% Bibliography disseminated via http://www.cnri.reston.va.us/home/koe/bib/ % Maintained by Jeremy Hylton, jeremy@cnri.reston.va.us % Copyright 1997-8 CNRI % % I'm going to include subject categories in each entry to distinguish % some of the various flavors of mobile code that exists. I'll try to % to keep it simple and limit the number of categories. % % ma = mobile agent % an = active networks % sec = safety and security % mc = mobile code/objects % mob = mobile computing % misc = miscellaneous @string{dartmouthcs = "Department of Computer Science, Dartmouth College"} @string{ecoop-mos2 = "2nd ECOOP Workshop on Mobile Object Systems"} @string{ecoop-mos3 = "3rd ECOOP Workshop on Mobile Object Systems"} @String{pdpta98 = "Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA'98)"} @string{sosp15 = "Proceedings of the 15th ACM Symposium on Operating Systems Principles"} @string{sigops7 = "Proceedings of the Seventh ACM SIGOPS European Workshop"} @string{iwooos96 = "Proceedings of the Fifth International Workshop on Object Orientation in Operating Systems"} @string{ma97 = "Proceedings of the First International Workshop on Mobile Agents"} @string{tocs = "ACM Transactions on Computer Systems"} @string{toplas = "ACM Transactions on Programming Languages and Systems"} @string{tse = "IEEE Transactions on Software Engineering"} @String{mob-obj-sys = "Mobile Object Systems: Towards the Programmable {I}nternet"} @string{lncs1222 = "Lecture Notes in Computer Science No. 1222"} @string{hotos6 = "Proceedings of the 6th Workshop on Hot Topics in Operating Sytems (HotOS-VI)"} @string{icdcs17 = "Proceedings of the 17th International Conference on Distributed Computing Systems"} @string{IC = "IEEE Internet Computing"} @InCollection{acharya97:dynamic, author = "Anurag Acharya and Mudumbai Ranganathan and Joel Saltz", title = "Dynamic Linking for Mobile Programs", year = 1997, pages = "245--262", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, url = {http://www.cs.umd.edu/\~{}acha/papers/lncs97-2.html}, subject = "ma", abstract = "Programs that use mobility as a mechanism to adapt to resource changes have three requirements that are not shared with other mobile programs. First, they need to monitor the level and quality of resources in their operating environment. Second, they need to be able to react to changes in resource availability. Third, they need to be able to control the way in which resources are used on their behalf (by libraries and other support code). In this chapter, we describe the design and implementation of Sumatra, an extension of Java that supports resource-aware mobile programs. We also describe the design and implementation of a distributed resource monitor that provides the information required by Sumatra programs." } @InCollection{acharya97:sumatra, author = "Anurag Acharya and Mudumbai Ranganathan and Joel Saltz", title = "Sumatra: A Language for Resource-Aware Mobile Programs", year = 1997, pages = "111--130", month = apr, note = lncs1222, publisher = "Springer-Verlag", booktitle = mob-obj-sys, url = {http://www.cs.umd.edu/\~{}acha/papers/lncs97-1.html}, subject = "ma", abstract = "Programs that use mobility as a mechanism to adapt to resource changes have three requirements that are not shared with other mobile programs. First, they need to monitor the level and quality of resources in their operating environment. Second, they need to be able to react to changes in resource availability. Third, they need to be able to control the way in which resources are used on their behalf (by libraries and other support code). In this chapter, we describe the design and implementation of Sumatra, an extension of Java that supports resource-aware mobile programs. We also describe the design and implementation of a distributed resource monitor that provides the information required by Sumatra programs. changes." } @InProceedings{adl-tabatabai96:efficient, author = "Ali-Reza Adl-Tabatabai and Geoff Langdale and Steven Lucco and Robert Wahbe", title = "Efficient and language-independent mobile programs", pages = "127--136", booktitle = "Proceedings of the ACM SIGPLAN '96 Conference on Programming Language Design and Implementation (PLDI)", address = "Philadelphia, Pa.", url = {http://www.cs.cmu.edu/afs/cs.cmu.edu/user/ali/www/pldi96-omniware.ps}, subject = "mc:sec", abstract = "This paper evaluates the design and implementation of Omniware: a safe, efficient, and language-independent system for executing mobile program modules. Previous approaches to implementing mobile code rely on either language semantics or abstract machine interpretation to enforce safety. In the former case, the mobile code system sacrifices universality to gain safety by dictating a particular source language or type system. In the latter case, the mobile code system sacrifices performance to gain safety through abstract machine interpretation. Omniware uses software fault isolation, a technology developed to provide safe extension code for databases and operating systems, to achieve a unique combination of language-independence and excellent performance. Software fault isolation uses only the semantics of the underlying processor to determine whether a mobile code module can corrupt its execution environment. This separation of programming language implementation from program module safety enables our mobile code system to use a radically simplified virtual machine as its basis for portability. We measured the performance of Omniware using a suite of four SPEC92 programs on the Pentium, PowerPC, Mips, and Sparc processor architectures. Including the overhead for enforcing safety on all four processors, OmniVM executed the benchmark programs within 21% as fast as the optimized, unsafe code produced by the vendor-supplied compiler.", year = 1996, month = may } @InProceedings{baldi97:exploiting, author = "Mario Baldi and Silvano Gai and Gian Pietro Picco", title = "Exploiting Code Mobility in Decentralized and Flexible Network Management", booktitle = ma97, year = 1997, address = "Berlin, Germany", month = apr, subject = "ma:an", url = {http://www.polito.it/\~{}picco/papers/ma97.ps.gz}, abstract = "Network management is gaining increasing importance due to the pervasiveness of computer networks. Nevertheless, mainstream approaches to network management are presently limited by centralized management strategies and poor flexibility---a consequence of their rigid client-server architecture. In this paper we analyze how to overcome these problems by new design paradigms and technologies encompassing the capability to relocate dynamically the components of a distributed application. We evaluate the opportunities offered by this approach and provide feasibility considerations, also discussing a few interim architectural solutions adopted in our on-going implementation work." } @InProceedings{baumann97:communication, author = "Joachim Baumann and Fritz Hohl and Nikolaos Radouniklis and Kurt Rothermel and Markus Strßer", title = "Communication Concepts for Mobile Agent Systems", booktitle = ma97, subject = "ma", address = "Berlin, Germany", month = apr, year = 1997, url = {http://www.informatik.uni-stuttgart.de/ipvr/vs/Publications/1997-baumann-01.sub.ps.gz}, abstract = "Driven by the question how to identify potential communication partners and the need for well-suited communication schemes in agent-based systems, we discuss two communication concepts: sessions and global event management. Sessions establish either actively or passively a context for inter-agent interactions. Communication partners are addressed by globally unique agent identifiers or via badges. Communication in sessions is based on RPC or message mechanisms. Global event management addresses the need for anonymous communication. Event managers are employed as a synchronization means within agent groups. Based on this approach, we introduce synchronization objects, -- active components that offer various synchronization services. The presented model is finally mapped onto OMG event services." } @Article{bennett90:experience, author = "John K. Bennett", title = "Experience with {D}istributed {S}malltalk", journal = "Software--Practice and Experience", year = 1990, volume = 20, number = 2, pages = "157--180", month = feb, subject = "mc" } @InProceedings{bharat95:migratory, author = "Krishna A. Bharat and Luca Cardelli", title = "Migratory Applications", booktitle = "Proceedings of the 8th Annual ACM Symposium on User Interface Software and Technology", year = 1995, note = "Also available as Digital Systems Research Center Research Report 138", month = nov, subject = "mc", address = "Pittsburgh, Pa.", url = {http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-138.html}, abstract = "We introduce a new genre of user interface applications that can migrate from one machine to another, taking their user interface and application contexts with them, and continue from where they left off. Such applications are not tied to one user or one machine, and can roam freely over the network, rendering service to a community of users, gathering human input and interacting with people. We envisage that this will support many new agent-based collaboration metaphors. The ability to migrate executing programs has applicability to mobile computing as well. Users can have their applications travel with them, as they move from one computing environment to another. We present an elegant programming model for creating migratory applications and describe an implementation. The biggest strength of our implementation is that the details of migration are completely hidden from the application programmer; arbitrary user interface applications can be migrated by a single ``migration'' command. We address system issues such as robustness, persistence and memory usage, and also human factors relating to application design the interaction metaphor and safety. " } @InCollection{bharat97:migratory, author = "Krishna Bharat and Luca Cardelli", title = "Migratory Applications", year = 1997, pages = "131--149", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, url = {}, annote = "An earlier version appeared as \cite{bharat95:migratory}.", subject = "ma", abstract = "We present a new genre of user interface applications: applications that can migrate from one machine to another, taking their user interface and application contexts with them, and continue from where they left off. Such applications are not tied to one user or one machine, and can roam freely over the network, rendering service to a community of users, gathering human input and interacting with people. We envisage that this will support many new agent-based collaboration metaphors. The ability to migrate executing programs has applicability to mobile computing as well. Users can have their applications travel with them, as they move from one computing environment to another. We present an elegant programming model for creating migratory applications and describe an implementation. The biggest strength of our implementation is that the details of migration are completely hidden from the application programmer; arbitrary user interface applications can be migrated by a single ``migration'' command. We address system issues such as robustness, persistence and memory usage, and also human factors relating to the application design process, the interaction metaphor and safety." } @Article{bic96:distributed, author = "Lubomir F. Bic and Munehiro Fukuda and Michael B. Dillencourt ", title = "Distributed Computing using Autonomous Objects", journal = "IEEE Computer", year = 1996, month = aug, url = {http://www.ics.uci.edu/\~{}bic/messengers/COMPUTER.ps}, subject = "ma", abstract = "Autonomous Objects are a new paradigm for distributed systems, based on the concept of intelligent messages that carry their own behavior as they navigate autonomously through the underlying computational network." } @Article{birrell95, author = "Andrew Birrell and Greg Nelson and Susan Owicki and Edward Wobber", title = "Network Objects", journal = "Software--Practice and Experience", year = 1995, volume = 25, number = "S4", pages = "87--130", month = dec, note = "Also available as Digital Systems Research Center Research Report 115.", url = {http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-115.html}, subject = "mc", abstract = "A network object is an object whose methods can be invoked over a network. This report describes the design and implementation of a network objects system for Modula-3. The system is novel for its overall simplicity. The report includes a thorough description of realistic marshaling algorithms for network objects, precise informal specifications of the major internal interfaces, preliminary experience, and performance results." } @Book{bradshaw96:software, title = "Software Agents", publisher = "AAAI Press/MIT Press", year = 1996, editor = "Jeffrey Bradshaw", address = "Menlo Park, Cal." } @TechReport{bredin98:demand, author = "Jonathan Bredin and David Kotz and Daniela Rus", title = "Utility Driven Mobile-Agent Scheduling", year = 1998, month = may, number = "PCS-TR98-331", institution = "Dept. of Computer Science, Dartmouth College", url = {ftp://ftp.cs.dartmouth.edu/TR/TR98-331.ps.Z}, abstract = "We investigate the possibility of using markets to regulate mobile agents, computer programs that are capable of migrating from one machine to another. Market participation requires quantitative information about resource consumption to define demand and calculate utility. \par We create a formal utility model to derive user-demand functions, allowing agents to efficiently plan expenditure and deal with price fluctuations. By quantifying demand and utility, resource owners can precisely set a value for a good. We simulate our model in a mobile agent scheduling environment and show how prices fluctuate, compounding uncertainty in an agent's plans. To solve this problem, we propose that resource owners sell options to allow agents to trade away their risk." } @InProceedings{bredin98:market, author = "Jonathan Bredin and David Kotz and Daniela Rus", title = "Market-based resource control for mobile agents", url = "ftp://ftp.cs.dartmouth.edu/TR/TR97-326.ps.Z", subject = "ma", abstract = "Mobile agents are programs that can migrate from machine to machine in a heterogeneous, partially disconnected network. As mobile agents move across a network, they consume resources. We discuss a system for controlling the activities of mobile agents that uses electronic cash, a banking system, and a set of resource managers. We describe protocols for transactions between agents. We present fixed-pricing and dynamic-pricing policies for resources. We focus on and analyze the sealed-bid second-price auction as a mechanism for dynamic pricing.", booktitle = "Proceedings of Autonomous Agents '98", year = 1998, pages = "197--204", note = "Earlier version published as Darmouth College, Department of Computer Science technical report TR97-326." } @TechReport{cai96:dataflow, author = "Ting Cai and Peter Gloor and Saurab Nog", title = "DataFlow: A Workflow Management System on the {W}eb using transportable Agents", institution = dartmouthcs, year = 1996, number = "TR96-283", address = "Hanover, N.H.", url = {http://www.cs.dartmouth.edu/reports/abstracts/TR96-283/}, subject = "ma" } @Article{cardelli95:language, author = "Luca Cardelli", title = "A language with distributed scope", journal = "Computing Systems", year = 1995, note = "Also available as Digital Systems Research Center Research Report 122", subject = "mc", url = {http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-122.html}, volume = 8, number = 1, pages = "27--59", abstract = "Obliq is a lexically-scoped untyped interpreted language that supports distributed object-oriented computation. An Obliq computation may involve multiple threads of control within an address space, multiple address spaces on a machine, heterogeneous machines over a local network, and multiple networks over the Internet. Obliq objects have state and are local to a site. Obliq computations can roam over the network, while maintaining network connections." } @InCollection{cardelli97:mobile, author = "Luca Cardelli", title = "Mobile Computations", year = 1997, pages = "3--6", month = apr, publisher = "Springer-Verlag", note = lncs1222, url = {http://www.research.digital.com:80/SRC/personal/Luca_Cardelli/Papers/MobileComputBookIntro.ps}, booktitle = mob-obj-sys } @InProceedings{carzaniga97:designing, author = "Antonio Carzaniga and Gian Pietro Picco and Giovanni Vigna", title = "Designing Distributed Applications with a Mobile Code Paradigm", booktitle = "Proceedings of the 19th International Conference on Software Engineering", year = 1997, address = "Boston, Ma.", subject = "mc", url = {http://www.polito.it/\~{}picco/papers/icse97.ps.gz}, abstract = "Large scale distributed systems are becoming of paramount importance, due to the evolution of technology and to the interest of market. Their development, however, is not yet supported by a sound technological and methodological background, as the results developed for small size distributed systems often do not scale up. Recently, {\em mobile code languages} (MCLs) have been proposed as a technological answer to the problem. In this work, we abstract away from the details of these languages by deriving design paradigms exploiting code mobility that are independent of any particular technology. We present such design paradigms, together with a discussion of their features, their application domain, and some hints about the selection of the correct paradigm for a given distributed application.", month = may } @Article{cejtin95:higher, author = "Henry Cejtin and Suresh Jagannathan and Richard Kelsey", title = "Higher-Order Distributed Objects", journal = toplas, year = 1995, volume = 17, number = 5, pages = "704--739", month = sep, url = {ftp://ftp.nj.nec.com/pub/pls/toplas95.ps}, subject = "mc", abstract = "We describe a distributed implementation of Scheme that permits efficient transmission of higher-order objects such as closures and continuations. The integration of distributed communication facilities within a higher-order programming language engenders a number of new abstractions and paradigms for distributed computing. Among these are user-specified load-balancing and migration policies for threads, incrementally linked distributed computations, and parameterized client-server applications. To our knowledge, this is the first distributed dialect of Scheme (or a related language) that addresses lightweight communication abstractions for higher-order objects." } @TechReport{chess95:itinerant, author = "David Chess and Benjamin Grosof and Colin Harrison and David Levine and Colin Paris and Gene Tsudik", title = "Itinerant Agents for Mobile Computing", institution = "IBM", year = 1995, type = "IBM Research Report", number = "RC 20010", month = mar, url = {http://www.research.ibm.com/massdist/rc20010.ps}, subject = "mob:ma" } @InCollection{chess97:mobile, author = "David Chess and Colin Harrison and Aaron Kershenbaum", title = "Mobile Agents: Are They a Good Idea? -- Update", year = 1997, pages = "46--48", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys } @InCollection{ciancarini97:jada, author = "Paolo Ciancarini and Davide Rossi", title = "Jada -- Coordination and Communication for Java Agents", year = 1997, pages = "213--228", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, url = {}, subject = "ma", abstract = "In this chapter we are going to analyze mobile code issues in the perspective of object oriented systems in which thread migration is not supported. This means that both object's code and data can be transmitted from a place to another but not the current execution state (if any) associated to the object. This is the case with the Java language which is often used in the \WWW for developing applets which are little applications downloaded on the fly and executed in the client machine. While this mechanism is quite useful for enhancing HTML documents with sound and animation, we think that this technology can give its best in the field of distributed-cooperative work, both in the perspective of Internet and Intranet connectivity. Java is indeed a concurrent, multithreaded language, but it offers little help for distributed programming. Thus, we introduce Jada, a coordination toolkit for Java where coordination among either concurrent threads or distributed Java objects is achieved via shared object spaces. By exchanging objects through tuple spaces, Java programs and applets can exchange data or synchronize their actions over a single host, a LAN, or even the Internet. \par The access to an object space is performed using a set of methods of the ObjectSpace class. Such operations are \Out (to put an object in the object space), \In and \Read (to get or to read associatively an object from the object space), and others, mostly inspired by the Linda language. \par Jada does not extends the syntax of Java because it is a set of classes. We show how it changes the way we design multiuser, distributed applications (such as the ones based on the WWW) allowing easy interactions between software components and agents. \par Under this perspective we can outline a system of any scale which uses the dynamic linking capability of Java to distribute the code and the coordination facility of Jada to handle distributed entities inter-relations." } @InProceedings{clamen90:reliable, author = "Stewart M. Clamen and Linda D. Leibengood and Scott M. Nettles and Jeanette M. Wing", title = "Reliable Distributed Computing with {A}valon/{C}ommon {L}isp", pages = "169--179", booktitle = "Proceedings of the Internional Conference on Computer Languages", year = 1990, subject = "mc" } @Book{cockayne97:itinerant, editor = "William Cockayne and Michel Zypa", title = "Itinerant Agents: Explanations and Examples with CDROM", publisher = "Manning", year = 1997 } @InProceedings{condict96:towards, author = "Michael Condict and Dejan Milojicic and Franklin Reynolds and Don Bolinger", title = "Towards a World-Wide Civilization of Objects ", booktitle = sigops7, year = 1996, address = "Connemara, Ireland", month = sep, url = {http://mosquitonet.stanford.edu/sigops96/papers/condict.ps}, subject = "ma" } @InProceedings{courtney95:phantom, author = "Antony Courtney", title = "Phantom: An Interpreted Language for Distributed Programming", url = {http://www.apocalypse.org/pub/u/antony/phantom/coots.ps}, booktitle = "Proceedings of the USENIX Conference on Object-Oriented Technologies", year = 1995, address = "Monterey, Ca.", month = jun, annote = "The emerging trend in writing distributed applications is to use an object-based RPC system with a statically compiled, object-oriented language. While such a programming environment is adequate for many tasks, object-based RPC systems and statically compiled languages also have certain intrinsic limitations. These limitations become significant when writing applications which are both distributed and interactive (e.g. network information browsers, distributed conferencing systems and collaborative work tools). This paper discusses these limitations, and presents the design of Phantom, a new intepreted language for distributed programming. Phantom provides many features found in object-based RPC systems and statically compiled languages, including automatic marshalling, transparent remote procedure call, secure authentication and concurrency support. In addition to these traditional features, Phantom's interpreted nature permits the use of certain programming techniques, such as true object migration, remote evaluation, and dynamic extensibility, which are of increasing importance for distributed programming, but which are not available in statically compiled languages and RPC systems. The integration of these features in a single, coherent programming language makes whole new classes of distributed, interactive applications possible." } @InProceedings{cugola96:characterization, author = "Gianpaolo Cugola and Carlo Ghezzi and Gian Pietro Picco and Giovanni Vigna", title = "A Characterization of Mobility and State Distribution in Mobile Code Languages", pages = "10--19", booktitle = ecoop-mos2, year = 1996, address = "Linz, Austria", month = jul, url = {http://www.polito.it/\~{}picco/papers/dpunkt.ps.gz}, subject = "ma:mc", abstract = "The growing importance of telecommunication networks has stimulatedresearch on a new generation of programming languages. Such languagesview the network and its resources as a global environment in whichcomputations take place. In particular, they support the notion of codemobility and state distribution. To understand, discuss, evaluate, andcompare such languages, it is necessary to develop an abstract modelthat allows the meaning of mobility and state distribution to be definedprecisely. The purpose of this paper is to provide such a model and toapply it to the analysis of a number of existing new languages. " } @InCollection{cugola97:analyzing, author = "Gianpaolo Cugola and Carlo Ghezzi and Gian Pietro Picco and Giovanni Vigna", title = "Analyzing Mobile Code Languages", year = 1997, pages = "93--110", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, url = {http://www.polito.it/\~{}picco/papers/ecoop96.ps.gz}, subject = "mc", abstract = "The growing importance of telecommunication networks has stimulated research on a new generation of programming languages. Such languages view the network and its resources as a global environment in which computations take place. In particular, they support the notion of code mobility. To understand, discuss, evaluate, and compare such languages, it is necessary to develop a new set of programming language concepts and/or extend the concepts that are used to deal with conventional languages. The purpose of this paper is to provide such framework. This is done hand-in-hand with a survey of a number of existing new languages." } @phdthesis{dale97:agent, author = "Jonathan Dale", title = "A Mobile Agent Architecture for Distributed Information Management", school = "University of Southampton", year = 1997, month = sep, url = {http://www.mmrg.ecs.soton.ac.uk/publications/archive/dale1997a/}, abstract = "Large-scale networked environments, such as the Internet, possess the characteristics of distributed data, distributed access and distributed control; this gives the user a powerful mechanism for building and integrating large repositories of distributed information from diverse resource sets. However, few support tools have been developed to allow the user to take advantage of the distributed nature of their information. \par Distributed information management is the process by which users can create, disseminate, discover and manage information that is spread across distributed resources. Distributed open hypermedia systems have shown how distributed information, such as documents and hypermedia links, can be managed and handled within an environment that integrates smoothly between the user's desktop and the network. However, such systems are now looking at addressing the problem of interoperability across hypermedia systems, so that documents and links can be shared between users on heterogeneous integrating technologies. \par This thesis proposes that the distributed information management provided by open hypermedia systems needs to be extended so that it is more interoperable, extensible and pervasive and that this can be achieved by integrating the principles of open hypermedia with the technology of mobile agents. Mobile agents present a new development mechanism for designing and building distributed applications which are well suited to the dynamic environment of large-scale networks. \par This thesis describes the development of a mobile agent architecture within which distributed information management tasks can be built and executed. Mobile agents present an important abstraction mechanism when designing distributed environments and also allow the user to manage distributed information indirectly through their mobile agents. A number of prototype agents are described that have been developed to illustrate distributed information management tasks within the architecture and to show how abstractionism and indirect management can be achieved. " } @InProceedings{dale97:mobile, author = {Jonathan Dale and David C. DeRoure}, title = {A Mobile Agent Architecture for Distributed Information Management}, booktitle = {Proceedings of the International Workshop on the Virtual Multicomputer}, year = 1997, month = mar, url = {http://www.mmrg.ecs.soton.ac.uk/publications/archive/dale1997b/}, abstract = "Large-scale networked environments, such as the Internet, possess the characteristics of distributed data, distributed access and distributed control; this gives the user a powerful mechanism for building and integrating large repositories of distributed information from diverse resources. However, few support tools have been developed to allow the user to take advantage of the distributed nature of their information. To help address this problem, we advocate the integration of two technologies; distributed information management principles to allow users to create, disseminate, discover and manage their information, and mobile agent technology to provide the flexibility, scalability and dynamism necessary to develop such distributed information management applications. \par We present four principles that we have identified as being key to achieving distributed information management and an architecture where mobile agents can move across distributed environments, integrate with local resources and other mobile agents, and communicate their results back to the user. We also describe a number of prototype distributed information management agents that we have developed. " } @TechReport{dale97:towards, author = {Jonathan Dale and David C. DeRoure}, title = {Towards a Framework for Developing Mobile Agents for Managing Distributed Information Resources}, institution = {Department of Electronics and Computer Science, University of Southampton}, year = 1997, url = "http://www.agents.ecs.soton.ac.uk/Voyager/papers/m97-1.htm", number = "97-1", month = feb, abstract = "Distributed information management tools allow users to author, disseminate, discover and manage information within large-scale networked environments, such as the Internet. Agent technology provides the flexibility and scalability necessary to develop such distributed information management applications. We present a layered organisation that is shared by the specific applications that we build. Within this organisation we describe an architecture where mobile agents can move across distributed environments, integrate with local resources and other mobile agents, and communicate their results back to the user." } @InProceedings{dasilva96:combining, author = "{Mira da Silva}, Miguel and Malcolm Atkinson", title = "Combining Mobile Agents with Persistent Systems: Opportunities and Challenges", pages = "36--40", booktitle = ecoop-mos2, year = 1996, address = "Linz, Austria", month = jul, url = {http://www.dcs.gla.ac.uk/\~{}mms/publications-abstracts.html#ECOOP96}, subject = "ma", abstract = "In the last three years we have been working with persistence anddistribution, in particular migration of higher-level objects (such asprocedures) between autonomous persistent programs. In this paper weintroduce persistence and the suitability of Napier88, the persistentsystem we have used for our experiments, as an agent language. We thenpresent a few examples of opportunities and many more challenges thatexist in the combination of persistence with agents. " } @InCollection{dasilva97:mobility, author = "{Mira da Silva}, Miguel", title = "Mobility and Persistence", year = 1997, pages = "157-176", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, url = {}, subject = "ma", abstract = "In the last three years we have been working with persistence and distribution, in particular migration of higher-level objects between autonomous persistent programs. In this chapter we introduce persistence and then present a few examples of opportunities and many more challenges that exist in the combination of persistence and mobility." } @InProceedings{dean96:java, author = "Drew Dean and Ed Felten and Dan Wallach", title = "Java Security: From {H}ot{J}ava to {N}etscape and Beyond", booktitle = "Proceedings of the 1996 IEEE Symposium on Security and Privacy", year = 1996, address = "Oakland, Cal.", month = may, subject = "sec", url = {http://www.cs.princeton.edu/sip/pub/secure96.html}, abstract = "The introduction of Java applets has taken the WorldWide Web by storm. Information servers can customize the pre- sentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated. " } @InProceedings{dean97:security, author = "Drew Dean", title = "The Security of Static Typing with Dynamic Linking", booktitle = "Proceedings of the Fourth ACM Conference on Computer and Communications Security", year = 1997, address = "Zurich, Switzerland", month = apr, url = {http://www.CS.Princeton.EDU/sip/pub/ccs4.html}, note = "sec", abstract = "Dynamic linking is a requirement for portable executable content. Executable content cannot know, ahead of time, where it is going to be executed, nor know the proper operating system interface. This imposes a requirement for dynamic linking. At the same time, we would like languages supporting executable content to be statically typable, for increased efficiency and security. Static typing and dynamic linking interact in a security-relevant way. This interaction is the subject of this paper. One solution is modeled in PVS, and formally proven to be safe." } @InCollection{domel97:interaction, author = "Peter D{\"o}mel", title = "Interaction of {J}ava and {T}elescript Agents", year = 1997, pages = "295--314", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, subject = "ma", abstract = "This chapter gives an introduction into the two object-oriented programming environments Telescript and Java which both allow to write mobile code. It illustrates some of the more interesting features of these languages as platforms for mobile object systems. Further emphasis lies on the cooperation of agents in these two object-oriented worlds. Moreover, several descriptions of some higher-level agents scenarios are given." } @InProceedings{duggan96:type, author = "Dominic Duggan and Piotr Przybylski", title = "A Type-Based Implementation of a Language With Distributed Scope", pages = "52--59", booktitle = ecoop-mos2, year = 1996, address = "Linz, Austria", month = jul, subject = "mc", url = {http://cuiwww.unige.ch/\~{}ecoopws/ws96/7.ps.gz}, abstract = "The ML programming language has several features that make it desirableas a language for distributed application programming. It supportsfirst-class closures, which are useful for distributed scope and mobileagents. Type inference removes much of the tedium of lower-levelprogramming, without compromising reliability. Finally ML provides apowerful type system, including type polymorphism. A dialect of MLintended for distributed application programming is introduced. Adistinguishing characteristic of this implementation is the use ofrun-time type information, motivated by several constructs in thelanguage. This is intended to motivate the use of run-time types in implementations of polymorphic languages intended for distributed programming. " } @InCollection{duggan97:type, author = "Dominic Duggan", title = "A Type-Based Implementation of a Language with Distributed Scope", year = 1997, pages = "277--294", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, url = {}, subject = "ma", abstract = "Several languages have been designed and implemented for programming mobile computations. This chapter describes a mobile code language based on extending the popular ML language. The language design, and its implementation, are distinguished by the use of run-time type information for computation. This is intended to motivate the use of run-time types in implementations of languages intended for distributed programming and mobile computations, particularly languages such as ML that provide type polymorphism." } @Proceedings{ecoop96:mos, title = "Proceedings of the 2nd ECOOP Workshop on Mobile Object Systems", year = 1996, editor = "Jaochim Baumann and Christian Tschudin and Jan Vitek", address = "Linz, Austria", month = jul, url = {http://cuiwww.unige.ch/\~{}ecoopws/index.html#ws96} } @InProceedings{edjlali98:history, author = {Guy Edjlali and Anurag Acharya and Vipin Chaudhary}, title = {History-based access control for mobile code}, booktitle = {Proceedings of the Fifth ACM Conference on Computer and Communications Security}, year = 1998, address = {San Francisco, Ca.}, month = nov, url = {http://www.cs.ucsb.edu/\~{}acha/publications/ccs98-submitted.html}, abstract = {In this paper, we present a history-based access-control mechanism that is suitable for mediating accesses from mobile code. The key idea behind history-based access-control is to maintain a selective history of the access requests made by individual programs and to use this history to improve the differentiation between safe and potentially dangerous requests. What a program is allowed to do depends on its own behavior and identity in addition to currently used discriminators like the location it was loaded from or the identity of its author/provider. History-based access-control has the potential to significantly expand the set of programs that can be executed without compromising security or ease of use. We describe the design and implementation of Deeds, a history-based access-control mechanism for Java. Access-control policies for Deeds are written in Java, and can be updated while the programs whose accesses are being mediated are still executing.