dispatch 2. Agent migration Application 3. Agent migration Computer A 4. Agent migration Computer B

8 Mobility Three dimensions Mobile code Mobile computation Mobile control state Various combinations are possible RPC, Servlets, Stored Procedures Mobile State Mobile Computation Mobile Code Remote Installation Checkpointing

9 Mobile code Allows executable code to be moved to a new host May use push or pull model Pull: applets Push: remote installation Mobile agents use push Sometimes, an agent push may result in a code pull Code may be binary or source code Pros Dynamically change capabilities Download new code to add/change/update capabilities of platform Remove code when no longer needed Cons Security concerns due to untrusted/unchecked code Code may be malicious, buggy, and/or tampered

10 Mobile Computation (data) Evolution of Remote Computation RPC, RMI, Servlets, Stored Procedures, CORBA Allows one system to run a computation on another system Utilize resources on remote system CPU, memory Access resources on remote system Files, databases, etc.,

11 Mobile state (control) Evolution of state capture Checkpointing Allows execution state of a process to be captured and moved State may be machine specific or machine independent May contain State of single or multiple threads code

12 Combination RPC, Servlets, Stored Procedures Weak Mobility Process Migration Mobile Computation Strong Mobility Mobile State Mobile Code Remote Installation Checkpointing

13 Weak vs. Strong Mobility Strong Mobility (data, code and control state) foreach machine machinelist{ move (machine) } Weak Mobility (data and code only) proc dotask (arg) { } move (machine, dotask, arg)

14 Weak vs. Strong Mobility Strong Mobility Move execution state with agent Why is it important? Computationally equivalent to weak mobility However, simpler, more natural abstraction Therefore, easier to write mobile agents More importantly mobile state allows forced mobility Weak Mobility Sufficient for all but load-balancing applications Well suited to the event-driven style of many agents Much less work for the system developer Supported by standard Java virtual machines

15 Client-Server vs. Mobile Agents Client Client Client Client Agent Agent Agent Server Server Server Server Traditional Mobile Agent-Based

16 News Monitoring News articles S e r v e r Persistent Query Server 2. Persistent query server retrieves and clusters existing documents. Server machine(s) 1. Agent jumps to server machine with query. 3. Agent sends clusters back to analyst. client s machine

17 News Monitoring New articles News articles S e r v e r Persistent Query Server 6. Agent does any desired filtering. 5. PQS adds each new document to the clusters. If document ends up inside a relevant cluster, the PQS gives it to the agent. 4. Analyst marks relevant clusters and sends them back to the agent and PQS. 7. Agent sends the documents that pass its filter back to the analyst.

18 Technical Reports without agents Queued RPC Queued RPC... Pre-installed applicationspecific proxy Higher-level database interface 1. Lot of work. Queued REV Client Code Queued REV Client Code Client Code Much less work, but now try to extend it.

19 Technical Reports GUI on client machine Machine 1 1. Send agent 2. Send child agents and collect partial results Return merged and filtered results Dynamically selected proxy site Machine n

20 Reasons for Mobile Agents Reduce bandwidth usage Reduce total computation time Reduce latency Continue when disconnected Balance load Dynamically deploy components

21 Reduce Bandwidth Usage Server Proxy Server Proxy

22 TR Application: Bandwidth Usage Tcl agent in the D Agents system

23 Reduce Total Time Datasets Fact Sending an agent avoids remote interaction. Goal Avoiding remote interaction leads to faster computation times. Current Systems Do not meet the goal in all network environments Tradeoff: Local interaction vs. interpretive overhead

24 TR Application: Total Time 10 Mb/s Network D Agents (Java, 100%) D Agents (Java, 20%) D Agents (Java, 0%) Client/Server Time (milliseconds) Why? Java 1.0 is slow. Transmitting documents over a 10 Mb/s link is nearly as fast as inspecting them with a Java agent Number of Documents

25 TR Application: Total Time 2 Mb/s Network Time (milliseconds) D Agents (Java, 100%) D Agents (Java, 20%) D Agents (Java, 0%) Client/Server Number of Documents

26 TR Application: Tcl versus Java 10 Mb/s Network Time (milliseconds) D Agents (Tcl, 0%) D Agents (Java, 0%) Client/Server Number of Documents

27 Reduce Latency Sumatra chat server 2 to 4 times smaller latency in trial runs 1. Observe high average latency to clients 2. Move to better location

28 Disconnected Communication Agent continues its task even if the link to its home machine goes down (temporarily). Dynamically selected proxy site

29 Disconnected Operation Before After

30 Load Balancing Machine A Machine B Agent moves to balance load Machine A Machine B

31 Dynamic Deployment Map, terrain databases Command post Unique needs: maps, weather, tactical updates... Weather Tactical updates

32 The big picture any specific application can be realized just as efficiently without mobile agents, by using more traditional techniques but, different applications require different combinations of traditional techniques mobile agents support flexible, dynamic code deployment to arbitrary network sites provides a single, general framework in which a wide range of applications can be implemented easily, efficiently, robustly.

