Mobile Code for Distributed Applications/Systems

Transcription

1 Mobile Code for Distributed Applications/Systems Koo Lee Chun School of Computing University Utara Malaysia, Kedah, Malaysia Abstract Traditional technologies exhibited many limitation and drawback to support dynamic and large scale of the distributed system such as Internet. This leads to the researchers on finding the innovative approach. One of the innovative and promising approaches is mobile code which has the ability to dynamically relocate the code during execution. This has made it sound powerful to support the designing and constructing of scalable, pervasive and massively distributed application. The understanding of mobile code is important to practitioners in mobile code exploitation. This paper aims to provide valuable information about mobile code in distributed system in term of its technologies, paradigms, applications and issues. Keywords mobile code; distributed application, design paradigms; security. I. INTRODUCTION The pervasiveness and ubiquity of inter-connected computers creates new challenges and opportunities in designing and constructing the distributed system or application. The most challenging issue is scalability to link the huge amount of computers and devices dynamically. Even though there are many traditional technologies and methodologies used to develop the conventional distributed systems (like client-server) in small network are proven working, but their solution faced a lot of limitation and drawback to support dynamic and large scale of the distributed system in the larger network such as Internet [1]. There have been many research works done to attempt addressing this problem. One of the innovative approaches is code mobility - mobile code. It has become popular in development of distributed application/system due to its capability to relocate and transfer executable content across the network to be executed in another host. This powerful feature is promising to increase system flexibility, scalability and reliability [2]. An understanding of mobile code in distributed system is essential to provide valuable information for the practitioners opportunities in exploitation of mobile code in their software development. Therefore, this paper is aim to provide understanding about mobile code in distributed system included its technologies, paradigms, applications and issues. The paper is organized as follows. A brief overview of mobile code included definition, technology and paradigms will be provided in next Section. Section III explains the application of mobile code in distributed system/application. Next, Section IV provides examples of system or applications that used mobile code. In Section V, issues in mobile code especially security challenge will be discussed. The paper ended in Section VI with concluding remark. II. WHAT IS MOBILE CODE Mobile code has been defined informally as the ability for an application to dynamically binding the execution code fragments, during run time, to their physical location where the code will be executed within a computer network [3]. Mobile code is different from mobile computing. Mobile computing moves the hardware whereas mobile code changes the hardware where the program executes [4]. Basically, the concept of code mobility is to transfer the execution code to the nearest available resources to effectively perform a task [5]. A. Mobile Code Technology Categories Mobile code technology can be classified based on their capability to transfer the execution state to another location. The mobile code technology is considered has strong mobility if it has the ability to relocate the program code and execution state to another location while execution. In contrast, weak mobility will has capability to transfer limited initialization data but not execution state to another location [4,5]. Machine code language (MCL) that support strong mobility included Agent Tcl, Ara, Facile and Sumatra. However Java, M0, Mole and TACOMA are some examples of MCLs that support weak mobility [5]. B. Mobile Code Paradigms Mobile Code paradigms were first proposed in [1] was extended from classic client-server paradigms. Each paradigms is distinguished from each other based on location of each components (know how-to and resource) before and after execution, and process which in charge of the execution as listed in Figure 1. It is based on the principle that to complete a task, a process required resource and knowledge of how to perform a task. Below explains each paradigm included the traditional client-server paradigm: Client-server paradigm (CS) : located in node A, lack of resources and knowledge on how to perform a task, which can be found in remote site, node B. requests a service to the process B in node B. Then, process B executed the task in node B and sends the result back to the process A in nodea.

