system (an e-marketplace) to analyze the performance of the proposed models. .... several sellers and buyers in e-commerce, to improve economic efficiency, .... as CGI scripts, FastCGIs, server-applications and server-side scripts. 23 ...
SCALABLE AND SECURE AGENT BASED MODELS TO ENHANCE E-BUSINESS ENVIRONMENT A Thesis submitted for the Degree of
Doctor of Philosophy By
A. KANNAMMAL
SCHOOL OF COMPUTING SCIENCES
VELLORE INSTITUTE OF TECHNOLOGY DEEMED UNIVERSITY VELLORE - 632 014, TN, INDIA
SEPTEMBER 2006
DECLARATION
I here by declare that the thesis entitled “SCALABLE AND SECURE AGENT
BASED
MODELS
TO
ENHANCE
E-BUSINESS
ENVIRONMENT” submitted by me to the Vellore Institute of Technology, Vellore in fulfillment of the requirements for the award of the degree of DOCTOR OF PHILOSOPHY is a record of bonafide work carried out by me under the supervision of Dr.N.Ch.S.N. Iyengar. I further declare that the work reported in this thesis has not been submitted and will not be submitted, either in part or in full, for the award of any other degree or diploma of this institute or of any other institute or University.
Place: Vellore Date:
Signature of the Candidate
CERTIFICATE
This is to certify that the thesis entitled “SCALABLE AND SECURE AGENT
BASED
MODELS
TO
ENHANCE
E-BUSINESS
ENVIRONMENT” submitted by Mrs.A. Kannammal to the Vellore Institute of Technology, Vellore in fulfillment of the requirements for the award of the degree of DOCTOR OF PHILOSOPHY is a record of bonafide work carried out by her under my supervision. This thesis fulfills the requirements as per the regulations of this institute and in my opinion meets the necessary standards for submission, and will not be submitted, either in part or in full, for the award of any other degree or diploma of this institute or of any other institute or University.
Place: Vellore Date:
Signature of the Supervisor
ABSTRACT
Electronic Business offers innovative ways of doing business through Internet.
Internet
revolution
has
introduced
number
of
advanced
technologies to access organizations all over the world in an efficient but simple manner. Internet traffic is increasing exponentially as a result of wireless access, mobile computing and other innovative communication technologies. As doing business over Internet is becoming popular, a need has been arise to provide cost-effective, scalable, secure and reliable environment for distributed e-business applications. One of the key challenges of enterprise applications is that the e-business sites are expected to be highly scalable and secure in order to handle the demanding requirements of increasing Internet traffic. Business database is vulnerable to security risks as huge number of users is accessing the database directly. Any knowledgeable malicious user with browser access is able to trigger SQL procedures in the database that may be harmful to the business data, which is an invaluable asset. Potential benefits of agent technology has been explored and realized in real time distributed applications and this has placed security and reliability requirements to be met by the enterprise applications.
The thesis proposes scalable and secure models to enhance e-business applications. The software contention problem faced by the existing web servers are addressed by the proposed agent based architecture that deploys agents to handle user sessions. The proposed architecture enhances the
i
scalability of web servers by serving more number of users in less time, than the existing architecture. Concept of shared object is combined with agent technology to propose a new architecture to enhance the security of business database and scalability of database servers. The proposed architecture eliminates direct access to business database thereby enhancing the security, and deploys agents thereby enhancing the scalability.
Deployment of agents in the proposed architectures introduces security and reliability issues that are to be addressed by e-business when these architectures are implemented. An experimental multi-agent based ebusiness application is designed and implemented to analyze the security and reliability issues of agent based e-business systems. Security measures based on cryptography have been proposed to address the security problems. A performance model has been developed to analyze the performance overhead introduced by the proposed security enhancements. Reliability measures namely periodic scan and forward echo have been proposed to address the reliability issues of agent based e-business systems. A reliability model has been developed to evaluate the reliability enhancements achieved and the study has shown that the reliability of the system has been enhanced considerably.
ii
ACKNOWLEDGEMENTS
It is my foremost responsibility to express my profound gratitude and sincere respects to my Research Guide Dr.N.Ch.S.N. Iyengar, Professor, School of Computing Sciences, Vellore Institute of Technology (V.I.T.), whose gracious acceptance of me as his ward and his valuable guidance that made this thesis possible.
I wish to express deep and heart-felt gratitude to my Research Advisor Dr.V.Ramachandran, Professor and Director, Ramanujan Computing Centre, Anna University, for all his brilliant and timely inputs, from the beginning to the completion of my dissertation. It is his inspiring words of advice that has made this dissertation, a dream achieved.
I wish to place on record my gratitude to Dr.M.V. Krishnamurthy, Director (Academic Research), V.I.T., for his kind words of support and encouragement during the various stages of my research work.
I express my sincere thanks to the Dr.V. Radhakrishnan, Dean, S.C.S., V.I.T., and the Doctoral Committee members Dr.A. Kannan, Dept. of C.S.E., Anna University, Dr.S.K. Srivatsa, Dept. of E.C.E., M.I.T., and Dr. Bijendra Singh, S.C.S., V.I.T., for their invaluable suggestions to enhance my research work.
iii
I wish to place on record my cordial thanks and respects to His Excellence
Sri.G.Viswanathan,
Chancellor,
Vellore
Institute
of
Technology, Deemed University, Vellore, for providing me with an opportunity to join V.I.T. and complete my research successfully.
I wish to express my gratitude to Dr.P. Radhakrishnan, ViceChancellor, V.I.T., who was instrumental in recognizing and approving my candidature for research in this illustrious institution.
I also place on record my deep sense of gratitude to Mr.G. Shankar Viswanathan, Pro-Chancellor (Academic), Mr.G.V. Sampath, ProChancellor (Administration), V.I.T., Prof. S.R. Pullabhotla, Registrar, Dr.Anand A Samuel, Dean (Academics), and Dr.D.V.S. Bhagavanulu, Associate Dean (E-Learning, Library Sciences), V.I.T., for providing me with a once-in-a lifetime opportunity of carrying out my research in V.I.T.
I wish to extend my sincere gratitude to Dr.S.R.K. Prasad, Director, Coimbatore Institute of Technology (C.I.T.), and Dr.R.Prabakhar, Principal, C.I.T., who gave me permission to carry out my research work and also to use the resources of C.I.T. during my research all these years.
I wish to convey my thanks to Prof. M. Devaraju, Head of the Department of Computer Technology & Applications, C.I.T., who gave me permission and necessary support to carry on with my research work. I also wish to thank teaching and non-teaching staff of V.I.T, and my colleagues in C.I.T. for supporting and encouraging me at all levels of my research.
iv
It is also my obligation to express my sincere and cordial gratitude to Mr.K. Gunasegharan, Mr.M.J. Nagaraj, Mr.K. Suresh Kumar for their timely help for the experimental system setup and troubleshooting. I also wish to convey my gratitude to Mr.E. Justin Ruben, Ms. Rema Padmanabhan, Ms. Arthy and Ms. Adeline Abraham for their valuable help in the documentation process of the thesis.
I wish to specially thank my friends Ms. Jemima Paul for her continuous encouragement and Mr.V. Nandakumar for his moral support.
I am deeply indebted to my family and express my heart-felt gratitude especially to my mother Ms.A.Janaki for having given me the much required motivation and inspiration for hard-work, determination and selfconfidence right from my childhood.
I wish to extend my profound sense of gratitude to my husband Mr.A.Sampath Kumar and my kids Master S. Santosh Roy and Master S. Sujith Roy for all the sacrifices they made during the course of my research and also providing me with moral support and encouragement whenever required.
I wish to express my sincere and heart-felt gratitude for God Almighty for having blessed me with adequate faculty of the mind and body and also to have raised me to this level in life for successfully completing my Ph.D. dissertation.