} } @Article{falcone87:programmable, author = "Joseph R. Falcone", title = "A Programmable Interface Language for Heterogeneous Distributed Sytems", journal = tocs, year = 1987, volume = 5, number = 4, pages = "330--351", month = jul } @InProceedings{farmer96:authentication, author = "William M. Farmer and Joshua D. Guttman and Vipin Swarup", title = "Security for Mobile Agents: Authentication and State Appraisal", pages = "118--130", booktitle = "Proceedings of the Fourth European Symposium on Research in Computer Security", year = 1996, address = "Rome, Italy", subject = "ma:sec", month = sep, note = "Springer-Verlag Lecture Notes in Computer Science No. 1146", abstract = "Mobile agents are processes which can autonomously migrate to new hosts. Despite its many practical benefits, mobile agent technology results in significant new security threats from malicious agents and hosts. The primary added complication is that, as an agent traverses multiple hosts that are trusted to different degrees, its state can change in ways that adversely impact its functionality. In this paper, we discuss achievable security goals for mobile agents, and we propose an architecture to achieve these goals. The architecture models the trust relations between the principals of mobile agent systems. A unique aspect of the architecture is a ``state appraisal'' mechanism that protects users and hosts from attacks via state modifications and that provides users with flexible control over the authority of their agents." } @InProceedings{farmer96:issues, author = "William M. Farmer and Joshua D. Guttman and Vipin Swarup", title = "Security for Mobile Agents: Issues and Requirements", pages = "591--597", booktitle = "Proceedings of the 19th National Information Systems Security Conference", year = 1996, address = "Baltimore, Md.", url = {http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper033/SWARUP96.PDF}, subject = "ma:sec", month = oct } @TechReport{fong98:viewer, author = "Philip W. L. Fong", title = "Viewer's Discretion: Host Security in Mobile Code Systems", institution = "School of Computing Science, Simon Fraser University", year = 1998, number = "SFU CMPT TR 1998-19", address = "Burnaby, {BC}", month = nov, subject = "sec", url = {http://www.cs.sfu.ca/\~{}pwfong/personal/Pub/SFU-CMPT-TR-1998-19.ps}, abstract = { Mobile code computation is a new paradigm for structuring distributed systems. Mobile programs migrate from remote sites to a host, and interact with the resources and facilities local to that host. This new mode of distributed computation promises great opportunities for electronic commerce, mobile computing, and information harvesting. There has been a general consensus that security is the key to the success of mobile code computation. In this paper, we survey the issues surrounding the protection of a host from potentially hostile mobile programs. \par Decades of research in operating systems has provided significant experience and insight into the nature of system security. Before we propose any new security model for mobile code systems, it is wise to question why the existing protection mechanisms found in distributed operating systems do not fully address the security needs of mobile code systems. We propose three security challenges that are distinctive of the mobile code phenomenon, namely, the establishment of anonymous trust (establishing trust with programs from unfamiliar origin), layered protection (establishing fine-grained protection boundaries among mutually-distrusting parts of the same process), and implicit acquisition (coping with the implicit nature of mobile program acquisition). \par We also survey various approaches to protection in existing mobile code systems. We classify protection approaches into four categories: discretion, verification, transformation, and arbitration. We evaluate each category by looking at how well they address the security needs of mobile code computation. } } @InProceedings{fong98:proof, author = {Philip W. L. Fong and Robert D. Cameron}, title = {Proof Linking: An Architecture for Modular Verification of Dynamically-Linked Mobile Code}, booktitle = "Proceedings of the Sixth ACM SIGSOFT International Symposium on the Foundations of Software Engineering", pages = {222--230}, year = 1998, address = {Orlando, Florida}, month = nov, url = {http://www.cs.sfu.ca/\~{}pwfong/personal/Pub/fse98.ps}, abstract = "Security flaws are routinely discovered in commercial implementations of mobile code systems such as the Java Virtual Machine (JVM). Typical architectures for such systems exhibit complex interdependencies between the loader, the verifier, and the linker, making them difficult to craft, validate, and maintain. This reveals a software engineering challenge that is common to all mobile code systems in which a static verification phase is introduced before dynamic linking. In such systems, one has to articulate how loading, verification, and linking interact with each other, and how the three processes should be organized to address various security issues. \par We propose a standard architecture for crafting mobile code verifiers, based on the concept of proof linking. This architecture modularizes the verification process and isolates the dependencies among the loader, verifier, and linker. We also formalize the process of proof linking and establish properties to which correct implementations must conform. As an example, we instantiate our architecture for the problem of Java bytecode verification and assess the correctness of this instantiation. Finally, we briefly discuss alternative mobile code verification architectures enabled by our modularization." } @InCollection{franz97:adapative, author = "Michael Franz", title = "Adaptive Compression of Syntax Trees and Iterative Dynamic Code Optimization: Two Basic Technologies for Mobile Object Systems", year = 1997, pages = "263--276", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, url = {}, subject = "ma", abstract = "We are designing and implementing a flexible infrastructure for mobile-object systems. Two fundamental innovations distinguish our architecture from other proposed solutions. First, our representation of mobile code is based on adaptive compression of syntax trees. Not only is this representation more than twice as dense as Java byte-codes, but it also encodes semantic information on a much higher level than linear abstract-machine representations such as p-code or Java byte-codes. The extra structural information that is contained in our mobile-code format is directly beneficial for advanced code optimizations. \par Second, our architecture achieves superior run-time performance by integrating the activity of generating executable code into the operating system itself. Rather than being an auxiliary function performed off-line by a stand-alone compiler, code generation constitutes a central, indispensable service in our system. Our integral code generator has two distinct modes of operation: instantaneous load-time translation and continuous dynamic re-optimization. \par In contrast to just-in-time compilers that translate individual procedures on a call-by-call basis, our system's integral code-generator translates complete code-closures in a single burst during loading. This has the apparent disadvantage that it introduces a minor delay prior to the start of execution. As a consequence, to some extent we have to favor compilation speed over code quality at load time. \par But then, the second operation mode of our embedded code generator soon corrects this shortcoming. Central to our run-time architecture is a thread of activity that continually optimizes all of the already executing software in the background. Since this is strictly a re-compilation of already existing code, and since it occurs completely in the background, speed is not critical, so that aggressive, albeit slow, optimization techniques can be employed. Upon completion, the previously executing version of the same code is supplanted by the newly generated one and re-optimization starts over. By constructing globally optimized code-images from mobile software components, our architecture is able to reconcile dynamic composability with the run-time efficiency of monolithic applications." } @InProceedings{fukuda96:intra, author = "Munehiro Fukuda and Lubomir F. Bic and Michael B. Dillencourt and Fehmina Merchant", title = "Intra- and Inter-Object Coordination with {\sc Messengers\/}", booktitle = "Coordination Languages and Models", pages = "179--196", year = 1996, url = {http://www.ics.uci.edu/\~{}bic/messengers/COORD.ps}, address = "Cesena, Italy", month = apr, publisher = "Springer-Verlag", note = "Lectures Notes in Computer Science 1061.", abstract = "MESSENGERS is a paradigm for the programming of distributed systems. It is based on the principles of autonomous messages, called Messengers, which carry their own behavior in the form of a program. This enables them to navigate freely in the underlying computational network, communicate with one another, and invoke pre-compiled node-resident functions. Coordination is facilitated at two distinct levels of abstraction: first, Messengers coordinate the invocation and the exchange of data among the various functions distributed throughout the network in both time and space (intra-object coordination); second, Messengers, each representing a high-level entity, can coordinate their behaviors among themselves (inter-object coordination). These principles, where an application is composed of autonomous, mobile entities whose behaviors may change dynamically and which can coordinate their actions among themselves, offer great flexibility in interacting with and manipulating the application at run time, as well as improved performance. This is illustrated using two concrete examples--a Toxicology simulation from medicine and a study of collective fish behavior from biology." } @InProceedings{fukuda97:hierarchical, author = "Munehiro Fukuda and Lubomir F. Bic and Michael B. Dillencourt and Fehmina Merchant", title = "A Hierarchical Mapping Scheme for Mobile Agent Systems", booktitle = "6th IEEE CS Workshop on Future Trends of Distributed Computing Systems (FTDCS)", year = 1997, address = "Tunis, Tunisia", month = oct, url = {http://www.ics.uci.edu/\~{}bic/messengers/FTDCS97.ps}, abstract = "MESSENGERS is a system for general-purpose distributed computing based on the principles of mobile agents. Its underlying infrastructure consists of a collection of daemon processes, whose task it is to receive incoming agents, provide the necessary environment for their execution, and send them on to their next destinations as dictated by their behaviors. The structure of the daemon processes and their mapping onto the physical network is the main subject of this paper. Given the autonomous nature of each computation, the mapping problem is very different from those implemented for systems of communicating processes. At the same time, it offers new opportunities for solving the problems of load balancing, dynamic resource utilization, and trade-offs between computation granularity and communication overhead." } @InProceedings{fukuda97:messages, author = "Munehiro Fukuda and Lubomir F. Bic and Michael B. Dillencourt and Fehima Merchant", title = "Messages versus Messengers in Distributed Programming", booktitle = icdcs17, year = 1997, address = "Baltimore, Md.", month = may, url = {http://www.ics.uci.edu/\~{}bic/messengers/ICDCS97.ps}, subject = "ma", abstract = "Messengers are autonomous objects, each capable of navigating through the underlying network and performing various tasks at each node. Messengers applications are written using navigational commands rather than the send/receive primitives of conventional message-passing approaches. In this paper we contrast the two programming styles. The navigational style generally results in a smaller semantic gap between abstract algorithm descriptions and their actual implementations, which makes programs easier to construct, understand, and maintain. Other advantages of the navigational programming style include the ability to compute in unknown or dynamically changing network topologies." } @InProceedings{fukuda97:performance, author = "Munehiro Fukuda and Lubomir F. Bic and Michael B. Dillencourt", title = "Performance of the {MESSENGERS} Autonomous-Objects-Based System", booktitle = "Proceedings of the First International Conference on Worldwide Computing and Its Applications (WWCA97)", year = 1997, address = "Tsukuba, Japan", month = mar, publisher = "Springer-Verlag", note = "Lecture Notes in Computer Science 1274.", url = {http://www.ics.uci.edu/\~{}bic/messengers/wwca97.ps}, abstract = {MESSENGERS is a system for general-purpose distributed computing based on the concept of autonomous mobile objects, capable of navigating through a network and invoking native-mode C functions in the nodes they visit. We present performance measurements using three specific applications to illustrate the cost of using this paradigm for developing and using distributed applications.} } @Article{fukuda98:distributed, author = "Munehiro Fukuda and Lubomir F. Bic and Michael B. Dillencourt and Fehmina Merchant", title = "Distributed Coordination with {MESSENGERS}", journal = "Science of Computer Programming", note = "Special Issue on Coordination Models, Languages, Applications", volume = 31, number = 2, year = 1998, url = {http://www.ics.uci.edu/\~{}bic/messengers/COORD-j.ps}, abstract = "MESSENGERS is a paradigm for the programming of distributed systems. It is based on the principles of autonomous messages, called Messengers, which carry their own behavior in the form of a program. This enables them to navigate freely in the underlying computational network, communicate with one another, and invoke compiled node-resident C functions in the nodes they visit. Hence a distributed application is viewed as a collection of C functions whose invocation and interoperation is orchestrated by Messengers. This provides for a clear separation between computations, as expressed by the individual node functions, and coordination, which is the order of function invocations and the transport of information among them as prescribed by messengers. This separation allows each layer to be designed and implemented separately. It also supports the reuse of the coordination structures and the interactive and incremental development and use of distributed applications." } @InProceedings{fukuda98:global, author = "Munehiro Fukuda and Lubomir F. Bic and Michael B. Dillencourt", title = "Global Virtual Time Support for Individual-Based Simulations", booktitle = pdpta98, address = "Las Vegas, NV", month = jul, year = 1998, url = {http://www.ics.uci.edu/\~{}bic/messengers/PDPTA.ps}, abstract = "An individual-based simulation organizes the application as a collection of autonomous entities. The behavior of the system is simulated as interactions among such entities and hence the application development focuses primarily on describing the entities' behaviors. A natural implementation of individual-based modeling is to use autonomous objects, i.e., mobile entities navigating autonomously through their underlying computational network. This is further simplified if the programming and execution environment supports global virtual time management. MESSENGERS is a virtual-time computing environment for autonomous objects, and therefore the present work is the first experiment in applying the paradigm of autonomous objects to distributed individual-based simulations. We discuss MESSENGERS' advantages for application development from the software engineering point of view and compare its performance with conventional message-passing executions." } @InProceedings{ghezzi97:mobile, author = "Carlo Ghezzi and Giovanni Vigna", title = "Mobile Code Paradigms and Technologies: A Case Study", booktitle = ma97, year = 1997, subject = "ma", address = "Berlin, Germany", month = apr, url = {http://www.elet.polimi.it/\~{}vigna/ma97.ps.gz}, abstract = "The opportunities offered by the Internet are encouraging research aimed at the creation of a computational infrastructure that exploits the wide spread communication infrastructure. The mobile computation paradigm is a proposal to build a computational infrastructure that goes beyond the well-known client-server paradigm and increases dynamicity and flexibility. Despite the promising first steps, there is still confusion on the role of paradigms and technology in the development on applications based on the mobile computation paradigm. We present a case study in which we develop several versions of an application using different paradigms and different technologies in order to show when these concepts come into play and which are their relationships." } @InProceedings{goldberg96:secure, author = "Ian Goldberg and David Wagner and Randi Thomas and Eric A. Brewer", title = "A Secure Environment for Untrusted Helper Applications", url = {http://www.cs.berkeley.edu/\~{}daw/janus-usenix96.ps}, booktitle = "Proceedings of the 6th Usenix Security Symposium", year = 1996, address = "San Jose, Ca.", month = jul, abstract = "Many popular programs, such as Netscape, use untrusted helper applications to process data from the network. Unfortunately, the unauthenticated network data they interpret could well have been created by an adversary, and the helper applications are usually too complex to be bug-free. This raises significant security concerns. Therefore, it is desirable to create a secure environment to contain untrusted helper applications. We propose to reduce the risk of a security breach by restricting the program's access to the operating system. In particular, we intercept and filter dangerous system calls via the Solaris process tracing facility. This enabled us to build a simple, clean, user-mode implementation of a secure environment for untrusted helper applications. Our implementation has negligible performance impact, and can protect pre-existing applications.", subject = "sec" } @InProceedings{gosling86:sundew, author = "James Gosling", title = "Sundew: A distributed and extensible window system", pages = "98--103", booktitle = "Proceedings of the 1986 Usenix Winter Technical Conference", year = 1986, address = "Denver, Colorado" } @Book{gosling89:news, author = "James Gosling and Rosenthal, David S. H. and Michelle J. Arden", title = "The {N}e{WS} Book: An Introduction to the {N}etwork/extensible {W}indow {S}ystem", publisher = "Springer-Verlag", year = 1989, address = "New York" } @InProceedings{gray95:agent, author = "Robert S. Gray", title = "Agent {T}cl: A transportable agent system", booktitle = "Proceedings of the CIKM Workshop on Intelligent Information Agents", year = 1995, address = "Baltimore, Md.", month = dec, url = {http://www.cs.dartmouth.edu/\~{}agent/papers/cikm95.ps.Z}, subject = "ma" } @Manual{gray95:agent-manual, author = "Robert S. Gray", title = "Agent {T}cl: Alpha Release 1.1", organization = dartmouthcs, year = 1995, month = dec, url = {ftp://cs.dartmouth.edu/pub/agents/doc.1.1.ps.gz}, subject = "ma", abstract = "Agent Tcl is a