2 Paradigm Client- Server Remote Evaluation Code on Demand Before After node A node B node A node B * * * Mobile Agent Instruction how-to - * Fig. 1: Classic client-server paradigms and Mobile Code Paradigms Component state before and after execution. * indicate process that responsible on the execution (Adopted from [1]) Remote evaluation (REV): located in node A knows how to complete a task, but it lacks of the resources, which located in remote site node B. Therefore, process A interacts with process B and transfers the instruction code containing how-to from node A to node B. Once the instruction how-to received, the execution performed by process B in node B. Result will be send to process A in node A. One of the examples will be rsh command in the UNIX. It allows user send some script code to be executed in remote host. Code on demand (COM): has the resources in node A, but it lack of knowledge how to perform the task, which can be found in remote site node B. Therefore, process A interacts with process B to transfer the know howto from node B to node A. Then, process A perform the task once instruction how-to received, in node A. The most widespread paradigm used nowadays in Internet applications such as Applet. Mobile Agent (MA) has knowledge how to perform a task in node A, but it lacks of resources, which located in remote site node B. migrates itself together with the know how-to (and others relevant intermediate data) to node B and complete the task by itself in node B. This is the most elegant paradigm that produces autonomous component in the network. It is used to produce general tools such as help on network administration. III. APPLICATION OF MOBILE CODE IN DISTRIBUTED SYSTEM/APPLICATIONS Classical distributed application always assumes that host and programming code are binding statically. In converse, the innovation of mobile code allows more dynamic solution in distributed system. Mobile code design paradigm allows new form of interaction and movement among components within source and target host in the distributed environment. Therefore, there are many scenarios that mobile code can be exploited to provide more elegant and effective way to cope in the current trend of distributed system which are heterogeneous and dynamic. Following section discuss some scenarios suggested in [1,3,5,7]on how mobile code can be applied in the distributed applications or system to gain great benefits out of it. A. Deployment and Upgrade of Distributed Application Rebuilding and installation at the distributed environment still need to perform individually with the human interaction locally. Mobile code could be exploited to help perform these tasks effectively and efficiently. Automate the installation process could be performed with the mobile code REV and MA design paradigm. The installation steps could be included in the program code which traverses from node to node. On each node, the features of local hardware and software platform will be analyzed by the program. Then, the program could perform the installation step based on the correct configuration. Besides that, the use of mobile code could be extended to support upgrading job as well. For instance, a new feature has been introduced in the existing software. To reflect the new feature in conventional distributed environment, each site is required to perform reinstalling and patching of the software. This will take long time. Upgrading job can be performed in a lazy way by use of the mobile code COD design paradigm that can support dynamically link the program code. First of all, the latest code with the new feature included shall be placed in a

3 code repository server. Instead of having the operator proactively perform the patching, the client application itself can re-actively automatically download from the repository server and perform the upgrading job. Thus, the program can be installed in the lazy way and yet only based on the need basic. This approach has been implemented by Microsoft to promptly distribute software patches to their clients [4]. Besides that, some web browsers such as Firefox also use this technique to provide automatically upgrade over internet. B. Service Customization Code mobility can help to provide service customization. The conventional distributed system which use client-server design paradigm, the server provides several numbers of services with static interface accessible by client. It is always happen that the available services are limited to provide unforeseen client need. The only solution to this problem is to upgrade the server with more new services to handle the client demand. Consequently, the server s complexity and size increase, but without increase the flexibility. Mobile code REV paradigm that supports code execution remotely could help to solve this problem more efficiently. With the remote code execution, this paradigm not only can increase the flexibility of the server, but also do not require the server to increase its complexity and size. Importantly, server has to maintain a set of unique services that allow remote code execution. Then, the client will request the service by submitting the customized code. Consequences, it helps to provide customized service to meet client s need. Certain fields in computer sciences are well-know of this approach. For instance, the way distributed databases handle the customization SQL. The DBMS server did not provide all the specific results, but allow only provide the SQL execution services in the server, which allow program to submit the SQL code for remote execution. C. Support for Disconnected Operations Mobile code with the properties of autonomy could help to support disconnected operations. In distributed system environment, each node is connected