A. Kannammal v
TABLE OF CONTENTS
ABSTRACT
i
ACKNOWLEDGEMENTS
iii
LIST OF FIGURES
ix
LIST OF TABLES
xii
CHAPTER 1 INTRODUCTION 1.1 General 1.2 State of the Art 1.3 Objectives 1.4 Scope of the Thesis
1 1 3 9 10
CHAPTER 2 SCALING FOR E-BUSINESS – EXISTING TECHNOLOGIES AND PERFORMANCE ISSUES 2.1 Introduction 2.2 E-Business Reference Architecture 2.2.1 E-Business Architecture 2.2.2 Web Server 2.2.3 Application Server 2.2.4 Transaction and Database Servers 2.3 Performance Issues in E-Business 2.3.1 Scalability 2.3.2 Security 2.3.3 Reliability, Availability and Maintainability 2.3.4 Extensibility and Flexibility 2.4 Agent Technology and JADE 2.4.1 Software Agents 2.4.2 Agent Platform Reference Architecture 2.5 Agent Based Models in E-Business 2.5.1 Agents in B2C E-Business 2.5.2 Agents in B2B E-Business
17 17 19 19 21 23 24 24 28 31 33 36 37 37 39 45 46 48
vi
2.5.3 Interaction Languages and Protocols 2.5.4 Development Tools, Technologies, and Platforms 2.5.5 Challenges in Agent Based Systems 2.6 Conclusion
CHAPTER 3 ENHANCED SCALABLE AND SECURE MODELS FOR ENTERPRISE APPLICATIONS 3.1 Introduction 3.2 Agent Based Architecture for Scalable Web Servers 3.2.1 Web Server Architecture 3.2.2 Existing Web Server Architecture for Session Management 3.2.3 Proposed Agent Based Architecture for Session Management 3.3 Design and Implementation 3.3.1 Performance Analysis Methodology 3.3.2 Performance Analysis 3.3.3 Transaction Response Time 3.3.4 Throughput 3.3.5 Impact Based on Windows Resources 3.3.6 Scalability Analysis 3.4 Database Security Model for Enterprise Applications 3.4.1 Proposed Agent Based Architecture for Scalable and Secure Databases 3.4.2 Implementation Procedure 3.4.3 Experimental Methodology 3.4.4 Performance Analysis – Security and Scalability Improvements 3.5 Conclusion
51 52 53 54
56 56 57 58 59 62 68 68 72 74 75 78 81 84 85 90 94 98 101
CHAPTER 4 SECURITY AND RELIABILITY ENHANCEMENTS OF AGENT BASED E-BUSINESS SYSTEMS 103 4.1 Introduction 4.2 Security Enhancements of Agent Based E-Business System 4.2.1 Experimental Multi-Agent System 4.2.2 Security Issues of SCAS 4.2.3 Proposed Security Enhancements vii
103 105 106 109 111
4.2.4 Work Flow Model of Secured SCAS 4.2.5 Performance Model for Secured SCAS 4.2.6 Security Analysis 4.2.7 Performance Analysis 4.3 Security Model for Large-Scale Distributed Environment 4.3.1 Secured and Distributed SCAS (SDSCAS) Architecture 4.3.2 Components Design 4.3.3 Performance Model for Secured and Distributed SCAS 4.3.4 Performance Evaluation 4.4 Reliability Enhancements of Agent Based E-Business System 4.4.1 Reliability Issues of Agent Based Systems 4.4.2 Reliability Model 4.4.3 Proposed Reliability Enhancements 4.4.4 Evaluation of Proposed Reliability Enhancements 4.5 Conclusion
114 117 120 121 124 125 126 130 132 133 134 135 137 140 146
CHAPTER 5 CONCLUSION 5.1 Highlights of the Work Done 5.2 Future Research Directions
148 149 153
REFERENCES
155
PUBLICATIONS FROM THE THESIS
163
viii
LIST OF FIGURES
FIGURE
TITLE
PAGE
2.1
E-Business Reference Architecture
21
2.2
FIPA Agent Platform Reference Architecture
42
2.3
JADE Agent Platform Distributed over Several Containers
43
2.4
Agent Life-cycle as Defined by FIPA
44
3.1
Existing Web Server Architecture for Session Management
3.2
61
Proposed Agent Based Architecture for Session Management
65
3.3
Agents’ Design
66
3.4
Interactions between Components
67
3.5
Load Test Process
70
3.6
Customer Behavior Model
71
3.7
Analysis Summary for Session Management without Agents
73
3.8
Analysis Summary for Session Management with Agents 74
3.9
Average Transaction Response Time under Load
76
3.10
Average Throughput under Load
77
ix
3.11
Impact of Windows Resources on Transaction Behavior (Without Agents)
3.12
79
Impact of Windows Resources on Transaction Behavior (With Agents)
80
3.13
Burst Load of 50 Users (Without Agents)
81
3.14
Burst Load of 50 Users (With Agents)
82
3.15
Architecture of E-Business System under Study
85
3.16
Existing E-Business Database Service Architecture
86
3.17
Database Service Architecture with Shared Object
87
3.18
Proposed Database Service Architecture
89
3.19
Activity Diagram for Information Updating Process
93
3.20 (a)
Shared Object Details
95
3.20 (b) Trigger to Call Function
96
3.20 (c)
97
Function to Send Data
3.20 (d) InfoUpdaterAgent Creation
97
3.20 (e)
InfoSenderAgent Checks for New Information
98
3.20 (f)
DispatcherAgent Migration
98
4.1
Shopping Consultant Agent System Architecture
107
4.2
Secured SCAS Architecture
112
4.3
Component Design for Secured SCAS
113
4.4
Workflow Model of Secured SCAS
115
4.5
Average Turnaround Time of MobileAgent
123
4.6
Secured SCAS Architecture for Distributed e-marketplaces
126
x
4.7
Activities of LauncherAgent
129
4.8
Periodic Scan by LauncherAgent
138
4.9
Forward Echo by MobileAgent
139
4.10
Failure Simulation
141
4.11
Reliability Curves of SCAS
142
xi
LIST OF TABLES
TABLE
TITLE
PAGE
3.1
Average Transaction Response Time under Load
76
3.2
Average Throughput under Load
77
3.3
Correlation Match of Windows Resources (Without Agents)
3.4
79
Correlation Match of Windows Resources (With Agents)
80
4.1
Parameters for Evaluating Security Enhancements
117
4.2
Average Turnaround Time for Mobile Agent
123
4.3
Additional Parameters for Evaluating SDSCAS
131
4.4
Failure Rate of SCAS
143
4.5
Failure Rate Calculation before Reliability Enhancements
4.6
144
Failure Rate Calculation after Reliability Enhancements
145
xii
CHAPTER 1
INTRODUCTION
1.1
GENERAL
Electronic business (e-business) refers to the use of Internet for doing business. At its most developed level, e-business aims to reduce costs and improve efficiencies by integrating business systems and eliminating duplication of efforts, thereby achieving more with fewer resources and for lesser cost. The advent of Internet revolution has given rise to new techniques and models of doing business electronically that break space and time limitations. Web technologies such as authentication, standard messaging and rapid data sharing already support spontaneous, secure, and multiparty interactions among businesses. Innovative forms of payment and finance are being introduced to meet new needs. New intermediary services add value by accumulating and analyzing information and using it to simplify technical and business problems. These new technologies pave a pathway to enhance the e-business environment and also have become a major cause for the tremendous growth of Internet traffic.
Agent technology is one of the promising technologies to build complex systems like e-business. The use of agent technology has been explored for quite long time since 1998, and agents have been proved to 1
offer significant advantages in terms of reduction in network latency, autonomous execution etc. The feasibility and potential advantages of deploying agents in various domains, especially in the e-business environment have also been proved and there exists lot of agents roaming in the Internet on behalf of their users to do the tasks assigned to them. Various kinds of software agents that take part in business activities have become one of the main sources of increasing traffic placed on e-business sites.
As the workload increases due to these new modes of traffic, ebusiness systems should ensure their scalability and hence performance and scalability issues are gaining importance in designing and maintaining these systems. One common performance problem that might occur due to poor scalability is elongated response times with associated low utilization of server resources, essentially due to idle server threads, and queued requests waiting on database server response. Hence a scalable server strategy is essential, enabling businesses to support new functions and services, and increase in workloads. Menasce (2003) identified that the architecture of web server and workload characterization are some of the major factors that decide the scalability of an e-business system. The kind of problem that the requests are waiting for software resources of the web server is known as Software Contention that results in slow downloading time at the customer end. This is one of the most often cited reasons that an on-line customer leaves the site and looks for another vendor’s web site instead.
While e-business systems tend to experience a number of potential advantages with the novel aspects of Internet, the Internet has introduced
2
significant security threats to e-business data. As the volume of users accessing the business data is also increasing heavily, the vulnerability to business data, which is an invaluable asset for any organization, is also increasing proportionally. Also, the mobile agents that roam on behalf of their users are exposed to different kinds of security threats from the host in which they perform their task. The hosts have complete control over the agents’ data and code. This leads to security problems like eavesdropping, corruption, masquerading, denial of service, replaying, repudiation etc. Agent based e-business systems also face reliability problems due to the failure of software or hardware components.
These Internet technologies bring into light, a set of potential opportunities and accompanying challenges like scalability, security and reliability into the e-business environment that were not present in the traditional business.
1.2
STATE OF THE ART
As more and more companies tend to do business electronically, a need for new ways of structuring applications to provide cost-effective and scalable models has arisen. Due to technical advancements like Code Division Multiple Access (CDMA), secure and reliable high-speed network connections, wireless access to Internet through mobile devices like cell phones and Personal Digital Assistants (PDAs), Internet traffic has increased substantially
and
it
is
expected
to
grow
exponentially
(http://www.forrester.com). Also the notion of agent technology has made it
3
possible for Internet users to deploy software agents to sell and buy products on behalf of the users [41]. Agents provide multiple advantages like reduction in network latency, autonomous execution etc. A lot of work has already been carried out to prove the inherent advantages provided by the agents in e-business environment, and the feasibility of their deployment is also proved [44, 29].
All these advancements put in a straightforward question of whether the e-business system is scalable to withstand the increasing traffic. A system is said to be scalable if it is possible to upgrade the system without any software or architectural changes to handle increase in traffic while maintaining adequate performance. The system can be upgraded by adding more servers, adding more processors, replacing existing servers with faster servers that use the same architecture and so on. Devlin et al. [18] introduce two notions namely scaling out – adding more servers of same type, and scaling up – replacing existing servers with faster ones. While analyzing the scalability of e-business systems, one has to consider the business, functional, customer behavior, and IT resource aspects of the problem. Menasce and Almeida [13] present a reference model that covers these four aspects.
The multi-tiered architecture of e-business systems has three layers of servers namely Web and Authentication servers, Application servers or Transaction Processors, and Database servers. The web server architecture and workload characterization are some of the major factors that decide the scalability of an e-business system [12, 2, 3, and 11]. It is very common for
4
the software architecture of the various software servers to be multithreaded. During heavy Internet traffic, the software servers demonstrate poor performance in terms of scalability when software resources like the threads are not utilized properly. This is due to the heavy volume of users waiting for service from the web server, which in turn waiting for a response from the Database server.
Because a web server thread is not available to handle other requests while the Database server is processing a request, a large queue for web server threads is generated. This kind of problem increases the waiting time of the customer, which may result in the loss of potential customer (http://www.guv.gatech.edu). Since online companies’ entire business depends on the behavior of their sites, long waiting times and unavailability can be disastrous. Therefore, for most electronic businesses, poor performance and low availability almost always mean lost revenue, low press, low public perception, and a drop in the company’s stock price. Hence a scalable server strategy is essential, enabling businesses to support new functions and services, and increasing workloads [32].
While integrating business system with the Internet offers potentially unlimited opportunities for increasing efficiency and reducing cost, it also offers potentially unlimited risk [53]. Security vulnerabilities have been discovered in database servers present in the e-business environment (http://www.otn.oracle.com).
These
vulnerabilities
may
allow
a
knowledgeable and malicious user to execute unauthorized procedures or SQL queries inside the database. An unauthenticated user with browser
5
access to a web server hosting the e-business application can exploit the database. The risk to exposure to business database is high, as any user with browser access and specialized knowledge can exploit these vulnerabilities. This security problem is due to the fact that the users are served by means of granting them direct access to the database.
A premier global provider of market intelligence, advisory services, and events for the information technology and telecommunication industries (http://www.idc.com) assume that the dramatic growth in B2B e-commerce may accelerate the demand for agents, as the agent technology provides inherent benefits like reduction in network load, reduction in network latencies and support for disconnected operations for structuring distributed applications [14]. The use of mobile agents has been explored for a variety of applications such as information retrieval, workflow management systems and e-commerce applications [66, 26, and 72]. Although there are some experimental as well as commercial deployment of mobile agents for ecommerce applications like MAgNET [16] and Gossip, they have still not translated into a significant number of real-world applications.