transportable agent system. The agents are written in an extended version of the Tool Command Lanuage (Tcl). Each agent can suspend its execution at an arbitrary point, transport to another machine and resume execution on the new machine. This migration is accomplished with the agent jump command. agent jump captures the current state of the Tcl script and transfers this state to the destination machine. The state is restored on the new machine and the Tcl script continues its execution from the command immediately after the agent jump. In addition to migration, agents can send messages to each other and can establish direct connections. A direct connection is more efficient than message passing for bulk data transfer. Finally, agents can use the Tk toolkit to create graphical user interfaces on their current machine. Agent Tcl is implemented as two components. The first component is an extended Tcl interpreter. The second component is a server which runs on each machine. The server accepts incoming agents, messages and connection requests and keeps track of the agents that are running on its machine. An alpha release of Agent Tcl is available for public use. This documentation describes how to obtain and compile the source code, how to run the server and how to write transportable agents." } @InProceedings{gray96, author = "Robert S. Gray", title = "Agent {T}cl: A flexible and secure mobile agent system", booktitle = "Proceedings of the Fourth Annual Tcl/Tk Workshop", pages = "9--23", year = 1996, month = jul, address = "Monterey, Cal.", subject = "ma", url = {http://www.cs.dartmouth.edu/\~{}agent/papers/tcl96.ps.Z}, subject = "ma", abstract = "An information agent manages all or a portion of a user's information space. The electronic resources in this space are often distributed across a network and can contain tremendous quantities of data. Mobile agents provide efficient access to such resources and are a powerful tool for implementing information agents. A mobile agent is an autonomous program that can migrate from machine to machine in a heterogeneous network. By migrating to the location of a resource, the agent can access the resource efficiently even if network conditions are poor or the resource has a low-level interface. Telescript is the best-known mobile-agent system. Telescript, however, requires the programmer to learn and work with a complex object-oriented language and a complex security model. Agent Tcl, on the other hand, is a simple, flexible, and secure system that is based on the Tcl scripting language and the Safe Tcl extension. In this paper we describe the architecture of Agent Tcl and its current implementation." } @InCollection{gray97:agent, author = "Robert S. Gray and George Cybenko and David Kotz and Daniela Rus", title = "Agent {T}cl", crossref = "cockayne97:itinerant", subject = "ma", url = {http://www.cs.dartmouth.edu/\~{}agent/papers/chapter.ps.Z}, } @InProceedings{gray97:mobile, author = "Robert S. Gray and David Kotz and Saurab Nog and Daniela Rus and George Cybenko", title = "Mobile agents for mobile computing", booktitle = "Proceedings of the Second Aizu International Symposium on Parallel Algorithms/Architectures Synthesis", year = 1997, address = "Fukushima, Japan", month = mar, note = "Also available as Dartmouth College Departmennt of Computer Science Technical Report TR96-285.", url = {http://www.cs.dartmouth.edu/reports/abstracts/TR96-285/}, subject = "mob:ma" } @Article{gray97:security, author = {Robert S. Gray}, title = {Agent {T}cl: A flexible and secure mobile-agent system}, journal = {Dr. Dobbs Journal}, year = 1997, volume = 22, number = 3, pages = {18--27}, month = mar } @InCollection{gray98:dagents, author = "Robert S. Gray and George Cybenko and David Kotz and Daniela Rus", title = "D'Agents: Security in a multiple-language, mobile-agent system", crossref = "vigna98:mobile", subject = "ma:sec", url = {http://actcomm.dartmouth.edu/papers/gray:security-book.ps.Z}, abstract = "Mobile-agent systems must address three security issues: protecting an individual machine, protecting a group of machines, and protecting an agent. In this chapter, we discuss these three issues in the context of D'Agents, a mobile-agent system whose agents can be written in Tcl, Java and Scheme. (D'Agents was formerly known as Agent Tcl.) First we discuss mechanisms existing in D'Agents for protecting an individual machine: (1) cryptographic authentication of the agent's owner, (2) resource managers that make policy decisions based on the owner's identity, and (3) secure execution environments for each language that enforce the decisions of the resource managers. Then we discuss our planned market-based approach for protecting machine groups. Finally we consider several (partial) solutions for protecting an agent from a malicious machine. " } @TechReport{gray98:tcl, author = "Robert S. Gray", title = "Agent Tcl: A flexible and secure mobile-agent system", institution = "Dartmouth College, Computer Science", address = "Hanover, NH", number = "PCS-TR98-327", year = 1998, month = jan, url = {ftp://ftp.cs.dartmouth.edu/TR/TR98-327.ps.Z}, subject = "ma", note = "Ph.D. Thesis, June 1997.", abstract = " A mobile agent is an autonomous program that can migrate under its own control from machine to machine in a heterogeneous network. In other words, the program can suspend its execution at an arbitrary point, transport itself to another machine, and then resume execution from the point of suspension. Mobile agents have the potential to provide a {\em single, general framework} in which a wide range of distributed applications can be implemented efficiently and easily. Several challenges must be faced, however, most notably reducing migration overhead, protecting a machine from malicious agents (and an agent from malicious machines), and insulating the agent against network and machine failures. Agent Tcl is a mobile-agent system under development at Dartmouth College that has evolved from a Tcl-only system into a multiple-language system that currently supports Tcl, Java, and Scheme. In this thesis, we examine the motivation behind mobile agents, describe the base Agent Tcl system and its security mechanisms for protecting a machine against malicious agents, and analyze the system's current performance. Finally, we discuss the security, fault-tolerance and performance enhancements that will be necessary for Agent Tcl and mobile agents in general to realize their full potential. " } @PhdThesis{gray:thesis, author = {Robert S. Gray}, title = {Agent {T}cl: A flexible and secure mobile-agent system}, year = 1997, month = jun, school = {Dept. of Computer Science, Dartmouth College}, note = {Available as Dartmouth Computer Science Technical Report TR98-327.}, url = {http://actcomm.dartmouth.edu/papers/gray:thesis.ps.Z}, } @TechReport{grimm97:access, author = "Robert Grimm and Brian N. Bershad", title = "Access Control in Extensible Systems", institution = "Department of Computer Science, University of Washington", year = 1997, month = mar, url = "http://www.cs.washington.edu/homes/rgrimm/papers/tr97-11-01.ps", sub = "sec", abstract = "The recent trend towards dynamically extensible systems holds the promise of more powerful and flexible systems. At the same time, the impact of extensibility on overall system security and, specifically, access control is still ill understood, and protection mechanisms in these extensible systems are rudimentary at best. In this paper, we identify the structure of extensible systems as it relates to system security, and present an access control mechanism that is user-friendly and complete. The mechanism, by using ideas first introduced by the security community, offers mandatory access control which can be used to enforce a given security policy. Additional discretionary access control allows users to express their own fine-grained access constraints. \par We introduce a new access mode, called the extend access mode, in addition to the familiar execute access mode, to reflect how extensions interact. Furthermore, in a departure from work in the security community, we treat both extensions and threads of control as subjects, i.e., as active entities, in order to correctly capture their interaction in an extensible system. We present the design of the access control mechanism and define a formal model. We describe an implementation of the access control mechanism in the SPIN extensible operating system, which allows us to evaluate its performance and to explore optimizations that reduce the overhead of access control. The measured end-to-end overhead of access control in our system is less than 2%." } @InProceedings{grimm97:security, author = "Robert Grimm and Brian N. Bershad", title = "Security for Extensible Systems", booktitle = hotos6, year = 1997, address = "Cape Cod, Mass.", month = may, url = "http://www.cs.washington.edu/homes/rgrimm/papers/hotos97.ps", subject = "sec" } @TechReport{grimm98:providing, author = {Robert Grimm and Brian N. Bershad}, title = {Providing Policy-Neutral and Transparent Access Control in Extensible Systems}, institution = {University of Washington, Department of Computer Science and Engineering}, year = 1998, number = {UW-CSE-98-02-02}, month = feb, url = "http://www.cs.washington.edu/homes/rgrimm/papers/tr98-02-02.ps", subject = "sec" } @InProceedings{hall96:flexible, author = "David Hall and Jean Bacon and John Bates", title = "Flexible Distributed Programming using Mobile Code", booktitle = sigops7, year = 1996, url = {http://mosquitonet.stanford.edu/sigops96/papers/halls.ps}, subject = "ma", abstract = "We have designed and implemented a mobile code system. It has been integrated with an existing distributed programming environment that includes a Remote Procedure Call (RPC) system, object interface definition language, a trader, an event system and continuous media streams. This bespoke platform for distributed programming has allowed us to experiment with mobile code and propose new facilities.", address = "Connemara, Ireland", month = sep } @PhdThesis{halls97:applying, author = "David Halls", title = "Applying Mobile Code to Distributed Systems", school = "Computer Laboratory, University of Cambridge", year = 1997, month = jun, url = "http://www.cl.cam.ac.uk/users/dah28/thesis/thesis.html", url = "http://www.cl.cam.ac.uk/users/dah28/dah28ths.ps.gz", subject = "ma", abstract = "Use of mobile code can make distributed systems and the abstractions they provide more flexible to build and use. \par Richer functionality can be given to the interaction between processes by allowing code to be sent between them. More convenient, application-level operations can be made over a network. By making higher order language features transmissible, distributed components can be tightly bound together when they communicate. At the same time, familiar distributed systems can be built using mobile code. \par Mobile code can make distributed systems adaptable to application needs. Rather than fixing the interface to a resource and the pattern of interaction with it, a minimal interface can be defined and code implementing higher-level interfaces placed alongside it as and when required. These higher-level interfaces can be application-specific, allowing for interaction patterns that were unknown at the time the resource was made available. Sending code close to a resource can also reduce network usage because the point of interaction with it moves. \par The combination of document markup supporting hypertext and a language supporting state-saving allows for stateful client-server sessions with stateless servers and lightweight clients. Putting dormant mobile code in documents provides an alternative to holding knowledge of application functionality on a server machine or running arbitrary code on a client machine. \par Mobile code helps to support user mobility. Personalised environments that support state-saving can follow a user between computers. Heterogeneous state-saving allows a user's programs to be relocated between computers. By using a mobile code system with language support for state-saving, applications can direct arbitrary component migration without priming program servers with specific support. \par In summary, this dissertation supports the thesis that mobile code can be used to enhance distributed systems. " } @TechReport{harker95:tias, author = "Kenneth E. Harker", title = "{TIAS}: A Transportable Intelligent Agent System", institution = dartmouthcs, year = 1995, number = "TR95-258", address = "Hanover, N.H.", note = "Also submitted as senior thesis.", url = {http://www.cs.dartmouth.edu/reports/abstracts/TR95-258/}, subject = "ma", abstract = "In recent years, there has been an explosive growth in the amount of information available to our society. In particular, the amount of information available on-line through vast networks like the global Internet has been growing at a staggering rate. This growth rate has by far exceeded the rate of growth in network speeds, as has the number of individuals and organizations seeking access to this information. There is thus a motivation to find abstract methods of manipulating this on-line data in ways that both serve the needs of end users efficiently and use network resources intelligently. In lieu of a traditional client-server model of information processing, which is both inflexible and potentially very inefficient, a Transportable Intelligent Agent system has the potential to achieve a more efficient and flexible network system. An intelligent agent is a program that models the information space for a user, and allows the user to specify how the information is to be processed. A transportable agent can suspend its execution, transport itself to a new location on a network, and resume execution at the new location. This is a particularly attractive model for both wireless and dialup networks where a user might not be able to maintain a permanent network connection, as well as for situations where the amount of information to be processed is large relative to the network bandwidth. Preliminary work in the field has shown that such agent systems are possible and deserve further study. This thesis describes a prototype transportable intelligent agent system that extends work already done in the field. Agents are written in a modified version of the Tcl programming language and transported using TCP/IP connections. Several simple examples demonstrate the properties of the system. " } @Misc{harrison95:mobile, author = "Colin G. Harrison and David M. Chess and Aaron Kershenbaum", title = "Mobile Agents: Are they a good idea?", series = "Research Report", year = 1995, organization = "IBM T. J. Watson Research Center", month = mar, subject = "ma:mob", url = {http://www.research.ibm.com/massdist/mobag.ps}, abstract = "Mobile agents are programs, typically written in a script language, which may be dispatched from a client computer and transported to a remote server com- puter for execution. Several authors have suggested that mobile agents offer an important new method of performing transactions and information retrieval in networks. Other writers have pointed out, however, that mobile agent introduce severe concerns for security. We consider the advantages offered by mobile agents and assess them against alternate methods of achieving the same function. We conclude that, while the individual advantages of agents do not represent an overwhelming motivation for their adoption, the creation of a pervasive agent framework facilitates a very large number of network services and applications." } @InProceedings{hartig97:encapsulating, author = "Hermann H{\"artig} and Lars Reuther", title = "Encapsulating Mobile Objects", booktitle = icdcs17, year = 1997, address = "Baltimore, Md.", month = may, subject = "mc:sec" } @TechReport{hartman96:liquid, author = "John Hartman and Udi Manber and Larry Peterson and Tood Proebsting", title = "Liquid Software: A New Paradigm for Networked Systems", institution = "Department of Computer Science, University of Arizona", year = 1996, number = "96-11", address = "Tucson, AZ", month = jun, url = {ftp://ftp.cs.arizona.edu/xkernel/Papers/tr96-11.ps}, subject = "mc", abstract = "This paper introduces the idea of dynamically moving functionality in a network---between clients and servers, and between hosts at the edge of the network and nodes inside the network. At the heart of moving functionality is the ability to support mobile code---code that is not tied to any single machine, but instead can easily move from one machine to another. Mobile code has been studied mostly for application-level code. This paper explores its use for all facets of the network, and in a much more general way. Issues of efficiency, interface design, security, and resource allocation, among others, are addressed. We use the term liquid software to describe the complete picture---liquidsoftware is an entire infrastructure for dynamically moving functionality throughout a network. We expect liquid software to enble new paradigms, such as active networks that allow users and applications to customize the network by interjecting code into it." } @TechReport{hirschl96:agdb, author = "Melissa Hirschl", title = "{AGDB}: A Debugger for {A}gent {T}cl", institution = dartmouthcs, year = 1996, number = "TR97-306", address = "Hanover, N.H.", url = {http://www.cs.dartmouth.edu/reports/abstracts/TR97-306/}, subject = "ma", abstract = "The Agent Tcl language is an extension of Tcl/Tk that supports distributed programming in the form of transportable agents. AGDB is a debugger for the Agent Tcl language. AGDB mixes of traditional and distributed debugging facilities. Traditional debugging features include breakpoints (line-specific, conditional, and once-only), watch conditions and variables, and interrupts. Distributed-debugging features address issues inherent in distributed programming such as migration and communication. These capabilities make debugging distributed programs difficult because they add complexities like race conditions to the set of problems a program can encounter. This paper discusses how AGDB uses distributed debugging features to debug agents." } @InProceedings{holder97:reflective, author = "Ophir Holder and Isreal Ben-Shaul", title = "A Reflective Model for Mobile Software Objects", pages = "339--346", booktitle = icdcs17, year = 1997, address = "Baltimore, Md.", month = may, subject = "mc" } @InProceedings{hurst97:mobile, author = "Leon Hurst and P\'{a}draig Cunningham and Fergal Sommers", title = "Mobile Agents --- Smart Messages", booktitle = "Proceedings of the 1st International Workshop on Mobile Agents", year = 1997, address = "Berlin, Germany", url = {http://www.cs.tcd.ie/\~{}lahurst/currentwork/papers/ma97/index.html}, subject = "ma", abstract = "Wireless communication with Mobile Computing devices is known to be problematic. It is very different in character from conventional communication over wired networks. Since many distributed applications