with one another by a variety of the physical link. The performance of these physical links must take into consideration in the earlier of design stage. Indeed, the characteristics of the physical link are crucial to determine the most suitable design paradigm for an application. For instances, a new design methodologies required to support mobile computing which executed in the low bandwidth and low-reliability communication channels. Frequency disconnections and traffic generation in the low bandwidth is one of the challenge in heterogeneous communication with difference performance. The only solution CS paradigm can provide would be increased the services granularity level offered by server. With this, a single interaction within client and server will enable the server to perform several numbers of low level operations locally without required both parties maintain the communication. Unfortunately, no all the requirements can meet in this design. Furthermore, the complexity and size of the server will increase and reduced flexibility in the server to support the requirement. Mobile code with REV and MA paradigm could help to solve limitation and drawback discussed above. Mobile code enables the complex execution/computation traverse around the network. In this case, the services that must to be performed by a server locating in a portion of the network that only accessible via slow and unreliable connection could be describe in a program. This should only pass once through this connection and injected into the reliable network. There, it could execute autonomously and freely. Besides that, it is not required to maintain connection with the node that sent it, except for sending the result of its computation. D. Improved Fault Tolerance In classic client-server architecture, the state of computation was spread between client and server. A client program will consists of statements required for local execution and interweaved with statements needed for remote invocation. The latter will contain client environment data, and eventually will be overwrite by the result return from the server. This type of structure will lead to the existence of partial failure, because it would be very hard to trace where and how to responds in order to restructure the consistent state. Partial failure could be solved by the mobile code with MA paradigms. This is because all the distributed computation state will be encapsulated by an autonomous component. Without global state, the information can be easily traced, check pointed and even recovered locally. IV. EXAMPLE OF SYSTEM/APPLICATIONS USE MOBILE CODE The systems or applications that exploit mobile code can range from low-level system level, middleware until the userlevel applications. Their designs are based on various paradigms as discuss earlier in Section II (b). Below discuss some of them. One of the prominent examples of mobile code is webbased interactive application build with Java applets or Adobe ActionScript for Flash. The program code is residing in the web server. Client sends a request to a web page that contains a link to this code using user s web browser. The web page and program are transported to the client s machine. The code is executed locally in the web browser once the page is displayed. It helps to produce dynamically loaded interactive web applications and web content. Google Doc is one of the examples that provide rich internet application (RIA) such as reader, calendar, work processor and spreadsheet. All these applications use code on demand paradigm of mobile code extensively. Another obvious example application of mobile code would be the query execution on a database server which discussed earlier in SECTION II. User supplies the customized SQL code statement to the database server across the network. Database server will provide the data as return to the user [5].

4 Postscript is another successful mobile code application. Client need to send a short, device-independent representation of file to the printer. Printer will use this document to print graphic images [4,5]. Besides that, some mobile code systems were constructed based on mobile agent paradigm such as Telescript and Agent Tcl [1,4,5]. Most of these systems are general tools for realizing arbitrary distributed applications. Telescript is the first system designed to support mobile agents in commercial applications. It is used to support task such as network management. Agent Tcl is designed with primary role in information-retrieval applications [6]. Wave is another system introduced in the earlier stage that implements network-aware mobile code. It presented distributed system problem in term of graph theory elegantly. Tube is a mobile code system that generates the code on the fly [4]. V. ISSUE IN MOBILE CODE Mobile code programs are allowed to execute anywhere, no longer constrained on the nodes where they reside. Unfortunately, this has posted several security issues and concern [8, 9]. Besides that, system level issues also arise in design and development of mobile code with strong mobility mobile agent [9]. One of the issues is malicious agent. Remote host and mobile code program might belong to different administrative domains in an open network environment such as Internet. Therefore, it is high risk for a server might run into the penetration by malicious agent, Trojan horses and viruses. Malicious agent might consume the resource inordinately and cause the denied of other legitimate agent and server user. There are several security mechanisms tried by researches to combat mobile malicious agent included code signing, sandboxes and proof-carrying code (refer to [8] for the details). It is imperfect solution because all the mechanisms are prone to degrees of false positives (denied legitimate program) and false negatives (failing to detect malicious programs). The most challenging issue is protecting mobile code program from malicious host. Mobile program code traverses from one host to another to collect partial results. This exposure causes the mobile code vulnerable to the manipulation of remote host. The vulnerable degree is depends on the security requirement of the mobile code program. Below are some mobile code program vulnerabilities of the malicious host: Inspection (privacy/confidentiality) : In many applications, parts of their data or code might need to keep secret and confidential. For instance, the shopper s agent credit card number and the biding result from other host. Besides that, the algorithms used to execute the task might be proprietary. One obstacle to protect this confidentiality would be the execution must have the mobile code program exist in the host. The challenge is to develop mechanism to enforce security policy to execute one part of the mobile code and yet disallow the hosts to inspect others part. Besides that, the mechanism also need to ensure only different portion of the program code state to different host. Modification (integrity): The state of the mobile code program commonly would be updated along its journey to collect information from the server. The program must be able to loaded and executing by the remote server. There is no guarantee that no malicious alter on the mobile code program while reading the execution code and before it depart to another host. One of the suggestion from some researches discussed in [10] are using forward-integrity security policy. Another suggestion discussed in [9] is use of cryptographic mechanisms, seal or message digests. However, most of the mechanisms are toward detecting instead of preventing. Furthermore, as highlighted in [8], some mechanisms suggested is not full proofed. Authentication Another issue is authentication of the mobile agent identity is needed to enforce access control. Some cryptographers suggested the use digital signature to decide what right and privileges to grant for the host and program code. However, to avoid vulnerable to malicious host, the program code shall not carry secret or private keys [9]. Therefore, a secure mechanism required to lookup safely the keys. Besides that, there are too many identify associate mobile code program. For instance, an agent can be associated to with the agent s code designer, the agent s developer, the agent dispatches and the visited node [5]. Consequently, the overall authentication process would be complexity and error-prone. Denial of service Mobile code program also can vulnerable to the denial of service. The server host can just refuse to execute the mobile code program. Therefore, the mobile code program will be terminated. This denial of service can apply the same on agent s request to database or other external information sources. Besides security issue, there are also system level issues being discussed in [9]. These included platform compatibility of agent in heterogeneity and scale-up environment, the naming and traceability of the mobile agent and dynamic discovery of resources. VI. CONCLUSION Mobile code is a promising approach in distributed system to increase system flexibility, scalability and reliability. The program code can executed at anywhere across the wide area network without constrained on the host the program code

5 resided. Strong mobility migrate itself (include state and code) to remote host. Weak en mobility does not transfer the state information together with code. Several mobile code paradigms exist such as remote evaluation, code on demand and mobile agent. Study indicated that first two paradigms are widespread acceptance, but not the latter [5]. Consequently, the mobile code promises are only partially fully. The major obstacle of these phenomena is due to several security issues. These included penetration of system by the malicious agent, as well as converse issues of vulnerability of malicious agents at the malicious host. Furthermore some available protection and prevention mechanism are not full proofed. Therefore, subsequent work on the real understanding and research of the various security mechanisms to detect and prevent the malicious attack is essential to realize the vision of mobile code in distributed system. REFERENCES [1] A. Carzaniga, G. P. Picco, and G. Vigna, "Designing Distributed Applications with Mobile Code Paradigms," in Software Engineering, 1997., Proceedings of the 1997 International Conference on, 1997, pp [2] G. P. Picco, "Mobile Agents:An Introduction," J.Microprocessor and Microsystems, vol. 25, no. 2, pp , [3] A. Fuggetta, G. P. Picco and G. Vigna, "Understanding Code Mobility," IEEE Transaction on Software Engineering, vol. 24, no. 5, [4] R. R. Brooks, "Mobile code paradigms and security issues," Internet Computing, IEEE, vol. 8, pp , [5] A. Carzaniga, G. P. Picco, and G. Vigna, "Is Code Still Moving Around? Looking Back at a Decade of Code Mobility," in Software Engineering - Companion, ICSE 2007 Companion. 29th International Conference on, 2007, pp [6] R.R. Brooks. And N. Orr, A Model for Mobile Codes using Interacting Automata, IEEE Trans. Mobile Computing, vol 1, no.4, 2002, pp [7] R.S. Gray, D. Kotz, S. Nog, D. Rus, and G. Cybenko, Mobile Agents for Mobile Computing, Proc. Second Aizu Int l Symp. Parallel Algorithms/Architectures Synthesis, Fukushima, Japan, Mar [8] J.M. Zachary, Protecting Mobile Code in the Wild, IEEE Internet Computing, vol. 7, no. 2, Mar./Aprl. 2003, pp [9] N. M. Karnik and A. R. Tripathi. Design Issues in Mobile Agent Programming Systems. IEEE Concurrency, 6(6):52 61, [10] B. Yee, Why Secure Remote Execution, white paper, 2002; available at