The popularization and realization of agent based distributed systems are hampered by the security threats experienced to these systems. Mobile agents roam in the computer network from node to node, on behalf of user to accomplish the assigned task. These agents are composed of data collected as a result of computation from remote hosts, state information to resume their work at a remote host, and code information that is used to execute their task. The hosts in which the agents execute have complete control over
6
the agents. If the host is malicious, these agents are exposed to security threats that may violate confidentiality, integrity, authentication, availability, non-repudiation etc. These issues are related to trust and delegation in largescale multi-agent systems that are non-trivial to solve [8].
Zachery [37] highlights that no one has yet achieved the desired level of security for a mobile code program that can be provided to a remote host. In fact, given that mobile code programs are completely software-based, complete level of security might never be achieved. This research area is in its infancy, and many approaches remain to be investigated. Chan [9] has addressed the security issues of mobile agents by proposing techniques based on agent tampering detection, which allows the agent to move around freely. This approach detects any kind of tampering activity against the mobile agent.
Sander and Tschudin proposed an approach called Mobile Cryptography [58, 57] based on homomorphic encryption schemes and function composition techniques that allow direct computations without decryptions on encrypted mobile agents. The Mobile Cryptography approach did not provide any practical ways of implementation due to the fact that no homomorphic encryption schemes are found for this approach. Lee, Foss and Harrison [31] proposed an extension to this approach that encrypt both code and data including state information in a way that enables direct computation on encrypted data without decryption. The modified encryption scheme is additive, multiplicative and mixed-multiplicative homomorphic encryption. This scheme requires extra work to develop more sophisticated
7
encryption schemes with complete security analysis. The operators in this scheme are restricted to addition and multiplication only. Also more study is required to find a way of calling user-defined and system functions within an encrypted mobile agent.
The reliability of a system is defined as the probability that the system is operational during a period of time [64]. As with any complex distributed system, agent based e-business system may also face reliability problems due to the failure of software or hardware components. The types of failures that may cause agent based systems to fail are: site failure and communication failure. Lyu et. al [43] proposed agent-server architecture to recover failed agent with a new Failure Detection and Recovery approach and proved that their approach has improved the survivability and fault tolerance of an agent based system with the expense of time and space requirements. Daoud et. al [46] studied and evaluated the reliability of a mobile agent system with respect to the network status and its conditions. The reliability of mobile agent systems can be investigated based on different factors other than network status, which is suggested as a future work.
In spite of tremendous work done in this agent based e-business application domain, lot of issues need to be investigated in order to improve the security and reliability of agent based applications in the e-business environment. The thesis focuses on these issues and tries to provide enhancements to the existing environment by proposing agent based models.
8
1.3
OBJECTIVES
The primary objective of this thesis is to design, develop, test and validate agent based models to enhance the scalability, security and reliability aspects of enterprise business applications. The main objectives of this thesis are listed below: • To propose an agent based architecture to improve the scalability of web servers present in the e-business environment and to analyze the performance of the proposed model using simulation. • To propose a model based on the concept of shared objects and agents to secure the business database present in the e-business environment. • To adopt a hybrid approach of closed network and agent tampering prevention, to protect the mobile agents from the malicious hosts that are present in the execution environment, when the mobile agents roam in the e-business environment to carry out specified tasks. • To develop an experimental, distributed, Federation for Intelligent Physical Agents (FIPA) compliant multi-agent based e-business system (an e-marketplace) to analyze the performance of the proposed models. • To develop performance model to tune the parameters like network capacity etc, of the execution environment and to achieve the
9
desired level of security with the acceptable performance overhead. • To analyze the reliability issues that arise in the experimental system, particularly when the agent technology is introduced, to propose reliability models to implement fault-tolerance measures namely periodic scan and forward echo, and to analyze the reliability improvements gained.
1.4
SCOPE OF THE THESIS
In addition to this introductory chapter, the dissertation is organized in four chapters that present in detail, the state of the art of e-business, the agent technology and its applicability in e-business, the design and development of each of the proposed models, and validation and assessment of each of them. More specific details of each chapter are given below:
Chapter 2 gives an overview of existing technologies in e-business and agent technology. Modern e-business systems are highly distributed and multi-tiered architectures comprising multiple components deployed in a heterogeneous environment with demanding requirements for performance, scalability, and availability. Success at e-business requires far more than a web server, a storefront and transaction processor, or a database. It requires a comprehensive and formal systems approach. Success in e-business starts with new web technologies and e-commerce functionalities, and combines them with the design, development, implementation, and management
10
disciplines and practices that have been widely proven for other types of large-scale, complex, and mission-critical systems.
As e-business systems are complex large-scale mission-critical operational systems, there are several factors that must be addressed for companies to be successful at e-businesses [68]. The factors include web applications, business systems, security and authenticity, scalability, reliability, availability, proven deployment architecture, component-based tools, end-to-end management, serviceability, content management and publication, complex interactions and transactions, business model implementation, distributed processing and distributed data. High-end sites may handle hundreds of thousands of hits per minute, present and update catalogues with many millions of items, collect tens of gigabytes of behavioral data per day, run hundreds of separate processes or businesses simultaneously and utilize thousands of processors to carry the load.
E-business reference architecture and its components are described in order to have a solid understanding of the problems and solutions described in the thesis. The architecture of existing web servers is also described. Scalability requirements due to exponential growth of Internet are given as an overview. Performance problems like slow downloading time and availability etc. faced by the web servers, and their impact on the business benefits are discussed. Software contention, which is the most often cited problem associated with poor response time is also discussed.
11
Security issues involved in an e-business transaction and the associated available protection mechanisms are described. Security requirements of database servers present in the e-business environment are also given enough thought, based on prominent database vendor’s technical reports.
An introduction to agent technology is given with an overview on the properties of agents. The inherent benefits offered by this technology to the distributed application are presented. Agent platform reference architecture is given based on Java Agent Development Environment (JADE), which is the chosen agent development platform for the work carried out. A brief introduction about the components of JADE architecture is given and state of art agent based e-business models is presented. The role of agents in every stage of e-business process automation is found in the literature on which an exhaustive literature survey is given. Reliability issues related to agents and the agent platform are outlined. The chapter concludes with the type of research work that needs to be carried out to enhance the scalability, security, and performance of existing e-business environment using agent technology.
Chapter 3 presents enhanced secure and scalable models for enterprise applications. Ideally, the web server has a limitation on the number of connections in its connection pool such that each connection is represented as a thread. A server can handle only a limited number of connections or user sessions at a time. Each client visiting the site is served through a thread from the connection pool. If the traffic is high, the client
12
experiences a long delay in the response, or the client may not be able to contact the server. If the client after allocated with a connection thread migrates to a second site by following a link present in the first site, then the thread allocated for that client is blocked until the client returns or the session is timed-out. Though the blocked thread is idle, it cannot be used to serve other clients waiting in the queue, thus reducing the efficient utilization of software resource, namely connection thread. This is a kind of software contention that may lead to the loss of potential clients and associated profit.
Agent based architecture is proposed to exploit the benefits of software agents for improving the scalability of web server by managing user sessions in an electronic business system. Each connection pool thread in the web server is used to create an agent and a single agent is used to manage the sessions of multiple clients. Hence even if a client migrates, the agent will be busy serving other clients thereby increasing the efficient utilization of server resources. Different agents such as AllocatorAgent, ManagerAgent, and StorageAgent are designed to perform different tasks namely: allocate an agent to manage the customer session, manage the customer session and maintain the details of migrated customers respectively. The collaboration between these agents is presented. This approach improves the scalability as more number of clients can be served, and improves the performance as the web server software resources like connection threads are used efficiently. The system is implemented without agents and then, with agents. Finally the impact on system performance and scalability are evaluated using simulation models.
13
Shared object concept is introduced in order to enhance the security of e-business database and to ensure synchronized communication between applications in a web server, while the scalability is enhanced through agents. The system uses shared objects and mobile agents to update the customers automatically with new information. The agent that resides in the database server namely InforUpdaterAgent is informed about the new information by triggering a function. Then the agent updates the shared object that contains both old and new information. This shared object is accessed by another agent namely InfoSenderAgent, which sends the information to registered users by launching mobile agents. A static instance of the shared object is created so that the same object can be accessed by multiple entities in the environment. The InfoUpdaterAgent updates the information in the shared object only if the InfoSenderAgent has consumed the previous information. This is ensured by means of checking the flag attribute
of
shared
object,
thereby
enabling
the
synchronized
communication. This approach improves security as customers are not aware of the location of business database, and makes e-business more scalable by deploying mobile agents.
The existing architecture of database servers in an e-business system is presented by considering a sample application that includes a database service provider (DBSP), which takes care of business database of its subscribers. The application also includes one or many database owners who want to host their database through DBSP, and one or more database users who are interested in using the data present in the database. The architecture
14
is modified by introducing shared objects and further by introducing mobile agents into it. An agent based information updating algorithm is proposed and implementation details are presented. The proposed approach is implemented in a testing environment and the performance enhancements in terms of scalability and security are analyzed. This model is presented as a generic model that may fit in various general-purpose applications.
Chapter 4 discusses the security and reliability problems introduced on using the agent technology. Mobile agent systems provide a great flexibility and customizability to distributed applications like e-business. Security is a crucial concern for such systems, especially when they are to be used to deal with money transactions. Mobile agents moving around the network are not safe, as the remote hosts that accommodate the agents can initiate all kinds of attacks and attempt to analyze the agents' decision logic, and agents' accumulated data. Hence mobile agent security is one of the most challenging problems that is unsolved. This chapter analyzes the security attacks to mobile agents by malicious hosts and proposes solutions based on public key authentication technique and cryptography to address some of these problems. RSA algorithm [54] is chosen for encryption and decryption of data for its well-developed historical background underneath.
An experimental application namely Shopping Consultant Agent System (SCAS) is designed and developed. SCAS is a web based multi agent e-business system that provides users with information on the products for sale in an electronic marketplace. Security model for agent based ebusiness application is implemented in two ways: using centralized key
15
server and using distributed key management techniques in the scenario that includes multiple marketplaces. In this second way, the centralized key server is removed and the key is managed within the agent platform itself. Security and performance of proposed models are also evaluated using simulation models. Performance model has been developed in order to tune the parameters of the execution environment to achieve the desired level of security and performance.