make assumptions about network characteristics, they may not be used in a hostile mobile environment. \par We are proposing a new kind of messaging system which incorporates adaptive behaviour into the messages themselves. We call these 'Smart Messages', and implement them using Mobile Agents. They are transported between machines via Agent Airports. The metaphor we use is of a message being delivered by a courier (Mobile Agent), through Agent Airports, on a potentially unresolved route. The 'intelligence' is in the messages (couriers in our metaphor) themselves rather than in the network. \par The approach taken expands on the self-routing capabilities of current Mobile Agent systems such as Aglets or Telescript. We aim to provide structured support for handling the particular problems associated with wireless communications. These include very limited, variable and asymmetric bandwidth, frequent and prolonged disconnections, geographical mobility and high usage costs. We argue that this offers an efficient, adaptable and robust solution to many of the problems associated with this hostile communications environment.", month = apr, note = "(to appear)" } @InProceedings{hylton96:knowbot, author = "Jeremy Hylton and Ken Manheimer and Drake, Jr., Fred L. and Barry Warsaw and Roger Masse and van Rossum, Guido", title = "Knowbot Programming: System Support for Mobile Agents", pages = "8--13", booktitle = iwooos96, year = 1996, address = "Seattle, Wash.", month = oct, subject = "ma", url = {http://www.cnri.reston.va.us/home/koe/iwooos.html}, abstract = "Knowbot ® Programs are mobile agents intended for use in widely distributed systems like the Internet. We describe our experiences implementing security, process migration, and inter-process communication in a prototype system implemented using the object-oriented programming language Python. This infrastructure supports applications that are composed of multiple, autonomous agents that can migrate to use network resources more efficiently." } @InProceedings{hylton96:using, author = "Jeremy Hylton and van Rossum, Guido", title = "Using the Knowbot Operating Environment in a Wide-Area Network", booktitle = ecoop-mos3, year = 1997, address = "Jyv{\"a}lskyl{\"a}, Finland", month = jun, url = {http://the-tech.mit.edu/\~{}jeremy/finland-submit.ps}, subject = "ma", abstract = "Mobile agents can optimize their communication patterns to reduce bandwidth and latency and can adapt to changes in network service. We report on use of the Knowbot Operating Environment to support mobile agents in a wide-area network. Experiments with an application that monitors Web pages for changes show that a mobile program can outperform its stationary counterpart. The performance benefits are obtained by moving clients within the network to reduce the costs of wide-area network connections." } @InProceedings{ionitiu96:designing, author = "Cristian Ionitoiu ", title = "Designing agents for archie and ftp sessions in {O}bliq", pages = "49--51", booktitle = ecoop-mos2, year = 1996, address = "Linz, Austria", month = jul, subject = "ma:mob", url = {http://cuiwww.unige.ch/\~{}ecoopws/ws96/6.ps.gz}, abstract = "This extended abstract presents a solution based on mobile agents forarchie/ftp sessions on Internet. Due to the increased rate ofinteractivity, which imposes relatively long connection periods,required by these services, their use is not appropriate for mobile stations. This solution provides mobile user access to these services while keeping a low rate of the connections. " } @InProceedings{jaeger96:building, author = "Trent Jaeger and Aviel D. Rubin and Atul Prakash", title = "Building Systems that Flexibly Control Downloaded Executable Content", pages = "131--148", booktitle = "Proceedings of the 6th Usenix Security Symposium", year = 1996, url = {http://www.eecs.umich.edu/\~{}jaegert/usenix96.ps}, subject = "mc", abstract = "Downloading executable content, which enables principals to run programs from remote sites, is a key technology in a number of emerging applications, including collaborative systems, electronic commerce, and web information services. However, the use of downloaded executable content also presents serious security problems because it enables remote principals to execute programs on behalf of the downloading principal. Unless downloaded executable content is properly controlled, a malicious remote principal may obtain unauthorized access to the downloading principal's resources. Current solutions either attempt to strictly limit the capabilities of downloaded content or require complete trust in the remote principal, so applications which require intermediate amounts of sharing, such as collaborative applications, cannot be constructed over insecure networks. In this paper, we describe an architecture that flexibly controls the access rights of downloaded content by: (1) authenticating content sources; (2) determining content access rights based on its source and the application that it is implementing; and (3) enforcing these access rights over a wide variety of objects and for the entire computation, even if external software is used. We describe the architecture in the context of an infrastructure for supporting collaborative applications.", address = "San Jose, Ca.", month = jul } @InProceedings{jaeger96:system, author = "Trent Jaeger and Aviel D. Rubin and Atul Prakash", title = "A System Architecture for Flexible Control of Downloaded Executable Content", pages = "14--18", booktitle = iwooos96, year = 1996, address = "Seattle, Wa.", subject = "mc", month = oct } @InProceedings{johansen94, author = "Dag Johansen and van Renesse, Robbert and Fred B. Schneider", title = "Operating System support for mobile agents", pages = "42--45", booktitle = "Proceedings of the 5th IEEE Workshop on Hot Topics in Operating Systems", year = 1994, month = may, address = "Orcas Island, Wash.", url = {http://cs-tr.cs.cornell.edu/TR/CORNELLCS:TR94-1468}, note = "Also available as Technical Report TR94-1468, Department of Computer Science, Cornell University", subject = "ma", abstract = "An ``agent'' is a process that may migrate through a computer network in order to satisfy requests made by its clients. Agents implement a computational metaphor that is analogous to how most people conduct business in their daily lives: visit a place, use a service (perhaps after some negotiation), and then move on. Thus, for the computer illiterate, agents are an attractive way to describe network-wide computations. Agents are also useful abstractions for programmers who must implement distributed applications. This is because in the agent metaphor, the processor or ``place'' the computation is performed is not hidden from the programmer, but the communications channels are. Most current research on agents has focused on language design and application issues. The TACOMA project (Tromso And COrnell Moving Agents) has, instead, focused on operating system support for agents and how agents can be used to solve problems traditionally addressed by operating systems. We have implemented prototype systems to support agents using UNIX and using Tcl/Tk on top of Horus. This paper outlines insights and questions based on that experience. We discuss abstractions needed by an operating system to support agents, and discuss some problems that arise in connection with electronic commerce involving agents." } @TechReport{johansen95:introduction, author = "Dag Johansen and van Renesse, Robbert and Fred B. Schneider", title = "An Introduction to the {TACOMA} Distributed System", institution = "Department of Computer Science, University of Troms\o", year = 1995, number = "95-23", address = "Troms\o, Norway", month = jun, subject = "ma", url = {http://www.cs.uit.no/Lokalt/Rapporter/Reports/9523.html}, abstract = "This report briefly introduces TACOMA Version 1.0. This distributed system supports agents, computations that can roam the internet. The report presents the TACOMA project, the computational model, how to get started, and the basic {TACOMA} abstractions." } @InProceedings{johansen96:supporting, author = "Dag Johansen and van Renesse, Robbert and Fred B. Schneider", title = "Supporting Broad Internet Access to {TACOMA}", pages = "55--58", booktitle = sigops7, year = 1996, address = "Connemara, Ireland", month = sep, url = {http://www.cs.uit.no/DOS/Tacoma/tacoma.webpages/SIGOPS.tac-www.ps}, subject = "ma" } @InProceedings{johansen97:performance, author = "Dag Johansen and Nils P. Sudmann and van Renesse, Robbert", title = "Performance Issues in {TACOMA}", booktitle = ecoop-mos3, year = 1997, address = "Jyv{\"a}lskyl{\"a}, Finland", month = jun, subject = "ma", url = {http://www.cs.uit.no/DOS/Tacoma/tacoma.webpages/ECOOP.tacoma.ps}, } @TechReport{johansen97:using, author = "Dag Johansen and Kjetil Jacobsen and Nils P. Sudmann and Kaare J. Lauvset and Kenneth P. Birman and Werner Vogels", title = "Using Software Design Patterns to build Distributed Environmental Monitoring Applications", institution = "Cornell University, Department of Computer Science", year = 1997, number = "TR97-1655", address = "Ithaca, NY", month = dec, url = "http://cs-tr.cs.cornell.edu/TR/CORNELLCS:TR97-1655", subject = "ma", annote = "Tools developers face the challenge of exposing a development methodology to users while concealing details of the underlying system. If that system is complex and subject to evolution, this problem can be particularly difficult. Here, we discuss the use of software design patterns in conjunction with StormCast, a system of tools developed to support environmental and weather monitoring tasks in the Arctic. Now entering its 5th generation, each version of StormCast has expanded the capabilities of the underlying distributed data management tools and computational facilities. This paper reviews StormCast 5.0, presents the design patterns used by developers, and describes several applications in terms of the application of these patterns." } @InProceedings{joosen96:flexible, author = "Wouter Joosen and Frank Matthis and van Oeyen, Johan and Bert Robben", title = "On Flexible Support for Mobile Objects", pages = "3--7", booktitle = iwooos96, year = 1996, address = "Seattle, Wa.", month = oct, subject = "ma" } @InProceedings{joseph95, author = "Anthony D. Joseph and Alan F. deLespinasse and Joshua A. Tauber and David K. Gifford and M. Frans Kaashoek", title = "Rover: A Toolkit for Mobile Information Access", pages = "156--171", booktitle = sosp15, year = 1995, month = dec, address = "Copper Mountain, Co.", url = {http://www.pdos.lcs.mit.edu/papers/rover-sosp95.ps.gz}, subject = "mob", abstract = "The Rover toolkit combines relocatable dynamic objects andqueued remote procedure calls to provide unique services for ``roving'' mobile applications. A relocatable dynamic object is an object with a well-defined interface that can be dynamically loaded into a client computer from a server computer (or vice versa) to reduce client-server communication requirements. Queuedremote procedurecall is a communication system that permits applications to continue to makenon-blockingremote procedure call requests even whena host is disconnected, with requests and responses being exchangedupon network reconnection. The challenges of mobile environments include intermittent connectivity, limited bandwidth, and channel-use optimization. Experimental results from a Rover-based mail reader, calendar program, and two non-blocking versions of World-Wide Web browsers show that Rover's services are a good match to these challenges. The Rover toolkit also offers advantages for workstation applications by providing a uniform distributed object architecture for code shipping, object caching, and asynchronous object invocation." } @Article{jul88, author = "Eric Jul and Henry Levy and Norman Hutchinson and Andrew Black", title = "Fine-grained Mobility in the {E}merald System", journal = "ACM Transactions on Computer Systems", year = 1988, volume = 6, number = 1, pages = "109--133", month = feb, subject = "mc", url = {ftp://ftp.diku.dk/pub/diku/dists/emerald/papers.tar.Z}, abstract = "Emerald is an object-based language and system designed for the construction of distributed programs. An explicit goal of Emerald is support for object mobility; objects in Emerald can freely move within the system to take advantage of distribution and dynamically changing environments. We say that Emerald has {\em fine-grained} mobility because Emerald objects can be small data objects as well as process objects. Fine-grained mobility allows us to apply mobility in new ways but presents implementation problems as well. This paper discusses the benefits of fine-grained mobility, the Emerald language and run-time mechanisms that support mobility, and techniques for implementing mobility that do not degrade the performance of local operations. Performance measurements of the current implementation are included. " } @Unpublished{kahn88, author = "Robert E. Kahn and Vinton G. Cerf", title = "The {D}igital {L}ibrary {P}roject, Volume {I}: The World of {K}nowbots", note = "Unpublished manuscript, Corporation for National Research Initiatives, Reston, Va.", subject = "ma", year = 1988, month = mar } @Article{karjoth97:security, author = "Günter Karjoth and Danny B. Lange and Mitsuru Oshima", title = "A Security Model for Agents", journal = IC, year = 1997, volume = 1, number = 4, month = "July/August", subject = "ma:sec", abstract ="Mobile agents offer a new paradigm for distributed computation, but their potential benefits must be weighed against the very real security threats they pose. These threats originate not just in malicious agents but in malicious hosts as well. \par In this article, we present our security model for the IBM Aglets Workbench, a Java-based environment for building mobile agent applications. We detail both the security model and the corresponding security architecture that represents a framework for the inclusion of security services in future releases of the AWB. This work therefore represents an additional step toward the comprehensive security model required for widespread commercial adoption of mobile agent systems to occur. " } @InProceedings{kato96:protected, author = "Kazuhiko Kato and Kunihiko Toumura and Katsuya Matsubara and Susumu Aikawa and Jun Yoshida and Kenji Kono and Kenjiro Taura and Tatsurou Sekiguchi", title = "Protected and Secure Mobile Object Computing in {PLANET}", booktitle = ecoop-mos2, year = 1996, subject = "ma:sec", address = "Linz, Austria", month = jul, url = {http://cuiwww.unige.ch/\~{}ecoopws/ws96/2.ps.gz}, abstract = "Worldwide networks such as the Internet are becoming very popular, so distributed computing environments for such networks are in high demand. We think the design of such an environment should be based on a mobile-object computing model and are therefore designing a mobile-object system called Planet. One of the most significant issues in designing mobile object systems for world-wide networks is to provide the control needed to assure the protection and security of mobile objects and of computing resources. In this paper we describe our approach to this issue." } @InCollection{kato97:safe, author = "Kazuhiko Kato", title = "Safe and Secure Execution Mechanisms for Mobile Objects", year = 1997, pages = "157--176", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, subject = "ma" } @Article{kiniry97:handson, author = "Joseph Kiniry and Daniel Zimmerman", title = "A Hands-On Look at Java Mobile Agents", journal = IC, year = 1997, volume = 1, number = 4, month = "July/August", subject = "ma:sec", abstract = "Several companies riding the current wave of popularity of Java want to let you play in the mobile agent sandbox. Each claims that mobile agent technologies are going to change the way we live and work, and each wants to be the company that provides the breakthrough system we all end up using. What do these agent systems actually do and, more importantly, what distinguishes one agent system from another? \par To help answer these questions, we downloaded three of the leading commercial systems-IBMs Aglets, General Magics Odyssey, and ObjectSpaces Voyager-and looked at issues such as ease of installation, feature set, documentation, and cost. We also discuss new capabilities of Java 1.1 that show promise as simple yet powerful means to create mobile agent systems. We conclude with a brief look at the ways in which mobile agents are currently being used and the limitations of todays technologies." } @PhdThesis{knabe95:language, author = "Frederick C. Knabe", title = "Language Support for Mobile Agents", school = "Carnegie Mellon University", year = 1995, address = "Paittsburgh, Pa.", month = dec, subject = "ma", abstract = "Mobile agents are code-containing objects that may be transmitted between communicating participants in a distributed system. As opposed to systems that only allow the exchange of nonexecutable data, systems incorporating mobile agents can achieve significant gains in performance and functionality. \par A programming language for mobile agents must be able to express their construction, transmission, receipt, and subsequent execution. Its implementation must handle architectural heterogeneity between communicating machines and provide sufficient performance for applications based on agents. In addition to these essential properties, an agent language may support desirable properties such as high-level abstractions for code manipulation and the ability to access resources on remote execution sites. \par We designed and implemented an agent programming language that satisfies the essential properties and a number of desirable ones. A key feature of our language is the use of strong static typing for remote resource access. Agents may be linked dynamically to resources on remote sites, and this linking is always guaranteed to be type safe. We provide this guarantee without requiring that all components of an agent-based system be compiled together. \par Our language also includes several features to improve the performance of mobile agents. Before an agent is transmitted, it is trimmed of values that are expected to be available on the recipient, thus shrinking transmissions. Agents may be interpreted or compiled depending on the application and the relative performance trade-offs. When compilation is used, it is done lazily: Each component of an agent is only compiled as it is needed. Furthermore, machine-specific representations for an agent can be transmitted with machine-independent ones, opening the possibility for recipients to skip compilation or interpretation altogether. \par To evaluate our language and to explore the potential of mobile agents, we developed a programming framework for agents. Several applications were implemented by other programmers within this framework using our language. Their work served to validate our design and our choice of agent language properties. We also analyzed the performance of our language on