33 The state-of-the-art representative mobile-agent systems multiple-language systems: Ara, D Agents, Tacoma Java-based systems Aglets, Concordia, Jumping Beans, Voyager other systems Messengers, Obliq, Telescript similarities and differences

34 Ara (Universität Kaiserslautern) supports Tcl, Java, C/C++ C/C++ is compiled to MACE bytecode go instruction captures complete state of agent, transfers to target machine, and resumes execution agents can checkpoint internal state entire system is multithreaded performance: agent startup, communication

35 D Agents (Dartmouth) formerly known as Agent Tcl supports Tcl, Java, Scheme stationary agents in C/C++ go instruction, similar to Ara. only the D Agent server is multithreaded performance implications

36 Tacoma (University of Tromsø/Cornell University) supports C, C++, ML, Perl, Python, more no automatic state-capture facilities agent packs code+state into a folder folder is transferred to target known entry point in the code is called applications StormCast, Tacoma Image Server security public versions rely on underlying OS for security currently exploring several interesting security and fault-tolerance mechanisms

37 Concordia (Mitsubishi) migration: code and data are moved, but not thread/control state strong focus on security and reliability can queue agents, events, and messages agents are saved to persistent store before and after transfer across network protects agents via encryption during transmission and storage protects hosts from malicious agents by cryptographic authentication of agent s owner

38 Jumping Beans (Ad Astra Engineering) computers host agents by running an agency migration: code and data are moved; unclear whether thread/control state is moved central server for tracking, managing, authenticating agents (but also failure point or bottleneck) -- the company plans to address this public-key authentication of agencies to server and vice-versa

39 Voyager (ObjectSpace) integrated with CORBA objects can move from host to host leaves behind a forwarder object Agent objects can move themselves migration: moves code, data (but not thread/control state) features objects, agents can be made persistent group communication (multicast) federated directory service basic security mechanisms similar to other Java-based systems

40 Messengers (University of Geneva) Messenger OS (MOS) sends, receives messengers (data and MØ code) messengers communicate via bulletin boards global dictionary: data exchange service dictionary: listing of messengers offering services to other messengers in one case, messengers can carry native UNIX code

41 Obliq (DEC Research / Compaq) Obliq: interpreted, lexically scoped, objectoriented language objects may be created remotely, cloned onto remote site, or migrated (by cloning and redirection) an Obliq agent is a procedure that takes a briefcase as an argument briefcase contains the Obliq objects that the procedure needs to perform its task Visual Obliq: interactive application builder

42 Telescript (General Magic) first commercial mobile-agent system agents written in an imperative, object-oriented language similar to Java, C++ compiled into bytecode for a RISC VM go instruction for migration communcation: meet vs. connect one of the most secure, fault-tolerant, and efficient mobile-agent systems but, no longer available

43 Aglets (IBM - Japan) migration: thread/control state not captured agent calls dispatch method Aglets system calls ondispatching code and object state are transferred Aglets system calls onarrival features: persistent store proxies lookup service a range of message-passing facilities

44 What are Aglets? Aglets are Java objects that can move from one host on the Internet to another. When an Aglet moves it takes along its program code as well as its data.

45 Creating an Aglet First we determine what our Aglet is going to accomplish (or do). Extend the ABSTRACT class Aglet (this class is provided with the ASDK) This abstract class provides the fundamental methods used to control both the mobility and the life cycle of the mobile agent.

46 Aglets at Runtime Currently aglets use the Agent Transfer Protocol (ATP) as a default implementation of the communication layer (ATP is modeled after HTTP) Used on the Tahiti aglet server Use the Aglets Server Interface to write application capable of hosting, receiving and dispatching aglets

47 Similarities and Differences same general architecture fully multi-threaded, fully multi-process, and in-between language(s) supported strong mobility vs. weak mobility security

48 Threats posed by mobile agents Destruction of data, hardware, current environment Denial of service block execution take up memory prevention of access to resources/network Breach of privacy / theft of resources obtain/transmit privileged information use of covert channels Harassment Display of annoying/offensive information screen flicker Repudiation ability to deny an event / action ever happened

49 Protection methods against malicious mobile agents Authenticating credentials certificates and digital signatures Access Control and Authorization Reference monitor security domains policies Software-based Fault Isolation Java s sandbox Monitoring auditing of agent s activities setting limits Proxy-based approach to host protection Code Verification - proof-carrying code

50 Threats to mobile agents Denial of service Unauthorized use or access of code/data Unauthorized modification or corruption code/ data Unauthorized access, modification, corruption, or repeat of agent external communication

51 Possible attacks on mobile agents Denial of service Impersonation Host Agent Replay Eavesdropping Communication Code & data Tamper attack Communication Code & data

52 Encryption Protection of mobile agents code payload Code obfuscation (obscurity) Time-limited black-box security

53