The agent based system fails due to many reasons like site failure, communication link failure, etc. The reliability problems of the agent based e-business system are analyzed and solutions specific to handle the agent platform failure are proposed. The types of solution proposed are based on two ways: forward echo by mobile agents, and periodic scan by the server that launches mobile agents. Forward echo ensures that before migrating, the mobile agent confirms whether the agent platform is currently active in the remote host. Periodic scan makes the server that launches mobile agent to check the entire remote nodes one by one whether the agent platform in each node is running or not. If not, the agent platform is started automatically. A theoretical reliability model is developed. The proposed solutions are implemented and performance gains achieved are analyzed using reliability metrics.
Chapter 5 concludes the thesis with the highlights of the work done. It also indicates future research directions.
16
CHAPTER 2
SCALING FOR E-BUSINESS – EXISTING TECHNOLOGIES AND PERFORMANCE ISSUES
2.1
INTRODUCTION
Electronic business (e-business) refers to the use of the Internet for doing business. E-business, as defined by IBM, is the use of Internet technologies to improve and transform key business processes. E-business is altering almost every aspect of how business is done – from the sourcing of raw materials and components, through production cycles and supply chain management to marketing, to sales and after-sales service. Relationships with customers and suppliers are being transformed with ebusiness altering the whole process of producing and delivering goods to market with maximum efficiency and effectiveness [65].
According to the nature of transaction, there are four main categories of e-business: Business-to-Business (B2B), Business-to-Customer (B2C), Customer-to-Business (C2B) and Customer-to-Customer (C2C). Other categories like Government to Business (G2B) and Government to Citizen (G2C) also exist, but most applications are currently either B2C or B2B. In detail, B2C refers to online retailing transactions with individual customers, where shoppers can conduct transactions through a company’s homepage.
17
B2B refers to the transactions where both sellers and buyers are business corporations. The importance of e-business to each business task or process can be looked at in terms of cost savings, speed of operation, quality, increased sales, improved decisions, and responsiveness to client needs [65]. The potential for increased sales, improved customer satisfaction, and reduced marketing and sales costs are the key business drivers [45] for ebusiness.
E-businesses are slowly integrating themselves into e-marketplaces, which are centralized trading hubs for conducting on-line trade between several sellers and buyers in e-commerce, to improve economic efficiency, reduce margins between price and cost and speed up complicated business deals [67]. An e-marketplace allows participating sellers and buyers to exchange goods and services with the support of information technology. Emarketplaces have three main functions: matching buyers and sellers, facilitating commercial transactions, and providing legal infrastructure [4].
Information technology permeates all these three functions and helps to increase market efficiency and reduce transaction costs. The interaction between participants is supported by e-trade processes [38] that are basically search, valuation, payment and settlement, logistics, and authentication. The Internet and the World Wide Web allow companies to efficiently implement these key trading processes.
18
2.2
E-BUSINESS REFERENCE ARCHITECTURE
The infrastructure of an e-business identifies the functionalities of the hardware and software components, specifies the corresponding service level requirements, and describes the management and operation of the whole system [74]. It is usually shared by many applications that rely on the components of the infrastructure to provide reliable and efficient services to customers. Commerce servers, transaction servers, database servers and web servers are typical software components used by e-business applications. Hardware components include standard pieces such as servers and networks as well as specialized hardware devices such as proxy servers, loadbalancing systems, firewalls, encrypt devices, and interactive voice response units.
2.2.1 E-Business Architecture
Reference architecture of a system describes its structure, its components and their inter-relationships. The architecture of e-business is the structure of the system which comprises the services provided by hardware and software components, the third-party services and the way services interact. This definition includes important issues such as the dynamics of the interaction among services, the notion of service providers and their properties in the context of e-business that involve many participants [74].
19
The architecture of e-business consists of two blocks of descriptors: functional and operational. The first one describes the structure, its components, their interactions and interfaces. The latter focuses on the operational view of the system consisting of the network topology, geographical locations and the application service levels expressed by performance, availability, and security requirements. The choice of optimal design depends on the metrics that will be used to evaluate the architecture and infrastructure. While the infrastructure describes and characterizes the main components that support an e-business, reference architecture covers not only the components but the way those components are structured and the way they interact with each other. In other words, an infrastructure model provides a static description of resources and services, whereas the architecture includes the dynamics of the system.
The architecture of an e-business system provides a framework for its evolution and for making decisions about the future, such as what technologies to adopt and when to change the system. E-business functions are implemented by various software entities called servers, which communicate with one another to implement the required function. These software servers run on machines interconnected through Local Area Networks (LANs) and sometimes Wide Area Networks (WANs). The Internet connects internal services and third party services. It also connects the clients of an e-business to the business. An e-business site is usually structured in layers to improve system functionality, performance, scalability, and reliability. Figure 2.1 shows the overall architecture [10] of
20
an e-business. It includes web servers, application servers and database servers organized in a multi-tiered fashion.
Figure 2.1 E-Business Reference Architecture
A component is a modular unit of functionality, accessed through defined interfaces. The role of main components of a typical infrastructure for e-business is given below.
2.2.2 Web server
A web server is a combination of a hardware platform, operating system, networking software and an HTTP server. Web server software, also known as HTTP server or HTTP daemon, is a set of programs that control
21
the flow of incoming and outgoing data on a computer connected to an intranet or to the Internet. The HTTP is an application-level protocol layered on top of TCP used in the communication between clients and servers on the web. HTTP defines a simple request-response interaction, which can be viewed as a web transaction. In the original version of the protocol HTTP 1.0, a new connection is established per request. In the version HTTP 1.1, also called persistent connection, one TCP connection may be used to carry multiple HTTP requests, eliminating the cost of many opens and closes. Basically, web server software listens for HTTP requests coming from clients over the network. The server program establishes the requested connection between itself and the client, sends the requested file, and returns to its listening function. To speed up the service, HTTP servers handle more than one request at a time. Usually, this is done in three different ways: by forking a copy of the HTTP process for each request, by multithreading HTTP program, or by spreading the request among the processes in the pool of running processes.
Latency and throughput are the two most important performance metrics for web servers. The rate at which HTTP requests are serviced represents the connection throughput. It is usually expressed in HTTP operations/sec. Due to the large variability in the size of the requested web objects, throughput is also measured in terms of Megabits per second (Mbps). The time required to complete a request is the latency at the server, which is a component of client response time. The average latency at the server is the average time for handling the request. Customer response time includes latency at the server plus the time spent communicating over the
22
network plus the processing time on the client machine (for eg, formatting the response). Hence customer-perceived performance depends on the server capacity and the network load and bandwidth as well as it depends on the capacity of client machine.
2.2.3 Application server
An application server is the software that handles all application operations such as online catalog, transaction processing, payment handling, tax and currency offerings, workflow automation and online ordering between browser-based customers and a company’s back-end databases. It receives clients’ requests, executes business logic and interacts with transaction servers and/or database servers. It has the following characteristics: • host
and
process
application
logic
written
in
different
programming languages • manage high volume of transaction with back-end database • compliant with all existing web standards including HTTP, HTML, CGI, NSAPI, ISAPI and Java • work with most of the popular web servers, browsers and databases.
Application servers can be implemented in many different ways such as CGI scripts, FastCGIs, server-applications and server-side scripts.
23
2.2.4 Transaction and Database Servers
A database server executes and manages transaction-processing applications. It can be a relational database system that supports stored procedures that can issue SQL requests to the database. A Transaction Processing monitor [6] comprises three major functions: • an application programming interface (API) • a set of program development tools and • a system to monitor and control the execution of transaction programs.
It provides a seamless environment that integrates all the components needed to execute transactions: database system, operating system, and communication system. The growth of e-business transactions over the Internet makes Transaction Processing monitors, a key component to guarantee performance, reliability and scalability. Apart from the above components, other important components of e-business infrastructure include mainframe and legacy systems, proxy servers, caches and Internet Service Providers.
2.3
PERFORMANCE ISSUES IN E-BUSINESS
E-business brings a set of challenges to Information Technology in which the most important issues are adequate site capacity, scalability, security, and fault-tolerance. In general, requirements imposed on these
24
basic technologies are numerous, as a result of the unique nature of ebusiness, which is characterized by distributed, autonomous and heterogeneous information sources, vast amounts of hypermedia data, a wide range of users’ specialties and abilities, and the need to support a range of business transactions [1]. The viability of e-business depends on the ability of the underlying system to offer timely and reliable services.
Performance problems may arise in many points of the Internet. They may occur at the end user because of obsolete system technology or due to the lack of bandwidth of the link to the Internet Service Provider (ISP). Inadequate server and network capacity may cause extra delays at the ISP. Excess of traffic may bring congestion and delays at backbone providers and finally, performance problems can be found at the e-business site.
To avoid losing sales and customers, e-business sites must be fast and reliable. Although bandwidth and server capacity have improved in recent years, response time continues to challenge system administrators and developers.
Complex
web-based
commerce
applications
and
the
unpredictable nature of traffic stress site performance and can cause response time degradation. The execution of a web transaction places demands on many site resources (eg. Servers, LANs, Databases) and sometimes demands information such as authorization and certification from other sites.
As computers become more pervasive, performance and availability problems tend to aggravate. Ubiquitous computing (Personal Digital
25
Assistants (PDA) and embedded computers in home appliances [20] attached to Internet) would add at least an order of magnitude to the number of traffic sources, and would change the characteristics and intensity of Internet traffic and hence the demands on e-business sites. Novel aspects introduced by e-business also bring challenges. For instance, everything on the web can be recorded: the transactions a customer made, the pages that were visited, the time spent on each one of the pages, and the banners clicked on and so on. This type of data allows a business to draw customer profiles and to customize services and products. To handle huge masses of data in real time and use them for improving business is also challenging. All these factors together compound the performance issue in e-business applications, and demand techniques and tools to analyze and understand system behavior. Understanding the impact of these changes in terms of customer behavior, workload characteristics and system performance is challenging.
At the business level, challenges involve legal, taxation, pricing and privacy issues. At the customer behavior level, it would be necessary to develop techniques and paradigms that enhance the customer’s shopping experience. Recommender systems [60] would have to be perfected to provide customized and personalized guidance to online shoppers. Software agents [41] are acting on the consumer’s behalf to locate items in their profiles, and find the sites that offer the best conditions in terms of price, delivery time, and return policy. Voice user interfaces allow people to interact with e-business sites hands-free.