these applications and several synthetic benchmarks. The analysis shows that the features we incorporated into the implementation significantly improve performance.", url = {ftp://reports.adm.cs.cmu.edu/usr0/anon/1995/CMU-CS-95-223.ps.Z}, note = "Also available as Carngie Mellon School of Computer Science Technical Report CMU-CS-95-223 and European Computer Industry Centre Technical Report ECRC-95-36." } @InProceedings{knabe96:overview, author = "Frederick C. Knabe", title = "An overview of mobile agent programming", booktitle = "Proceedings of the 5th LOMAPS Workshop on Analysis and Verification of Multiple-Agent Languages", year = 1996, address = "Stockholm, Sweden", month = jun, url = {http://matecumbe.ing.puc.cl/\~{}knabe/lomaps96.ps.gz}, subject = "ma", abstract = "Mobile agents are code-containing objects that may be transmitted between communicating participants in a distributed system. Compared to systems that only allow the exchange of nonexecutable data, those incorporating mobile agents can achieve significant gains in performance and functionality. \par Languages with first-class functions provide a good starting point for agent programming, as they make it easy to express the construction, transmission, receipt, and subsequent execution of agents. However, for developing real agent-based systems, a language implementation must handle architectural heterogeneity between communicating machines and provide sufficient performance for applications based on agents. In addition, agents need to be able to access resources on remote execution sites yet remain in a framework that provides sufficient security. \par In this paper we consider the uses of mobile agents and how a distributed functional language can be extended to support them. We review other agent languages and present several observations on how further work in this area may proceed." } @InCollection{knabe97:performance, author = "Frederick Knabe", title = "Performance-Oriented Implementation Strategies for a Mobile Agent Language", year = 1997, pages = "229--244", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, url = {http://matecumbe.ing.puc.cl/\~{}knabe/performance97.ps.gz}, subject = "ma", abstract = "The use of larger and more complex mobile agents in distributed applications has created a need for agent programming systems that deliver better performance. The implementation of Extended Facile, a mobile agent language, uses several strategies to boost performance. We review four main techniques: allowing agents to use different transmissible representations, optimistically transmitting machine code with agents, stripping agents of data and code that can be found at their recipients before transmitting them, and performing agent compilation lazily. Quantitative measurements show that these methods can boost absolute and relative performance." } @InProceedings{kotay96:transportable, author = "Keith Kotay and David Kotz", title = "Transportable Agents", booktitle = "Proceedings of the CIKM Workshop on Intelligent Information Agents", year = 1994, address = "Gaithersburg, Md.", month = dec, url = {http://www.cs.dartmouth.edu/\~{}dfk/papers/kotay:agents.html}, subject = "ma", abstract = "As network information resources grow in size, it is often most efficient to process queries and updates at the site where the data is located. This processing can be accomplished by using a traditional client-server network interface, which constrains the client to the set of queries supported by the server, or requires the server to send all data to the client for processing. The former is inflexible; the latter is inefficient. Transportable agents, which support the movement of the client computation to the location of the remote resource, have the potential to be more flexible and more efficient. Transportable agents are capable of suspending their execution, transporting themselves to another host on a network, and resuming execution from the point at which they were suspended. Transportable agents consume fewer network resources and can support systems that do not have permanent network connections, such as mobile computers and personal digital assistants. We describe a prototype transportable-agent implementation that facilitates research in this area. Agents are written in a script language that supports agent relocation, and the language is processed at each host by an agent interpreter. Electronic mail is the current transport mechanism and we plan to explore others. We present a technical-report searching agent as a demonstration of the capabilities of our prototype implementation." } @InProceedings{kottmann96:stublets, author = "Dietmar Kottmann and Christian Sommer", title = "Stublets: A Notion for Mobility-Aware Application Adaption", booktitle = "ECOOP'96 Workshop on Mobility and Replication", year = 1996, address = "Linz, Austria", month = jul, url = {http://www.di.uminho.pt/\~{}rco/wmr96/sommer.ps.gz}, subject = "mc" } @InProceedings{kotz96:mobile, author = "David Kotz and Robert S. Gray and Daniela Rus", title = "Mobile agents support worldwide applications", booktitle = sigops7, year = 1996, address = "Connemara, Ireland", month = sep, url = {http://www.cs.dartmouth.edu/\~{}dfk/papers/kotz:agents.html}, pages = "41--48", subject = "ma", abstract = "Worldwide applications exist in an environment that is inherently distributed, dynamic, heterogeneous, insecure, unreliable, and unpredictable. In particular, the latency and bandwidth of network connections varies tremendously from place to place and time to time, particularly when considering wireless networks, mobile devices, and satellite connections. Applications in this environment must be able to adapt to different and changing conditions. We believe that transportable autonomous agents provide an excellent mechanism for the construction of such applications. We describe our prototype transportable-agent system and several applications." } @Article{kotz97:agent, author = "David Kotz and Robert Gray and Saurab Nog and Daniela Rus and Sumit Chawla and George Cybenko ", title = "Agent {TCL}: Targeting the Needs of Mobile Computers", journal = IC, year = 1997, volume = 1, number = 4, pages = {58--67}, url = {http://computer.org/internet/ic1997/w4058abs.htm}, month = "July/August", subject = "ma:sec", abstract = "Mobile computers have become increasingly popular as users discover the benefits of having their electronic work available at all times. However, because network conditions vary from connection to connection, using Internet resources from a mobile platform is a major challenge. Mobile agents are one solution. A mobile agent is an autonomous program that can move from machine to machine in a heterogeneous network under its own control. It can suspend its execution at any point, transport itself to a new machine, and resume execution on the new machine from the point at which it left off. On each machine, it interacts with service agents and other resources to accomplish its task, returning to its home site with a final result when that task is finished. \par Agent Tcl is a mobile-agent system whose agents can be written in Tcl, Java, and Scheme. Agent Tcl has extensive navigation and communication services, security mechanisms, and debugging and tracking tools. In this article we focus on Agent Tcls architecture and security mechanisms, its RPC system, and its docking system, which lets an agent move transparently among mobile computers, regardless of when they are connected to the network. " } @InCollection{kotz98:mobile, author = "David Kotz and Robert Gray and Saurab Nog and Daniela Rus and Sumit Chawla and George Cybenko", title = "Mobile agents for mobile computing", booktitle = "Mobility, Mobile Agents, and Process Migration--An Edited Collection", publisher = "Addison Wesley", year = 1998, note = {To appear.} } @Book{lange98:programming, author = "Danny B. Lange and Mitsuru Ishima", title = "Program and Deploying Java Mobile Agents with Aglets", publisher = "Addison-Wesley", year = 1998, annote = "ISBN 0-201-32582-9" } @InProceedings{li96:mobile, author = "Weiyi Li and David G. Messerschmitt", title = "Mobile Agent-based Network Signaling for Resource Negotiations", booktitle = "Workshop on Resource Allocation Problems in Multimedia Systems, IEEE Real-Time Systems Symposium", year = 1996, address = "Washington, DC", month = dec, subject = "ma", url = {http://ptolemy.eecs.berkeley.edu/\~{}messer/PAPERS/96/ResAlloc1/} } @Book{mcgraw96:java, author = "Gary McGraw and Edward M. Felten", title = "Java Security: Hostile Applets, Holes, & Antidote", publisher = "John Wiley and Sons", year = 1996, address = "New York", isbn = "0-471-17842-X" } @InProceedings{minsky96:cryptographic, author = "Yaron Minsky and van Renesse, Robbert and Fred B. Schneider and Scott D. Stoller", title = "Cryptographic Support for Fault-Tolerant Distributed Computing", pages = "109--114", booktitle = sigops7, year = 1996, address = "Connemara, Ireland", month = sep, url = {http://www.cs.uit.no/DOS/Tacoma/tacoma.webpages/SIGOPS.ft-agents.ps}, subject = "ma" } @TechReport{necula96:proof, author = "George C. Necula and Peter Lee", title = "Proof-Carrying Code", institution = "School of Computer Science, Carnegie Mellon University", year = 1996, number = "CMU-CS-96-165", address = "Pittsburgh, Pa.", month = nov, url = {http://www.cs.cmu.edu/afs/cs/usr/necula/papers/tr165.ps}, subject = "mc", abstract = "This report describes Proof-Carrying Code, a software mechanism that allows a host system to determine with certainty that it is safe to execute a program supplied by an untrusted source. For this to be possible, the untrusted code supplier must provide with the code a safety proof that attests to the code's safety properties. The code consumer can easily and quickly validate the proof without using cryptography and without consulting any external agents. In order to gain preliminary experience with proof-carrying code, we have performed a series of case studies. In one case study, we write safe assembly-language network packet filters. These filters can be executed with no run-time overhead, beyond a one-time cost of 1 to 3 milliseconds for validating the attached proofs. The net result is that our packet filters are formally guaranteed to be safe and are faster than packet filters created using Berkeley Packet Filters, Software Fault Isolation, or safe languages such as Modula-3. In another case study we show how proof-carrying code can be used to develop safe assembly-language extensions of the a simplified version of the TIL run-time system for Standard ML." } @InProceedings{necula96:safe, author = "George C. Necula and Peter Lee", title = "Safe Kernel Extensions Without Run-Time Checking", booktitle = "Proceedings of the Second Symposium on Operating System Design and Implementation", year = 1996, address = "Seattle, Wa.", month = oct, url = {http://www.cs.cmu.edu/afs/cs.cmu.edu/user/necula/www/osdi96.ps.gz}, subject = "misc", abstract = "This paper describes a mechanism by which an operating system kernel can determine with certainty that it is safe to execute a binary supplied by an untrusted source. The kernel first defines a safety policy and makes it public. Then, using this policy, an application can provide binaries in a special form called proof-carrying code, or simply PCC. Each binary contains, in addition to the native code, a formal proof that the code obeys the safety policy. The kernel can easily validate the proof without using cryptography and without consulting any external trusted entities. If the validation succeeds, the code is guaranteed to respect the safety policy without relying on run-time checks. \par The main practical difficulty of is in generating the safety proofs. In order to gain some preliminary experience with this, we have written several network packet filters in hand-tuned DEC Alpha assembly language, and then generated binaries for them using a special prototype assembler. The binaries can be executed with no run-time overhead, beyond a one-time cost of 1 to 3 milliseconds for validating the enclosed proofs. The net result is that our packet filters are formally guaranteed to be safe and are faster than packet filters created using Berkeley Packet Filters, Software Fault Isolation, or safe languages such as Modula-3." } @InProceedings{necula97:proof, author = "George C. Necula", title = "Proof-Carrying Code", booktitle = "Proceedings of the 24th ACM Symposium on Principles of Programming Languages", year = 1997, address = "Paris, France", month = jan, url = {http://www.cs.cmu.edu/afs/cs.cmu.edu/user/necula/www/popl97.ps.gz}, subject = "mc", abstract = "This paper describes proof-carrying code (PCC), a mechanism by which a host system can determine with certainty that it is safe to execute a program supplied (possibly in binary form) by an untrusted source. For this to be possible, the untrusted code producer must supply with the code a safety proof that attests to the code's adherence to a previously defined safety policy. The host can then easily and quickly validate the proof without using cryptography and without consulting any external agents. \par In order to gain preliminary experience with PCC, we have performed several case studies. We show in this paper how proof-carrying code might be used to develop safe assembly-language extensions of ML programs. In the context of this case study, we present and prove the adequacy of concrete representations for the safety policy, the safety proofs, and the proof validation. Fi- nally, we briefly discuss how we use proof-carrying code to develop network packet filters that are faster than similar filters developed using other techniques and are formally guaranteed to be safe with respect to a given operating system safety policy." } @Unpublished{necula97:safe, author = "George C. Necula and Peter Lee", title = "Safe, Untrusted Agents using Proof-Carrying Code", note = "Submitted for an LNCS Special Volume on Mobile Agent Security.", url = {http://www.cs.cmu.edu/afs/cs.cmu.edu/user/necula/www/lncs98.ps.gz}, subject = "sec", year = 1997, month = oct, abstract = "This paper is intended to be both a comprehensive implementation guide for a Proof-Carrying Code system and a case study for using PCC in a mobile agent environment. Specifically, the paper describes the use of PCC for enforcing memory safety, access control and resource usage bounds for untrusted agents that access a database. " } @TechReport{nog96:rpc, author = "Saurab Nog and Sumit Chawla and David Kotz", title = "An {RPC} mechanism for transportable agents", institution = dartmouthcs, year = 1996, number = "TR96-280", address = "Hanover, N.H.", url = {http://www.cs.dartmouth.edu/reports/abstracts/TR96-280/}, subject = "ma" } @Article{oshuga97:plangent, author = "Akihiko Ohsuga and Yasuo Nagai and Yutaka Irie and Masanori Hattori and Shinichi Honiden ", title = "Plangent: An Approach to Making Mobile Agents Intelligent", journal = IC, year = 1997, volume = 1, number = 4, month = "July/August", subject = "ma:sec", abstract = {Network environments allow computer users to employ distributed information and services to complete a task. However, gathering information and using services distributed in networks requires knowing exactly what kinds of information and services are required for a task, where they are, and how they can be obtained or utilized. Tracking down the answers to these questions can be difficult, time-consuming tasks. Mobile agent technology is expected to free users from these tasks. Instead of the user searching, \"intelligent\" mobile agents will comprehend the users requirements, search network nodes autonomously for appropriate information and services, and return with the answers. \par We developed a model based on the ability of agents to make flexible plans. The Plangent system enables mobile agents to make a plan based on user input and adopt it accordingly to information gathered from the network. In this article, we describe how we combined planning functions with mobile agent facilities, and show how the agents behave intelligently in an example application of personal travel assistance.