26
The challenges and innovations atthe business and customer behavior level have created significant challenges at the resource level. The proliferation of broadband Internet connections to the home through cable modems or DSL lines, allows for new types of services and products to be offered, especially in the entertainment business. The consequence is an increasing demand on e-business sites to deliver more throughputs in terms of bits/sec. Also, e-business traffic is increasing at exponential rates. As the number of Internet-ready mobile devices increases, an even higher number of people shop online. As software agents proliferate, e-business sites would see their capacity stretched to the limit. The access flexibility given by voice user interfaces is bound to increase the number of accesses to e-business sites.
Society has been demanding more security in e-business. Security also puts a heavy demand on the computing resources of a site. All of these factors mean one thing: e-business sites are in for a tremendous increase in traffic and demand. E-business sites need to be scalable. Their capacity needs to be planned to face changes in the workload, new functionality, and new business models.
It has been observed through measurements and analytic modeling [10] that the throughput of e-business sites can be significantly reduced when authentication operations are performed. One of the most popular authentication protocols is Secure Sockets Layer (SSL), which is being superseded by the Transport Layer Security (TLS) protocol. TLS is essentially similar to SSL version 3 and is now an Internet Engineering Task
27
Force (IETF) standard. TLS has two phases: a handshake phase and a data transmission phase. During the handshake phase, client and servers authenticate to one another. Client authentication to the server is optional. Public-key encryption is used during this phase to exchange secrets to be used to generate a secret key. The secret key is used in the data transfer phase, which uses symmetric key encryption. The performance impacts of the handshake phase are due to several message exchanges that add several Round Trip Times’ (RTT) and additional processing at client and server (especially for Public-Key encryption). During the data transfer phase, additional
delays
are
due
to
the
processing
load
involved
in
encryption/decryption and compression/decompression. Apart from these authentication protocols, payment protocols like Secure Electronic Transmission (SET) also places significant impact on the performance of ebusiness.
2.3.1 Scalability
One of the challenges in designing and maintaining e-business sites is to ensure its scalability as the workload increases [13].
Due to the
unpredictable traffic and behavior of online customers, scalability is a key issue for e-business systems. Customers expect web stores to work properly and to be easy to use. The infrastructure of e-business should be designed so that information services scale with demand. An e-business infrastructure is said to be scalable when it provides adequate service levels even when the workload increases above expected levels.
28
Scalability problems in e-business tend to escalate for many reasons. The first is the proliferation of mobile devices such as Personal Digital Assistants (PDAs) that offer wireless web access. The same is true for cell phones that are already starting to offer web access. The reliability, security, and speed of these connections have been increased dramatically in the near past, as third generation cellular technologies such as Code Division Multiple Access (CDMA) become more widely used. What this means is that many people would be interacting with e-business sites even when they are away from their desktops. It is estimated that CDMA-based wireless services would enable millions of people to access multimedia content anytime, anywhere. The second factor is the development of easier to use interfaces based on speech recognition. In addition, local access technologies like Universal Mobile Telecommunications System (UMTS), Cable Modems, Digital Subscriber Lines (DSL), and novel interfaces (Voice User Interface) would change workloads arriving from traditional end systems. Again, these new technologies make web access more ubiquitous and increase traffic to web and correspondingly to e-business sites.
In e-business, there are no explicit Service Level Agreements. Customers of an online store do not meet managers of the store to reach an agreement on how long they are willing to wait for the execution of each function. When the time to download a web page exceeds eight seconds, customers tend to become very frustrated. This de-facto standard on web page download is called the “eight-second rule” (http://www.sun.java.com). Clearly, customers may be willing to wait longer for some type of pages than others. For instance, while customers may abort a search after waiting
29
for its result for more than eight seconds, they may be willing to wait 20 or even 30 seconds for a page that confirms a payment made by credit card.
Another factor to consider is the increased load to be placed on ebusiness sites by software agents that would buy and sell on behalf of customers. These agents roam the web, looking for items in the profile of the customer, and negotiate with merchant agents on issues ranging from price, delivery time, and shipping and handling options. Software agents free customers from having to search and compare the available options.
Therefore, an e-business solution has to scale to a heavily varying amount of users, with only a few assumptions about the customers’ behavior at the marketplace, such as interaction time with the site, page request rate, or the ratio between dynamic or static content. E-business applications have to face two main goals in the context of scalability: the scalability within peak times and the scalability for an overall increasing number of users. They have to focus on two approaches for reaching these goals: on one side software scalability and on the other, hardware scalability. The system resources namely software components and hardware facilities have to be extended, to adapt to every possible amount of users. The scalability hits all application layers and they should provide scalable access to the system by using server clusters and a high-scaling database product. Distributed components, services and software servers support the software scalability. The hardware scalability is reached through hardware server cluster and the network management for the hosts of a cluster and their interaction. Finally,
30
load balancing mechanisms (hardware and software) can improve scalability of e-business solutions.
2.3.2 Security
E-business has to offer an encryption mechanism such as SSL for transmission security, meaning securing the whole external communication between clients and the system. This communication covers simple HTTP requests as well as mobile agents migrating through the web. A firewall should keep the system safe from external attacks, which in addition is supported by implementing only specific defined access points to the system for both mobile agents (special gateway agent server) and HTTP requests (Web Server). The internal communication also should be secured for preventing someone, who has passed the outer security barriers, from emulating internal communication. Therefore, internal secret keys should be exchanged between all servers. This is very important for the agent to access application server services.
Additionally, the database access should also be secured with special logins and passwords; every server owns a unique one. As it is possible for the internal servers to hide the storage place of internal passwords and keys, this brings a high degree of security. For ensuring correctness of specific user information and data within the e-business, users should be able to communicate with the system only after a correct login. Every access to the business should be secured for both, agents and users, with logging mechanisms. This is additionally supported with authorization mechanisms
31
and permission and role concepts for different actors (agents and users). According to a role an actor plays, it is able to invoke services and to access or change information on the e-business.
Security vulnerabilities have been discovered in database servers present in the e-business environment. These vulnerabilities may allow a knowledgeable and malicious user to execute unauthorized procedures or SQL queries inside the database. An unauthenticated user with browser access to a web server hosting the e-business application can exploit the database. The risk to exposure to business database is high, as any user with browser access and specialized knowledge can exploit these vulnerabilities.
Another important point is the prevention from misuse of user sessions. Therefore, concepts are needed for ensuring that no user can use session information of any other user. For example, if a user interacts with the e-business via a web browser and terminates the session, it is not allowed that any user specific sensitive data can be reproduced with the web browser history or cookies. Halted sessions, those are incorrectly broken up and not active since a certain time period has to be deleted, so that no actor, agent or user, can apply session specific information of another user.
Finally, for the agent technology, special security requirements exist, because mobile agents are some kind of external code executed on the ebusiness site’s agent server. Since fewer assumptions on the trust of mobile agents can be made, it is important to increase knowledge about agents and their owners and to limit the resources that can be used by the agents.
32
Therefore, Java offers a lot of built-in mechanisms such as Java Sandbox, bytecode verification, code signing, custom class loaders, and security managers. With these techniques it should be possible to realize an agentspecific authentication and authorization model, securing the mobile agent execution. On the other side, the e-business should offer mechanisms for saving the agent from malicious access and change from agent servers. External agent servers must prevent mobile agents from interception and manipulation.
2.3.3 Reliability, Availability and Maintainability
With the e-business solution, the business logic should be separated in a special layer within an n-tier application, so that all other parts of the system are forced to consistently use this one instance through performing the business operations every time exactly the same way. Every user interacts with the system via sessions. All the information and data that the user has used within the session, have to be managed in a way that they are consistent and available. All transactions, performed during a session, have to be persistently stored for recoverability in error case to ensure transactional and database integrity.
A session failover mechanism for
ensuring that all sessions will be completed correctly with consistent session data has to be implemented to withstand power outages and hardware or software errors. This mechanism should also ensure that in case of a server failure or down, another server can complete active sessions. Client requests to unavailable or unresponsive components will automatically fall over to an available component, in a way that is transparent to the requester. This
33
mechanism should also give the ability that if an access point to the marketplace fails, another access point can route requests to the correct servers with the active sessions.
E-business must ensure transaction-based processing within sessions and even over multiple integrated resources (database and integrated legacy systems). It should guarantee the ACID (Atomicity, Consistency, Isolation and Durability) properties and reliability, normally expected only from databases. This correct processing is needed, because business-related transactions are very sensitive.
Availability is one of the main service level goals of any e-business. Low availability can cost an e-business lost revenue, reduced market share, and bad publicity.
High availability can be achieved by infrastructure
reliability and software robustness. Geographically separate sites with multiple levels at each site, multiple machines at each level, load balancing mechanism and redundant network are the starting points toward high availability. Permanent system monitoring and measurement procedures can anticipate problems and enhance availability.
E-business must be available round the clock on 365 days a year, because they are designed for business transaction. This means that, every lost minute means lost money. Therefore, the system should support multiple redundant facilities for each of the three application layers. Each component (software or hardware) should exist at least twice. This induces multiple access points to the business such as Web Server cluster, multiple
34
application servers, distributed business components for redundant business logic, and even multiple databases. This proceeding enables the e-business two features: through clusters, single points of failures were prevented, because if one server or component fails another can take over. On the other side, it opens the ability for maintaining parts of the system, while other parts are active. Thus, the components to be maintained can be switched off and substituted with other active parts.
In demanding environments such as e-business, the cost of maintenance and administration is very high and can vary from two to twelve times the hardware cost. Such maintenance costs associated with corresponding downtime periods are incompatible with the very nature of applications on the Internet, which are used by millions of customers around the world. The key concept in maintainability is the ease of replacing or upgrading software and hardware components. In the web, online companies have to be able to replace and upgrade components of their infrastructure without disrupting customer services.
When agents are deployed in an e-business environment, then like other distributed systems, this agent based e-business system may have to face a new challenge, namely failure of the agent server. If the agent sent is residing on the host with the failing agent server, the agent is lost, and any query result carried by the agent will also be lost. Persistence of agents is an issue specific to the mobile agent system. However, there is not much new challenge, and existing techniques like logging, check-pointing and transaction processing may be directly applied. However, if the failing site is
35
one of the destinations of the agent, then the sending server would erase the copy of the agent on the original host, even though a new copy of the agent is not created on the receiving host due to failure of the agent server. In this case, the agent must reroute its itinerary, which is again a challenge to be faced by the e-business systems.
2.3.4 Extensibility and Flexibility
The first point is to use flexible three-tier architecture for ensuring good maintainability, and separated advancement of components of a single tier independently from other tiers. The separation of presentation, business, and database tier offers flexible capabilities for adapting the system to newer performance, scalability, and availability requirements. The e-business system should be built using as many standards as possible, for providing clearly defined interfaces and mechanisms for flexible and easy further development.
Another requirement is a flexible extension of the system’s business logic or the extension and adoption of the presentation logic according to requirements of specific projects. On one side, it must be possible to implement new business logic and components in short time. The new business logic has to be integrated with the existing business logic. On the other side, third-party software solutions have to be integrated easily with ebusiness participant’s ERP systems as well as applications of service providers. Therefore, the e-business solution should offer sophisticated APIs and tools for easy designing of new business processes, deploying and
36
generating code as well as for adopting presentation logic of the business for a complete integration. Regarding the presentation of e-business, it should provide capabilities for accessing the business from different client devices such as GUI, web browser or portable mobile devices.
Last point is the integration of mechanisms for flexible data exchange with the e-business using standards or the integration of e-business solution with other applications. Therefore, the system has to offer APIs and tools for ensuring exchanging capabilities flexibly via many different data and exchange formats. Also, the system has to offer facilities to integrate new data exchange or communication techniques with the system.
2.4
AGENT TECHNOLOGY AND JADE An agent is a software program that functions continuously and
autonomously on behalf of its owner to achieve particular objectives in a particular environment, often inhabited by other agents and processes [63]. The requirement for continuity and autonomy requires that an agent be able to carry out activities in a flexible and intelligent manner that is responsive to changes in the environment, without requiring constant human guidance or intervention.
2.4.1 Software Agents Consistent with the requirements of a particular problem, each agent might possess to a greater or lesser degree of attributes like the ones enumerated by Etzioni and Weld [19]:
37
• Reactivity: the ability to selectively sense and act • Autonomy: goal-directedness, proactive and self-starting behavior • Collaborative behavior: can work in concert with other agents to achieve a common goal • Communication ability: the ability to communicate with persons and other agents with language more resembling human-like “speech acts” than typical symbol-level program-to-program protocols • Inferential capability: can act on abstract task specification using prior knowledge of general goals and preferred methods to achieve flexibility, can go beyond the information given and may have explicit models of self, user, situation and/or other agents • Temporal continuity: persistence of identity and state over long periods of time • Personality: the capability of manifesting the attributes of a “believable” character such as emotion • Adaptivity: being able to learn and improve with experience • Mobility: being able to migrate in a self-directed way from one host platform to another.
Nwana [49] classifies agents into seven categories: collaborative agents, interface agents, mobile agents, information/Internet agents, reactive agents, hybrid agents, and smart agents. Software agent researchers [7] have identified a number of potential benefits of agents that are listed below:
38
• Reduction of network load • Reduction of network latency • Easy encapsulation of protocols • Asynchronous and autonomous execution • Dynamic adaptation • Network fault tolerance.
2.4.2 Agent Platform Reference Architecture
JADE (Java Agent Development Framework) is a software development framework aimed at developing multi-agent systems and applications conforming to FIPA (Federation for Intelligent Physical Agents) standards for intelligent agents. It includes two main products: a FIPA-compliant agent platform and a package to develop Java agents. JADE is written in Java language and is made of various Java packages, giving application programmers both ready-made pieces of functionality and abstract interfaces for custom application dependent tasks. Java was the programming language of choice because of its many attractive features, particularly as it is geared towards object-oriented programming in distributed heterogeneous environments. Some of these features are Object Serialization, Reflection API and Remote Method Invocation (RMI).
Following is the list of features [21] that JADE offers to the agent programmer: • Distributed agent platform - The agent platform can be split among several hosts (provided they can be connected via RMI). Only one
39
Java application, and therefore only one Java Virtual Machine is executed on each host. Agents are implemented as Java threads and live within Agent Containers that provide the runtime support to agent execution. • Graphical User Interface to manage several agents and Agent Containers from a remote host. • Debugging tools to help in developing multi-agent applications based on JADE. • Intra-platform agent mobility, including transfer of both the state and the code (when necessary) of the agent. • Support to the execution of multiple, parallel and concurrent agent activities via the behaviour model. JADE schedules the agent behaviours in a non-preemptive fashion. • FIPA-compliant Agent Platform, which includes the AMS (Agent Management System), the DF (Directory Facilitator), and the ACC (Agent Communication Channel). All these three components are automatically activated at the agent platform start-up. • Many FIPA-compliant DFs can be started at run time in order to implement multi-domain applications, where a domain is a logical set of agents, whose services are advertised through a common facilitator. Each DF inherits a Graphical User Interface (GUI) and all the standard capabilities defined by FIPA (i.e. capability of
40
registering, deregistering, modifying and searching for agent descriptions, and capability of federating within a network of DF's). • Efficient transport of ACL (Agent Communication Language) messages inside the same agent platform. In fact, messages are transferred as encoded Java objects rather than strings, in order to avoid marshalling and un-marshalling procedures. When crossing platform boundaries, the message is automatically converted to/from the FIPA compliant syntax, encoding and transport protocol. This conversion is transparent to the agent implementers that only need to deal with Java objects. • Library of FIPA interaction protocols ready to be used. • Automatic registration and de-registration of agents with the AMS. • FIPA-compliant naming service: at start-up, agents obtain their GUID (Globally Unique Identifier) from the platform. • Support for application-defined content languages and ontologies. • In-Process Interface to allow external applications to launch autonomous agents.
JADE fully complies with the reference architecture specified by FIPA. When a JADE platform is launched, the AMS and DF are immediately created and the ACC module is set to allow message communication. The standard model of an agent platform, as defined by FIPA [21] is represented in Figure 2.2.
41
The Agent Management System (AMS) is the agent, which exerts supervisory control over access to and use of the Agent Platform. Only one AMS exists in a single platform. The AMS provides white-page and lifecycle services, maintaining a directory of agent identifiers (AID) and agent state. Each agent must register with an AMS in order to get a valid AID. The Directory Facilitator (DF) is the agent, which provides the default yellow pages service in the platform. The Message Transport System, also called Agent Communication Channel (ACC), is the software component controlling all the message exchanges within the platform, including messages to/from remote platforms.
Figure 2.2 FIPA Agent Platform Reference Architecture
The JADE platform can be split on several hosts with one of them acting as a front end for management and inter-platform communication. Figure 2.3 shows the JADE agent platform distributed over several
42
containers [21]. The front end is known as the Main Container. It has the supervisory control over the JADE platform. Only one Java application, and therefore only one Java Virtual Machine (JVM), is executed on each host. Each JVM is a basic container of agents that provides a complete run time environment for agent execution and allows several agents to concurrently execute on the same host. The Main Container or front-end, is the agent container where the AMS and DF lives. The RMI registry that is used internally by JADE is also created in the Main Container. The other agent containers, instead, connect to the Main Container and provide a complete run-time environment for the execution of any set of JADE agents.
Figure 2.3 JADE Agent Platform Distributed over Several Containers
43
A JADE agent can be in one of several states, according to Agent Platform Life Cycle in FIPA specification as represented in Figure 2.4.
Figure 2.4 Agent Life-cycle as Defined by FIPA
The states of agent are detailed below: • INITIATED: the Agent object is built, but has not registered itself yet with the AMS, has neither a name nor an address and cannot communicate with other agents. • ACTIVE: the Agent object is registered with the AMS; it has a regular name and address, and can access all of the various JADE features. • SUSPENDED: the Agent object is currently stopped. Its internal thread is suspended and no agent behaviour is being executed.
44
• WAITING: the Agent object is blocked, waiting for something. Its internal thread is sleeping on a Java monitor and will wake up when some condition is met (typically when a message arrives). • DELETED: the Agent is definitely dead. The internal thread has terminated its execution and the Agent is no more registered with the AMS. • TRANSIT: a mobile agent enters this state while it is migrating to the new location. The system continues to buffer messages that will then be sent to its new location.
2.5
AGENT BASED MODELS IN E-BUSINESS
This section surveys and analyses the state of the art agent mediated ebusiness, concentrating particularly on the Business-to-Consumer (B2C) and Business-to-Business (B2B) aspects. B2C refers to online retailing transactions with individual customers, where shoppers can conduct transactions through a company’s homepage. From the consumer buying behavior perspective, agents are being used in the activities like need identification, product brokering, buyer coalition formation, merchant brokering, and negotiation. B2B refers to the transactions where both sellers and buyers are business corporations. The role of agents in B2B is partnership formation, brokering, and negotiation.
E-business offers opportunities to significantly improve the way that businesses interact with both their customers and their suppliers. In order to
45
harness the full potential of this new mode of business, a broad range of issues related to security, trust, payment mechanisms, advertising, logistics, and back office management [55] are to be addressed. By increasing the degree of automation, this becomes much more dynamic, personalized and context sensitive, and can be beneficial to the actors like buyers and sellers that are involved in e-business transactions. To achieve this automation and move to second generation e-business applications, as software agents have become very popular in the web, a new model of software based upon the notion of interacting agents [36] is much needed. Literature shows a number of reviews of agent mediated e-business, where the agents have been deployed successfully for the automation of various phases of an e-business system [27, 40].
2.5.1 Agents in B2C E-Business
B2C e-business is more widespread for its convenience and its ability to offer a quick response to requests and also as more products/services become available [33]. To enhance and improve the trading experience, agents can act as mediators in various stages of B2C e-business.
In need identification stage, an agent can help the customer to recognize a need for some product. For this, it needs the user profile, which can be obtained in various ways like observing the user’s behavior, through direct elicitation or through inductive logic programming techniques [17]. For example, In Amazon Delivers (http://www.amazon.com), the latest
46
reviews of exceptional new titles in categories that interest the user are sent automatically.