} } @PhdThesis{partridge92:late, author = "Craig Partridge", title = "Late-Binding {RPC}: A Paradigm for Distributed Computation in a Gigabit Environment", school = "Harvard University", year = 1992, address = "Cambridge, Ma.", subject = "mc", month = mar, abstract = "Computers and data networks continue to get faster. However computers and networks are geting faster in different ways. This difference is best illustrated by an example. Consider the problem of making a car faster. A 100-times improvement in speed would imply cars with cruising speeds of about 600 miles per hour. Computers are getting faster like cars get faster; they perform more instructions per second. Now imagine giving the car more storage space, while keeping its maximum speed constant. A 100-times improvement yeilds a ca that can hold 100-tomes more luggage, but stilll only goes 60 miles per hour. Networks are getting faster like larger cars, they send more bitss per packet because the speed of limit limits how fast a packet can get from one place to another. This thesis examines the implcations of this difference for the future of distributed computing. The thesis identifies four major implication: itemize The performance difference is permanent.. The speed of light is constant and there is no hope of reducing the network delay. The time spent waiting for data to cross the network will soon become the largest part of most programs' run-time. A single exchange of packets will take far more time than executing all the application's instructions. Due to their differing latencies, LANs and WANs will probably continue to exhibit different performance characteristics for some time to come. Popular distributed computing paradigms such as RPC do not appear to scale well to an environment in which network delays are long. itemize The thesis also presents a novel paradigm for distributed computation call late-binding in which applications send arbitrary pieces of code to arbitrary remote systems for evaluation. It is argued that this paradigm can give optimal performance in the number of network transits required to complete a computation. A model of distributed computation is developed and used to show that optimizing network transits will usually be the determining factor for the performance of distributed applications. Finally, it is shown that implementing late-binding is feasible." } @InProceedings{peine-97-architecture, author = "Holger Peine and Torsten Stolpmann", title = "The Architecture of the {A}ra Platform for Mobile Agents", booktitle = ma97, address = "Berlin, Germany", month = apr, year = 1997, subject = "ma", url = {http://www.uni-kl.de/AG-Nehmer/Ara/Doc/architecture.ps.gz}, abstract = "We describe a platform for the portable and secure execution of mobile agents written in various interpreted languages on top of a common run-time core. Agents may migrate at any point in their execution, fully preserving their state, and may exchange messages with other agents. One system may contain many virtual places, each establishing a domain of logically related services under a common security policy governing all agents at this place. Agents are equipped with allowances limiting their resource accesses, both globally per agent lifetime and locally per place. We discuss aspects of this architecture and report about ongoing work." } @TechReport{peine-97-introduction, author = "Holger Peine", title = "An Introduction to Mobile Agent Programming and the {A}ra System", institution = "Department of Computer Science, University of Kaiserslautern, Germany", year = "1997", number = "ZRI-Report 1/97", subject = "ma", abstract = "A good starting point for people new to Ara and possibly mobile agent programming in general. This assumes very little prerequisite knowledge, so expert readers might want to only skim through its initial sections. The report introduces mobile agents and the Ara system, regards potential applications, and proceeds to a fairly complete, but nonformal description of the Ara API, subsequently demonstrated on a larger example of a WWW searching agent. The report closes with some discussion of the Ara implementation and selected aspects of mobile agents in general.", url = {http://www.uni-kl.de/AG-Nehmer/Ara/Doc/intro-prog.ps.gz} } @InProceedings{perret96:desig, author = "Stephane Perret and Andrzej Duda", title = "Design and implementation of {MAP}: A system for mobile assistant programming", booktitle = "Proceedings of the IEEE International Conference of Parallel and Distributed Systems", year = 1996, address = "Tokyo, Japan", month = jun, url = {ftp://fidji.imag.fr/pub/perret/icpads96.ps.gz}, subject = "ma" } @InProceedings{perret96:map, author = "Stephane Perret and Andrzej Duda", title = "{MAP}: Mobile assisatn programming for large scale communication networks", booktitle = "Proceedings of the IEEE International Conference on Communications", year = 1996, address = "Dallas, Tex.", month = jun, url = {ftp://fidji.imag.fr/pub/perret/icc96.ps.gz}, subject = "ma" } @InProceedings{perret96:mobile, author = "Stephane Perret and Andrzej Duda", title = "Mobile assistant programming for efficient information access on the {WWW}", booktitle = "Proceedings of the 5th International World-Wide Web Conference", year = 1996, address = "Paris, France", month = may, url = {ftp://fidji.imag.fr/pub/perret/www96/Overview.html}, subject = "ma" } @TechReport{picco97:expressing, author = "Gian Pietro Picco and Gruia-Catalin Roman and Peter J. McCann", title = "Expressing Code Mobility in Mobile {UNITY}", institution = "Washington University", year = 1997, number = "WUCS-97-02", address = "St. Louis, Mo.", month = jan, subject = "mob:mc", url = {http://www.polito.it/\~{}picco/papers/esec97.ps.gz}, abstract = "Advancements in network technology have led to the emergence of new computing paradigms that challenge established programming practices by employing weak forms of consistency and dynamic forms of binding. Code mobility, for instance, allows for invocation-time binding between a code fragment and the location where it executes. Similarly, mobile computing allows hosts (and the software they execute) to alter their physical location. Despite apparent similarities, the two paradigms are distinct in their treatment of location and movement. This paper seeks to uncover a common foundation for the two paradigms by exploring the manner in which stereotypical forms of code mobility can be expressed in a programming notation developed for mobile computing. Several solutions to a distributed simulation problem are used to illustrate the modeling strategy for programs that employ code mobility." } @InProceedings{ranganathan96:distributed, author = "Mudumbai Ranganathan and Anurag Acharya and Joel Saltz", title = "Distributed Resource Monitors for Mobile Objects", pages = "19--23", booktitle = iwooos96, year = 1996, address = "Seattle, Wa.", month = oct, url = {http://www.cs.umd.edu/\~{}acha/papers/iwoos96-submitted.html}, subject = "ma" } @InProceedings{ranganathan97:network, author = "Mudumbai Ranganathan and Anurag Acharya and Shamik Sharma and Joel Saltz", title = "Network-Aware Mobile Programs", booktitle = "Proceedings of the USENIX 1997 Annual Technical Conference", year = 1997, address = "Anaheim, Cal.", month = jan, url = {http://www.cs.umd.edu/\~{}acha/papers/usenix97.ps.Z}, subject = "ma", abstract = "In this paper, we investigate network-aware mobile programs, programs that can use mobility as a tool to adapt to variations in network characteristics. We present infrastructural support for mobility and network monitoring and show how adaptalk, a Java-based mobile Internet chat application can take advantage of this support to dynamically place the chat server so as to minimize response time. Our conclusion was that on-line network monitoring and adaptive placement of shared data-structures can significantly improve performance of distributed applications on the Internet.", note = "Version available as University of Maryland Department of Computer Science Technical Report CS-TR-3659." } @InProceedings{ranganathan98:adapting, author = {M. Ranganathan and Anurag Acharya and Joel Saltz}, title = {Adapting to Bandwidth Variations in Wide-Area Data Combination}, booktitle = {Proceedings of the 18th International Conference on Distributed Computing Systems}, year = 1998, url = {http://www.cs.ucsb.edu/\~{}acha/publications/icdcs98-submitted.html}, address = {Amsterdam, The Netherlands}, month = may, note = {Also available as UCSB TRCS97-26.}, abstract = {Efficient data combination over wide-area networks is hard as wide-area networks have large variations in available network bandwidth. In this paper, we examine the utility of changing the location of combination operators as a technique to adapt to variations in wide-area network bandwidth. We try to answer the following questions. First, does relocation of operators provide a significant performance improvement? Second, is on-line relocation useful or does a one-time positioning at start-up time provide most if not all the benefits? If on-line relocation is useful, how frequently should it be done and is global knowledge of network performance required or can local knowledge and local relocation of operators sufficient? Fourth, does the effectiveness of operator relocation depend on the ordering of the combination operations. That is, are certain ways of ordering more amenable to adaptation than others? Finally, how do the results change as the number of data sources changes?} } @TechReport{ranganthan98:mobile, author = {M. Ranganathan and Laurent Andrey and Anurag Acharya and Virginie Schaal}, title = {Mobile Streams}, institution = {Computer Science Department, University of California, Santa Barbara}, year = 1998, number = {TRCS98-11}, month = apr, url = {http://www.cs.ucsb.edu/TRs/TRCS98-11.html}, abstract = {A large class of distributed testing, control and collaborative applications are reactive or event driven in nature. Such applications can be structured as a set of handlers that react to events and that in turn can trigger other events. We have developed an application building toolkit that facilitates development of such applications. Our system is based on the concept of Mobile Streams. Applications developed in our system are dynamically extensible and re-configurable and our system provides the application designer a means to specify resource-control policy-modules that can control how the system can be extended and reconfigured. We describe our system model and compare our design to the design of other similar systems. We also describe three applications that have built using our implementation of Mobile Streams.} } @Misc{rulifson69:del, author = "Jeff Rulifson", title = "{DEL}", year = 1969, month = jun, note = "Internet Engineering Task Force, RFC 5", subject = "mc", abstract = "The Decode-Encode Language (DEL) is a machine independent language tailored to two specific computer network tasks: accepting input codes from interactive consoles, giving immediate feedback, and packing the resulting information into message packets for network transmissin. and accepting message packets from another computer, unpacking them, building trees of display information, and sending other information to the user at his interactive station." } @InProceedings{rus97:transportable, author = "Daniela Rus and Robert S. Gray and David Kotz", title = "Transportable Information Agents", booktitle = "International Conference on Autonomous Agents", year = "1997", month = "February", pages = "228--236", subject = "ma", url = {ftp://ftp.cs.dartmouth.edu/pub/kotz/papers/rus:autonomous2.ps.Z}, abstract = "Transportable agents are autonomous programs. They can move through a heterogeneous network of computers under their own control, migrating from host to host. They can sense the state of the network, monitor software conditions, and interact with other agents or resources. The network-sensing tools allow our agents to adapt to the network configuration and to navigate under the control of reactive plans. In this paper we describe the design and implementation of the navigation system that gives our agents autonomy. We also discuss the intelligent and adaptive behavior of autonomous agents in distributed information-gathering tasks." } @Article{rus97:transportable-information, author = "Daniela Rus and Robert S. Gray and David Kotz", title = "Transportable Information Agents", journal = "Journal of Intelligent Information Systems", year = 1997, volume = 9, pages = "215--238", abstract = "Transportable agents are autonomous programs. They can move through a heterogeneous network of computers under their own control, migrating from host to host. They can sense the state of the network, monitor software conditions, and interact with other agents or resources. The network-sensing tools allow our agents to adapt to the network configuration and to navigate under the control of reactive plans. In this paper we describe the design and implementation of the navigation system that gives our agents autonomy. We also discuss the intelligent and adaptive behavior of autonomous agents in distributed information-gathering tasks." } @InProceedings{schneider97:towards, author = "Fred B. Schneider", title = "Towards Fault-tolerant and Secure Agentry", subject = "ma:sec", url = {http://cs-tr.cs.cornell.edu:80/Dienst/Repository/2.0/Body/ncstrl.cornell\%2fTR97-1636/postscript}, booktitle = "Proceedings 11th International Workshop on Distributed Algorithms", year = 1997, address = "Saarbucken, Germany", month = sep, annote = "Invited paper.", note = "Also published as Cornell Univ., Computer Science Dept. technical report TR94-1568." } @PhdThesis{stamos86:remote, author = "James W. Stamos", title = "Remote Evaluation", school = "Massachusetts Institute of Technology", year = 1986, address = "Cambridge, Ma.", month = jan, abstract = "A new technique for computer-to-computer communication is presented that can increase the generality and performance of distributed systems. This technique, called Remote Evaluation, lets one computer send another computer a request in the form of a program. A computer that receives such a request executes the program in the request and returns the results to the sending computer. \parRemote evaluation provides a new degree of flexibility in the design of distributed systems. In present distributed systems that use Remote Procedure Calls, server computers are designed to offer a fixed set of services. In a system that uses remote evaluation, server computers are more properly viewed as programmable soft abstractions. One consequence of this flexibility is that remote evaluation can reduce the amount of communication that is required to accomplish a given task. \par Our thesis is that it is possible to design a remote evaluation system that permits the processing of a program to be distributed among remote computers without changing the program's semantics. In support of this thesis our proposal for remote evaluation uses the same argument passing semantics for local and remote procedure invocations (call by sharing); it provides atomic transactions to mask computer and communication failures; and it provides a static checking framework that identifies procedures that can not be relocated from computer to computer. \par We discuss both the semantics of remote evaluation and our experience with a prototype implementation. The idea of a remote data type is introduced to let one computer name objects at a remote computer. A detailed discussion of the compile-time and run-time support necessary for remote evaluation is provided, along with a detailed sample application.", url = {ftp://cstr-ftp.lcs.mit.edu/pub/cstr-ftp/publications/LCS-TR/0300-0399/LCS-TR-354}, note = "Also available as MIT Laboratory for Computer Science Technical Report MIT/LCS/TR-354." } @Article{stamos90:implementing, author = "James W. Stamos and David K. Gifford", title = "Implementing Remote Evaluation", journal = tse, year = 1990, volume = 16, number = 7, pages = "710--722", month = "july", subject = "mc" } @Article{stamos90:remote, author = "James W. Stamos and David K. Gifford", title = "Remote Evaluation", journal = toplas, year = 1990, volume = 12, number = 4, pages = "537--565", month = oct, subject = "mc" } @InProceedings{steensbaard95:object, author = "Bjarne Steensbaard and Eric Jul", title = "Object and Native Code Thread Mobility Among Heterogeneous Computers", pages = "68--78", booktitle = sosp15, year = 1995, address = "Copper Moutain, Co.", month = dec, url = {ftp://ftp.research.microsoft.com/users/rusa/sosp95.ps}, subject = "mc", abstract = "We present a technique for moving objects and threads among heterogeneous computers at the native code level. To enable mobility of threads running native code, we convert thread states among machine-dependent and machine-independent formats. We introduce the concept of bus stops, which are machine-independent representations of program points as represented by program counter values. The concept of bus stops can be used also for other purposes, e.g., to aid inspecting and debugging optimized code, garbage collection etc. We also discuss techniques for thread mobility among processors executing differently optimized codes. \par We demonstrate the viability of our ideas by providing a prototype implementation of object and thread mobility among heterogeneous computers. The prototype uses the Emerald distributed programming language without modification; we have merely extended the Emerald runtime system and the code generator of the Emerald compiler. Our extensions allow object and thread mobility among VAX, Sun-3, HP9000/300, and Sun SPARC workstations. The excellent intra-node performance of the original homogeneous Emerald is retained: migrated threads run at native code speed before and after migration; the same speed as on homogeneous Emerald and close to C code performance. Our implementation of mobility has not been optimized: thread mobility and trans-architecture invocations take about 60% longer than in the homogeneous implementation. \par We believe this is the first implementation of full object and thread mobility among heterogeneous computers with threads executing native code. " } @InProceedings{stolpmann96:execution, author = "Torsten Stolpmann", title = "Execution Environments for Mobile Code -- a cornerstone for adaptable distributed systems", booktitle = "Position paper for 3rd CaberNet Radicals Workshop", year = 1996, address = "Connemara, Ireland", month = may, url = {http://www.newcastle.research.ec.org/cabernet/research/radicals/1996/papers/mobilecode-stolpmann.html}, annote = "This position paper proposes the utilisation of mobile code as a base-mechanism for an extensible and adaptable distributed system architecture. As an example MACE (Mobile Agent Code Environment) -- a flexible and efficient execution environment for mobile code -- is presented." } @InProceedings{stone96:mobile, author = "Steve Stone and Mike Zyda and Don Brutzman and John Falby", title = "Mobile Agents and Smart Networks for Distributed Simulation", booktitle = "Proceedings of the 14th Distributed Simulations Conference", year = 1996, address = "Orlando, Fl.", month = mar, url = {http://www-npsnet.cs.nps.navy.mil/npsnet/publications/Mobile.Agents.and.Smart.Networks.for.Distributed.Simulations.pdf}, subject = "ma:an", abstract = "As the use of Distributed Interactive Simulations has grown, the need to support a large number of players in the environment has become apparent. DIS has not been able to support a large number of entities because of its high network bandwidth requirements and the large computational loads it places on host computers. A combination of an agent based architecture and smart networks provides a promi sing solution to these problems when implementing large-scale distributed simulations. An agent system using the remote programming paradigm, transporting the necessary parameters and the necessary code for remote execution [WHITE95], could reduce the network bandwidth requirements and large computational loads associated with a large distributed simulation. This reduction would occur by eliminating unnecessary PDU traffic through the use of mobile agents that represent the originating entity. These agents would travel to, and reside on, the host computer of other entities and provide the necessary state information for stationary entities without using network resources. Smart Networks could be used to create a flexible area of interest manager, allowing entities to specify their area of interest and the information that they require from within that area [HARR95a]. This approach allows an entity to get all of the information it requires to represent its view of the simulated world while eliminating unnecessary information processing." } @InProceedings{strasser96:mole, author = "Markus Straßer and Joachim Baumann and Fritz Hohl", title = "Mole -- A {J}ava Based Mobile Agent System", pages = "28--35", booktitle = ecoop-mos2, year = 1996, address = "Linz, Austria", month = jul, url = {http://www.informatik.uni-stuttgart.de/ipvr/vs/Publications/1996-strasser-01.ps.gz}, subject = "ma", abstract = "Mobile agents are active, autonomous objects, which are able to movebetween locations in a so-called agent system, a distributed abstractionlayer providing security of the underlying systems on one hand and theconcepts and mechanisms for mobility and communication on the otherhand. In this paper, the mobility, the communication concepts and thearchitecture of Mole, an agent system developed at the University of Stuttgart, are presented." } @InProceedings{tardo96:mobile, author = "Joseph Tardo and Luis Valenta", title = "Mobile agent security and {T}elescript", booktitle = "Proceedings of IEEE COMPCON '96", year = 1996, url = {http://www.genmagic.com/Telescript/security.html}, subject = "ma:sec", month = feb } @Article{tennenhouse96:towards, author = "David L. Tennenhouse and David J. Wetherall", title = "Towards an Active Network Architecture", journal = "Computer Communication Review", year = 1996, volume = 26, number = 2, month = apr, url = {ftp://ftp.tns.lcs.mit.edu/pub/papers/ccr96.ps.gz}, subject = "an", abstract = "Active networks allow their users to inject customized programs into the nodes of the network. An extreme case, in which we are most interested, replaces packets with `capsules' -- program fragments that are executed at each network router/switch they traverse. \par Active architectures permit a massive increase in the sophistication of the computation that is performed within the network. They will enable new applications, especially those based on application-specific multicast, information fusion, and other services that leverage network-based computation and storage. Furthermore, they will accelerate the pace of innovation by decoupling network services from the underlying hardware and allowing new services to be loaded into the infrastructure on demand. \par In this paper, we describe our vision of an active network architecture, outline our approach to its design, and survey the technologies that can be brought to bear on its implementation. We propose that the research community mount a joint effort to develop and deploy a wide area ActiveNet." } @Article{tennenouse97:survey, author = "David L. Tennenhouse and Jonathan M. Smith and W. David Sincoskie and David J. Wetherall and Gary J. Minden", title = "A Survey of Active Network Research", journal = "IEEE Communications", year = 1997, volume = 35, number = 1, pages = "80--86", month = jan, url = {http://www.tns.lcs.mit.edu/publications/ieeecomms97.html}, subject = "an", abstract = "Active networks are a novel approach to network architecture in which the switches of the network perform customized computations on the messages flowing through them. This approach is motivated by both lead user applications, which perform user-driven computation at nodes within the network today, and the emergence of mobile code technologies that make dynamic network service innovation attainable. In this article, the authors discuss two approaches to the realization of active networks and provide a snapshot of the current research issues and activities." } @TechReport{thomsen93:facile, author = "Bent Thomsen and Lone Leth and Sanjiva Prasad and Tsung-Min Kuo and Andre Kramer and Fritz C. Knabe and and Alessandro Giacalone", title = "Facile Antigua Release programming guide", institution = "European Computer Industry Research Centre", year = 1993, number = "ECRC-93-20", address = "Munich, Germany", month = dec, url = {ftp://ftp.ecrc.de/pub/ECRC_tech_reports/reports/ECRC-93-20.ps.Z}, subject = "ma", abstract = "Facile is an experimental concurrent functional programming language intended to support applications that require a combination of physical distribution and complex computation. This report gives an introduction to programming with Facile. Examples are based on the Facile Antigua release, which makes distributed programming over a network possible." } @InCollection{tschudin97:instruction, author = "Christian Tschudin", title = "Instruction-Based Communications", year = 1997, pages = "67--92", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, subject = "ma", abstract = "This papers explores a mode of communication that is based on instruction rather than interpretation. Starting from Shannon's (interpretative) communication model, I link instruction-based communications to mobile code (messengers), to ``signs'' as they are defined in semiotics, and to the virus theme commonly found in cell biology, computer science and literature. Virus-codes are conjectured to be more powerful that the equivalence codes studied by Shannon." } @InCollection{tschudin97:messenger, author = "Christian Tschudin", title = "The Messenger Environment {M0} -- A Condensed Description", year = 1997, pages = "149--156", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, subject = "ma", abstract = "Implementation techniques for distributed applications can be positioned in a spectrum that ranges from data-exchange to code-exchange. Date-exchange means that the logic (i.e., code) of a distributed application is statically installed and that coordination is done by exchanging messages with predefined meanings. Code-exchange, on the other hand, means that coordination is achieved by sending around code fragments which alter the data that is bound to the network's hosts. Actual systems usually pick and combine several techniques that are positioned at different places in this spectrum. Sun's \JAVA and the corresponding code-on-demand approach, for example, would be closer to the data-exchange viewpoint, while Stamos' and Gifford's Remote Evaluation is more in the line of mobile code because the initiator has more instructional capabilities. Mobile software agent systems are quite close to pure code-exchange, although they often mix-in classical data-exchange techniques (data streams between agents, or mailboxes). The aim of the mobile code environment \M (m-zero) is to be as faithful as possible to the code-exchange point of view." } @InCollection{tsichritzis97:commentary, author = "Denis Tschritzis", title = "Commentary on ``{O}bjectworld''", year = 1997, pages = "23--24", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys } @InCollection{tsichritzis97:objectworld, author = "Denis Tschritzis", title = "Objectworld", year = 1997, pages = "7--22", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, note = "This paper originally appeared in Office Automation, Springer-Verlag, 1985.", subject = "ma", abstract = "An environment is outlined in which programming objects collect and disseminate information, using analogies from the animal world. Objects have their own rules of behaviour. They coordinate their activities by participating in events. Objects get born, move around, communicate and receive information and, eventually, die." } @InProceedings{vigna97:protecting, author = "Giovanni Vigna", title = "Protecting Mobile Agents through Tracing", booktitle = ecoop-mos3, year = 1997, address = "Jyv{\"a}lskyl{\"a}, Finland", month = jun, subject = "ma:sec", url = {http://www.elet.polimi.it/people/vigna/mos97.ps.gz}, abstract = "Mobile code systems provide a flexible and powerful platform to build distributed applications in an Internet scale, but they rise strong requirements from the security point of view. Security issues include au thentication of the different remote parties involved and protection of the execution environments from malicious agents. Nonetheless, the most diffcult task is to protect roaming agents from execution environments. This paper presents a new mechanism based on execution tracing and cryptography that allows an agent owner to determine if some site in the route followed by the agent tried to tamper with the agent state or code." } @Book{vigna98:mobile, title = "Mobile Agents Security", publisher = "Springer-Verlag", year = 1998, editor = "Giovanni Vigna", series = "Lecture Notes in Computer Science", note = "To appear." } @InProceedings{vitek96:secure, author = "Jan Vitek", title = "Secure Object Spaces ", pages = "41--48", booktitle = ecoop-mos2, year = 1996, address = "Linz, Austria", month = jul, url = {http://cuiwww.unige.ch/\~{}ecoopws/ws96/5.ps.gz}, subject = "ma:sec", abstract = "Mobile software agents are computational entities acting on the behalfof a user which may move from computer to computer over a heterogeneousnetwork, draw on local resources, and interact with other agents. This extended abstract discusses agent communication and its implications for security. " } @Book{vitek97:mobile, editor = "Jan Vitek and Christian Tschudin", title = "Mobile Oject Systems: Towards the Programmable {I}nternet", year = 1997, month = apr, publisher = "Springer-Verlag", note = lncs1222, url = {http://cuiwww.unige.ch/\~{}ecoopws/tpi}, subject = "ma", abstract = "This book presents a collection of papers dealing with different aspects of mobile computations. Mobile computations are computations that are not bound to single locations, but may move at will to best use the computer network's resources. In this view, the network becomes a single, vast, programmable environment. Among computer scientists, many feel that this approach will have a profound effect on the way we design and implement distributed applications, and they agree that we are witnessing a paradigm change. However, this new and exciting paradigm requires advances, both theoretical and applied, in fields such as programming languages (where we need a sound semantic foundation and efficient implementations), operating systems and software safety and security. Some of the first steps towards a programmable Internet are documented here." } @InCollection{vitek97:security, author = "Jan Vitek and Manuel Serrano and Dimitri Thanos", title = "Security and Communication in Mobile Object Systems", year = 1997, pages = "177--200", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys, subject = "ma:sec" } @Article{volpano96:provably, author = "Dennis Volpano", title = "Provably-Secure Programming Languages for Remote Evaluation", journal = "ACM Computing Surveys", year = 1996, volume = "28A", url = {http://www.cs.nps.navy.mil/research/languages/papers/atsc/sdcr.ps}, subject = "sec", month = dec, note = "Participation statement for ACM Workshop on Strategic Directions in Computing Research" } @Article{volpano96:sound, author = "Dennis Volpano and Geoffrey Smith and Cynthia Irvine", title = "A Sound Type System for Secure Flow Analysis", journal = "Journal of Computer Security", year = 1996, volume = 4, number = 3, pages = "167--187", month = dec, url = {http://www.cs.nps.navy.mil/research/languages/papers/atsc/jcs.ps.Z}, subject = "sec", abstract = "Ensuring secure information flow within programs in the context of multiple sensitivity levels has been widely studied. Especially noteworthy is Denning's work in secure flow analysis and the lattice model [6][7]. Until now, however, the soundness of Denning's analysis has not been established satisfactorily. We formulate Denning's approach as a type system and present a notion of soundness for the system that can be viewed as a form of noninterference. Soundness is established by proving, with respect to a standard programming language semantics, that all well-typed programs have this noninterference property." } @InProceedings{wahbe93:efficient, author = "Robert Wahbe and Steven Lucco and Thomas E. Anderson and Susan L. Graham", title = "Efficient Software-Based Fault Isolation", pages = "203--216", booktitle = "Proceedings of the 14th ACM Symposium on Operating Systems Principles", year = 1993, url = {http://http.cs.berkeley.edu/\~{}tea/sfi.ps}, subject = "Asheville, N.C.", subject = "sec", abstract = "One way to provide fault isolation among cooperating software modules is to place each in its own address space. However, for tightly-coupled modules, this solution incurs prohibitive context switch overhead. In this paper, we present a software approach to implementing fault isolation within a single address space. Our approach has two parts. First, we load the code and data for a distrusted module into its own fault domain, a logically separate portion of the application's address space. Second, we modify the object code of a distrusted module to prevent it from writing or jumping to an address outside its fault domain. Both these software operations are portable and programming language independent. \par Our approach poses a tradeoff relative to hardware fault isolation: substantially faster communication between fault domains, at a cost of slightly increased execution time for distrusted modules. We demonstrate that for frequently communicating modules, implementing fault isolation in software rather than hardware can substantially improve end-to-end application performance." } @InCollection{waldo97:afterword, author = "Jim Waldo and Ann Wollrath and Sam Kendall", title = "Afterword", year = 1997, pages = "65-66", month = apr, publisher = "Springer-Verlag", note = lncs1222, booktitle = mob-obj-sys } @InCollection{waldo97:note, author = "Jim Waldo and Geoff Wyant and Ann Wollrath and Sam Kendall", title = "A Note on Distributed Computing", year = 1997, pages = "49--64", month = apr, publisher = "Springer-Verlag", note = "Lecture Notes in Computer Science No. 1222. Also published as Sun Microsystems Laborators Technical Report TR-94-29.", booktitle = mob-obj-sys, url = {http://www.sunlabs.com/smli/technical-reports/1994/smli_tr-94-29.ps}, subject = "ma", abstract = "Much of the current work in distributed, object-oriented systems is based on the assumption that objects form a single ontological class. This class consists of all entities that can be fully described by the specification of the set of interfaces supported by the object and the semantics of the operations in those interfaces. The class includes objects that share a single address space, objects that are in separate address spaces on the same machine, and objects that are in separate address spaces on different machines (with, perhaps, different architectures). On the view that all objects are essentially the same kind of entity, these differences in relative location are merely an aspect of the implementation of the object. Indeed, the location of an object may change over time, as an object migrates from one machine to another or the implementation of the object changes. \par It is the thesis of this note that this unified view of objects is mistaken. There are fundamental differences between the interactions of distributed objects and the interactions of non-distributed objects. Further, work in distributed object-oriented systems that is based on a model that ignores or denies these differences is doomed to failure, and could easily lead to an industry-wide rejection of the notion of distributed object-based systems." } @TechReport{wallach97:extensible, author = "Dan S. Wallach and Dirk Balfanz and Drew Dean and Edward W. Felten", title = "Extensible Security Architectures for Java", institution = "Department of Computer Science, Princeton University", year = 1997, number = "546-97", month = apr, url = "http://www.CS.Princeton.EDU/sip/pub/extensible.html", subject = "mc:sec", abstract = "Mobile code technologies such as Java, JavaScript, and ActiveX generally limit all programs to a single security policy. However, software-based protection can allow for more flexible security models, with potentially significant performance improvements over traditional hardware-based solutions. We describe and analyze three implementation strategies for interposing flexible security policies in software-based security systems. Implementations exist for all three strategies: several vendors have adapted capabilities to Java, Netscape Communicator extended Java's stack introspection, and we built a type-hiding system as an add-on to Microsoft Internet Explorer." } @InProceedings{wetherall96:active, author = "David J. Wetherall and David L. Tennenhouse", title = "The {ACTIVE} {IP} Option", booktitle = sigops7, year = 1996, address = "Connemara, Ireland", month = sep, url = {http://www.tns.lcs.mit.edu/publications/sigops96ws.html}, subject = "an", abstract = "In this paper, we discuss our work on an active network architecture in which passive packets are replaced with active capsules -- encapsulated program fragments that are executed at each switch they traverse. This approach allows application-specific processing to be injected into the network. The accessibility of computation and storage ``within'' the network provides a substrate that can be tailored to build global applications, including those that invoke customized multicast and merge processing. \par We describe an extension to the IP options mechanism that supports the embedding of program fragments in datagrams and the evaluation of these fragments as they traverse the Internet. The ACTIVE option provides a generic approach to the extension of the IP network service." } @Misc{wetherall96:safety, author = "David J. Wetherall", title = "Safety Mechanisms for Mobile Code", howpublished = "Area Examination Paper", year = 1995, month = nov, subject = "mc:sec", url = {http://www.tns.lcs.mit.edu/\~{}djw/area.html}, annote = "This report critiques papers on Java, Kali-Scheme, and software-based fault isolation. It focuses on mechanisms they employ to execute mobile code safely, meaning that such code is encapsulated, and interacts with its host only via a permitted interface. \par While the systems are diverse, it may be argued that each presents a different approach to safety. Java is statically type-checked during compilation and verified in bytecode form at load time. Kali-Scheme is also compiled to bytecodes, but is dynamically checked since Scheme is latently typed. Software-based fault isolation provides a lower level of encapsulation by directly inserting checks on control and data flow into the object code. \par Both software-based fault isolation and static type checking are found to be efficient. They need to address the issue of carrying checking information in the mobile code, however, while interpretation largely separates the issues of mobility and safety. Static type checking provides tighter integration of mobile code and host than sandboxing or interpretation." } @InCollection{white96:telescript, author = "James E. White", title = "Telescript Technology: Mobile Agents", crossref = "bradshaw96:software", url = {http://www.genmagic.com/agents/Whitepaper/whitepaper.html}, subject = "ma", note = "Also available as General Magic White Paper" } @Misc{white98:thesis, author = {D. Eric White}, title = {A Comparison of Mobile Agent Migration Mechanisms}, year = 1998, month = jun, howpublished = {Senior Honors Thesis, Dartmouth College}, keyword = {mobile agent}, abstract = {Choosing a model for agent migration is a key decision in the design of a Java mobile agent system. Two major models have been proposed for implementing mobile agent migration: one which captures the entire execution state of a running agent, and one which captures only object state. In this paper we compare the two models from the perspective of both the system programmer and the application programmer, in the context of Agent Java, a part of the D'Agents system developed at Dartmouth College. From the system programmer's perspective, we consider such issues as difficulty and complexity of implementation, while from the application programmer's perspective we examine the level of convenience, naturalness and functionality each method provides. Ideally, we would also like to compare the two methods in terms of performance, but time constraints and technical difficulties have prevented us from obtaining accurate results. Nevertheless, we present the results we were able to gather.} }