Product brokering stage can involve an agent determining what product to buy to satisfy the need. The main techniques used are featurebased
filtering,
collaborative
filtering
based
on
personalized
recommendations (http://www.netperceptions.com) [61] and constraintbased filtering (http://www.ebay.com). In Buyer Coalition Formation stage, a group of agents representing buyers can be made to co-operate with each other by forming a group in order to achieve a common task [62] of approaching the merchant with a larger order. Yamamoto and Sycara [71] have proposed a buyer coalition formation scheme, in which buyer agents specify multiple items in a category and their valuation of these items. The group leader agent is then responsible for dividing the group into coalitions, and calculating the surplus division among the buyers. A buyer coalition model is viewed in [69] which is composed of different stages like negotiation, leader election, coalition formation, payment collection and execution. In both the cases, it is essential to have a trustworthy and reliable agent that will collect the buyer’s information, divide the agents into coalitions, and negotiate with sellers.
Merchant Brokering stage involves the agent finding an appropriate merchant to purchase the item from. Priceline (http://www.priceline.com) is an example for single attribute (price) merchant brokering that launches agents to get the prices of specified items from a set of sellers from which
47
the seller who offers the lowest price is selected to do the purchase proceedings. Agents can be used to consider multiple attributes like delivery time and warranty, in addition to price as a single attribute. This kind of multi-attribute comparison is made using “virtual scorecards” that includes the key factors like reliability, responsiveness, and environmental friendliness etc. The suppliers are evaluated based on the weighted score of these individual components and is implemented in Frictionless Sourcing (http://www.frictionless.com).
As dynamic pricing and personalization of offers have become the norm for many goods and customers, negotiation capabilities are essential for e-business systems [5]. In this stage, software agents can be engaged in preparing bids and evaluating offers on behalf of the parties they represent with the aim of obtaining maximum benefit for their users [34]. They do negotiations according to some negotiation strategy based on predefined negotiation protocols. In a particular auction setting, it has been shown that agents outperform their human counterparts [15]. Some of the popular auction web sites like, eBay and AuctionBot have implemented this strategy.
2.5.2 Agents in B2B E-Business
In B2B e-business, relationships between organizations are more complex than in B2C, since they involve the adoption of similar standards with respect to communications and collaboration, as well as jointinformation technology investment. Here agents are most useful in the
48
partnership formation, brokering, and negotiation stages because these stages all involve complex issues related to decision making, searching, and matchmaking that agents are well suited to. Currently, agents are not used in the contract formation stage, but it is widely believed that they have the potential to be involved in this activity.
A company can search for its partners worldwide using information technology available today and can make partnerships much more agile and fluid. This process may include a Virtual Enterprise (VE), which is composed of a number of autonomous entities that need to interact with one another in flexible ways and hence agent technology is a natural underpinning model [52]. In more detail, the formation of a VE involves a selection process based on a number of variables such as organizational fit, technological capabilities, relationship development, quality, price and speed [59]. Thus, different types of functional agents can assist in the process of collaboration, negotiation, and for the efficient functioning of the VE. A multi-agent control system is proposed by Martinez et al. [42] for this purpose that involves different types of agents like product agents, activity agents and resource agents that act together to achieve the overall aims of the VE.
A Supply Chain is used to coordinate the activities of the organizations involved in order to ensure that products pass through the chain in the shortest time and at the lowest cost. The various components of the supply chain can be viewed as autonomous stakeholders and these
49
various stakeholders need to interact in flexible ways. Thus an agent based approach is well suited to this domain [35]. In particular, agents can be used to execute the scheduling, negotiate about product prices, and share data between companies [24]. In this end, various agent based models have been developed and reported [70].
Brokering in B2B typically involves repeated transactions and large volumes. With the expansion of the Internet, it is becoming more expensive and more difficult to navigate in order to find the necessary information on companies and their offerings. Given the difficulty and value, a common way of obtaining this information for companies in B2B e-commerce is through some form of information broker [28] that acts as an intermediary between the buyers and sellers. Here, a broker can be an agent or a multiagent system. The functions offered by a broker may include information retrieval and processing, maintenance of a self-learning information repository about the user, profiling of users, monitoring for items of interest to the users, filtering of information, intelligent prediction of user requirements, commercial negotiation, collaboration, and protection from intrusion [23]. Negotiation in B2B is similar to negotiation in B2C; however the most popular means of negotiation in B2B is through auctions and contracting. An agent can act on behalf of a buyer or a seller.
The literature survey described in this section can be used to conclude that much of previous work in this area focuses on the functional part of ebusiness systems. It views the application of agents in this domain from
50
either buyer’s or seller’s perspective. The human user’s work processes that represent e-business functions are very much automated by using this new technology.
In the following sections, some of the languages that are involved in supporting interactions among agents and some of the development tools and platforms for agent based e-business systems are discussed. Also, the trust issues involved in agent based e-business are given an overview. A complete survey on these issues can be found in [47, 50].
2.5.3 Interaction Languages and Protocols
Many of the today’s web applications use XML (eXtensible Markup Language) to code the information and services in meaningful structures that agents can easily understand and process. XML can be widely accepted only if the ontology problem [30] is solved, so that the tagged data in XML can be semantically consistent. In e-business domain, the ebXML (electronic business eXtensible Markup Language) is based on international standards and aims to provide an XML-based open technical framework enabling data exchange for B2B and B2C e-business. There are a number of other XMLbased specifications for domain-specific commerce languages also available. In agent field, the interactions between agents are often enacted via an Agent Communication Language (ACL) that is often based on speech act theory. The most common ACLs are FIPA ACL [51] and Knowledge Query Manipulation Language (KQML) [22].
51
2.5.4 Development Tools, Technologies, and Platforms
There are many general purpose agent development toolkits available today. Some of the mobile agent platforms are: ASDK (Aglets Software Developer Kit), which was developed at the IBM Research Laboratory in Japan, APRIL (Agent PRocess Interaction Language), which is a processoriented language especially designed for implementing intelligent network applications, D’Agents platform, which is a modified version of the Tool Command Language interpreter (TCL), that aims at providing a basic support for mobility, Grasshopper, which is the first available mobile agent platform, that is compliant to the MASIF and FIPA standards and Voyager, which is a Java-based and agent-enhanced Object Request Broker (ORB) developed by Recursion Software Inc.
AuctionBot is a multipurpose Internet auction server that can be used to create automated auctions based on users’ specifications. eMediator, eCommitter, eExchangeHouse and FishMarket are some of the agent based negotiation
servers.
Agent
development
platforms
include
Agent
Development Kit (ADK), a java based e-commerce, data warehouse and workflow management applications environment. E-piphany E.5 provides an environment for agent based customer relationship management. Lost Wax e-commerce Platform supports buyers and sellers in both public and private trading environments, and the agent based modules can represent different trading mechanisms. The living markets platform is an agent based product for real-time optimization of processes in business products.
52
2.5.5 Challenges in Agent Based Systems
Though a number of agent based deployments have already been made, still there are a number of major research challenges that need to be overcome before the full potential of agent based e-business can be met. These challenges include: • Personalization problem – techniques are to be found to acquire user information in a non-obtrusive manner that does not overly burden the user in order to work as a personal assistant to the user • Semantic Interaction problem – making the agents to interact with one another in a meaningful and sophisticated manner • Discovery problem – difficulty of putting the relevant agents in contact with one another due to the dynamic nature of agent based e-business • Interaction problem – need of better models for more complex forms of auctions and negotiations • Trust problem – agents need to clearly understand the limit of their responsibility and to act efficiently and safely within these bounds.
2.5.5.1 Security Issues In addition to security issues like authentication, confidentiality, integrity, availability, and non-repudiation that are common to all e-business applications [55], the issue of trust becomes particularly important when the 53
agent-mediated variety of e-business is considered. This is because software agents have increased degrees of autonomy and also as they engage in flexible interactions that are not necessarily foreseen at design time. The security of agent systems is twofold: • Agent security that deals with the protection of agents against malicious hosts and other agents – this is because the host has complete control over the agent • Host security that deals with the protection of hosts against malicious agents or other hosts – this is because the host cannot be assured about the reliability of source of an agent.
2.5.5.2 Reliability Issues Agents travel in the distributed environment from system to system to complete the tasks assigned to them. For successful completion of the tasks, the receiving system should have the necessary execution environment that includes the agent platform. If the agent system fails, then the agent may be lost or may be starving for the failed agent system to boot up depending on the design of the agent. These security and reliability issues concerned with agent technology have to be addressed in order to the successful deployment of agents in e-business systems.
2.6 CONCLUSION
This chapter presents fundamental knowledge about e-business, an architectural view of e-business platform, and existing technologies in terms
54
of hardware and software. Also, various challenges faced by e-business sites in today’s scenario are discussed in detail. Among these challenges, the most crucial issues are: scalability, security, and reliability. A brief introduction to agents, their properties and the benefits offered by them is also given. An architectural view of JADE, as an agent development platform is also presented. The agent based e-business models namely the applications of agents in e-business domain is surveyed and studied. The technologies that support agents’ application are also given a glance. The hurdles for the applicability of agents in e-business domain are identified. Based on the detailed survey presented in this chapter, the research opportunities are identified as follows: • Scalability Enhancements can be done in the web server of an e-business environment by using agents • Database security can be enhanced in the e-business environment through agents • Simple security models can be developed for agent based ebusiness applications • Reliability measures of agent platform can also be enhanced.
The roadmap for the research work is laid out from the conclusions arrived out of this chapter. Detailed design and implementation are presented in chapters 3 and 4.
55
CHAPTER 3
ENHANCED SCALABLE AND SECURE MODELS FOR ENTERPRISE APPLICATIONS
3.1 INTRODUCTION
Performance and scalability issues are gaining importance in designing and maintaining e-business sites to ensure their scalability as the workload increases. Web server architecture and software contention can significantly affect web server performance in such complex systems. Agent based architecture is proposed in this chapter to exploit the benefits of software agents for improving the scalability of web server that manages user sessions in an e-business system. Each connection pool thread in the web server is used to create an agent, and a single agent is used to manage the sessions of multiple clients. It improves the scalability as more number of clients can be served, and improves the performance as the web server software resources like connection threads are used to the maximum extent. The proposed model is implemented with and without agents and the impact on system performance and scalability are evaluated through simulation.
E-business must be highly secured and scalable to provide efficient services to millions of clients on the web. While the agents are proposed to improve scalability, the concept of shared object is introduced to improve
56
the security of web applications. The shared object is used not only to improve the security, but also to enable synchronized and reliable communication between server side applications. The e-business site uses shared objects and mobile agents to update the clients automatically with new information. The agent that resides in the database server is informed about the new information by triggering a function. Then the agent updates the shared object, which is accessed by another agent that sends the information to the clients. This approach improves security, as clients are not aware of the location of central database, and makes e-business more scalable by deploying mobile agents. The shared object is designed in such a way that it synchronizes the data transfer between agents. Proposed approach is implemented in a testing environment and the performance is analyzed.
3.2
AGENT BASED ARCHITECTURE FOR SCALABLE WEB SERVERS
E-business applications are based on highly distributed multi-tiered architectures comprising multiple components deployed in a heterogeneous environment. Performance problems in e-business tend to escalate as the Internet traffic is growing day-by-day with the advancement of technologies like CDMA, PDA and mobile phones with their high speed wireless access. In this section, agent based architecture is proposed that is aimed at improving the scalability and performance of web servers.
57
3.2.1
Web Server Architecture
The web server is an application that handles requests from the web browsers. It delivers web pages to the browser over the network. A web server’s software architecture can affect the performance of an e-business application significantly. Based on the processing model that describes the type of process or threading model used to support a web server operation, the web server architecture can be classified as process-based, thread-based or a hybrid of the two [12].
Software architectures on process-based model consist of multiple single-threaded processes, each of which handles one request at a time. This has an advantage of stability, but performance is affected due to the overhead involved in the creation and destruction of processes, that is related to memory management. In a thread-based architecture, a server consists of a single multi-threaded process and each thread handles one request at a time. The overhead is smaller in this case as all the threads share the same memory, but this model has lesser stability, since a single malfunctioning thread can bring down the entire web server. Hybrid model consists of multiple multi-threaded processes, with each thread of any process handling one request at a time. This model combines the advantages of both models and reduces the disadvantages, since malfunctioning of one thread halts only the process in which it is present, while all the other threads in other processes continue to execute. Apache implements all these approaches in its different versions of implementation.
58
3.2.2
Existing Web Server Architecture for Session Management
Existing thread based architecture [12] is considered to analyze the performance of proposed agent based architecture. The web server has a pool of connection threads. The number of connection threads is fixed and the clients are served through these connection threads. The number of connection threads limits the number of clients that can be served simultaneously. The maximum capacity is limited by the number of connection threads available in the connection pool. The client is served only if there is a free thread available in the connection pool and then the thread will be allocated for the client to manage the session of the client.
A session is defined as a sequence of related requests made by the customer during a single visit to the site. Once a client is allocated with a thread, the requests will be processed interactively till the session is over. If there is no free thread available in the connection pool when a client makes a connection request, the client is made to wait in queue till a thread becomes free. If the client migrates to another site by following a link in the site, then the allocated thread will be blocked and no new client can be served through the thread even the connection thread is not used actively. The thread is blocked till garbage collected or till the session time-out period. The web server cannot use these blocked threads to serve new clients resulting in poor utilization of software resources. Also, new connection thread for the migrated client is created at the site where the client has migrated.
59
Normally, the server tracks each client’s session by means of cookies or redirected URLs. When a client enters another site by following a link, another session will be created in the second site, leaving the session/thread running in the first site. If the client does not come back to the first site again, the thread allotted for the client is invalid and the Garbage Collector has to handle it when the thread is no longer used. Thus, running threads of clients who have left to other sites wastes the server resources. This may lead to the rejection of other potential clients trying to connect to the site.
The existing web server architecture [12] for session management is represented in Figure 3.1. It shows an e-business site with a web server and a database server. The functions of main components comprising the architecture are discussed below: • The Client Browser provides user with the interface to the ebusiness site. It accepts user requests, sends them to the site, and displays the results that have been returned. • The E-Business Site has a Web Server and a Database Server. For simplicity, the Application Server is assumed to be in the Web Server. The site is a part of an Electronic Marketplace where a number of organizations registers themselves as participants to improve their business. • The Web Server serves clients by sending them the requested information. The requests from the clients are placed in a queue.
60
The web server has a pool of connection threads and these threads are used to serve the clients.
Figure 3.1 Existing Web Server Architecture for Session Management
The clients entering the site are placed in the queue waiting for the service of Web Server. The Web Server takes the clients’ requests one by one from the queue, finds a free thread in the pool and allocates that thread to the client in order to serve the client. If there are no free threads, the clients are made to wait in the queue itself until a thread becomes free. If the number of clients connected to the site exceeds the threshold value (could be the total number of connection threads available in the connection pool), the client experiences a long delay in the response, or the client may not be able 61
to contact the server. This is a kind of software contention, which may lead to the loss of potential clients and associated profit.
Scalability is a critical issue for e-business systems. An e-business infrastructure is said to be scalable when it provides adequate service levels even when the workload increases above expected levels. According to Gray [18], sites grow in two different ways, namely scaling up and scaling out. The former is achieved by replacing existing servers with larger servers. The latter implies in adding more servers to the site. This thesis proposes agent based architecture that does not use scaling up or scaling out approaches. The proposed architecture exploits the potential benefits of agent technology by deploying agents to serve the clients of e-business in order to utilize the software resources of web servers to a better level, thereby achieving scalability and performance enhancements.
3.2.3
Proposed Agent Based Architecture for Session Management
Agents are dynamic [39]. They can be used to monitor remote machines and hence the execution details of users who have left with the site can be monitored, by deploying a mobile agent with the client when the client leaves the site. Agents can perform this kind of monitoring activity by means of suspending and resuming its execution from one machine and other machine, but this kind of execution is not possible with other existing technologies like objects. Hence, simpler software solutions like object technology are not suitable in this direction of work. This thesis decouples the monitoring activities from the session management activity, and the
62
design and analysis is focused on the session management part. Agents have been deployed only for session management, but it can be used for other purposes as per the requirements of applications.
Agents are deployed to manage the client sessions. As an agent is internally represented as a thread, each connection thread from the connection pool can be used to create an agent. Each agent can be made to manage the sessions of a number of clients. When a client enters a site, an agent namely ManagerAgent is allocated for the client and that agent takes care of the session of the client till the client leaves the site or till the session is over. When a client leaves for another site, another agent namely StorageAgent can maintain the details of the client till the client comes back and till then, the ManagerAgent can serve other clients. Each ManagerAgent is responsible for single connection thread and maintains the session details of a number of clients. Hence, the server can now accommodate more number of clients. By deploying agents for session management, the scalability of e-business sites can thus be improved a lot.
The proposed agent based architecture for session management is given in Figure 3.2. The architecture is designed with one AllocatorAgent, one StorageAgent, and many ManagerAgents. The functions of main components comprising the architecture are discussed below: • The Web Server has four sub-components namely Connection Pool, AllocatorAgent, StorageAgent, and ManagerAgent.
63
• The AllocatorAgent retrieves each client’s request from the queue and checks with StorageAgent if the client has any previous session alive. Then it assigns a ManagerAgent with less workload to serve the client. If none of the ManagerAgent is free, then the client is made to wait till a ManagerAgent has a free slot. • The ManagerAgent is created from a Connection Pool Thread and each ManagerAgent can handle ‘n’ client sessions. Once a client is assigned with a ManagerAgent, then the agent serves subsequent requests from the client. When the client migrates to some other site, the ManagerAgent stores the client details with StorageAgent and removes from its own. Also it updates the AllocatorAgent about its workload. When the client leaves the site by logging out or by migrating, the ManagerAgent can serve some other clients. • StorageAgent is responsible for storing the details of clients who have migrated to other sites without closing their sessions. It also removes the details of the client after the timeout period. • Web Server has a connection pool that contains a number of connection
threads.
These
threads
are
used
to
create
ManagerAgents.
The design details of agents deployed are depicted by the class diagram depicted in Figure 3.3. The AllocatorAgent maintains identifiers of the ManagerAgents and their workload. It also checks the session ID to find
64
out whether the client is a new client, or a migrated client. The ManagerAgent maintains the identity and shopping cart details of clients whose sessions are managed by it. When the client migrates, a flag is set in the session ID to indicate that the client has migrated. This flag is checked by the AllocatorAgent.
Figure 3.2 Proposed Agent Based Architecture for Session Management
65
The detailed interactions between the components, for a scenario starting from a client entering the site till leaving are given in Figure 3.4.
Figure 3.3 Agents’ Design
The proposed agent based architecture improves the scalability of web server, as more number of clients can be served by utilizing the idle time of web server connection threads. Agents represent connection threads and whenever client migrates, the agent that serves him immediately stores the details of migrated client and start serving other clients waiting in the queue. The performance is enhanced in terms of throughput and response time, since the average waiting time of the client is reduced considerably by deploying the proposed agent based architecture.
66
Figure 3.4 Interactions between Components
67
3.3
DESIGN AND IMPLEMENTATION
An experimental e-business application is developed to compare and analyze the performance of the existing and proposed architectures. An eshopping site is developed that would allow clients to do transactions: browse through a set of products, login, add to cart, view cart and to logout. First, the application is developed without agents that support the above mentioned transactions. Second, the application is developed with agents. Agents are implemented and deployed as per the design requirements specified in the interaction diagram depicted in Figure 3.4.
3.3.1
Performance Analysis Methodology
Generally, performance models are built and used to analyze the performance and scalability characteristics of the system under study. Models represent the way system resources are used by the workload placed on the system. Models capture the main factors determining the behavior of the system under load and are used to compute performance metrics. Performance models can be grouped into two common categories: Analytical Models and Simulation models. Analytical models specify the interaction between the various components of a system via formulae. Simulation models mimic the behavior of the actual system by running a simulation program. It has the great advantage of great generality, and hence simulation models are chosen to analyze the performance of the proposed architecture.
68
3.3.1.1 Simulation Models
As simulation models provide more accurate results than the analytical models [56], it has been decided to use simulation for performance analysis of the proposed approach. Automated performance testing is about applying production workloads to pre-deployment systems while simultaneously measuring system performance and end-user experience. Mercury LoadRunner 8.0 Evaluation version is chosen to analyze the performance of both implementations. The detailed analysis and the corresponding results are summarized in the following sections.
3.3.1.2 Load Test Process
The performance characteristics such as Hits per Second or Throughput, Running users, and Transaction Response Time under Load are integral parts of quality attribute of a software system. Figure 3.5 depicts the load testing process to evaluate the performance of the system. The first step is the load test planning process that includes analyzing the application, defining testing objectives, planning testing tool implementation, and examining load testing objective.
Creating the Vuser scripts required for a scenario is part of the load testing process. Vusers or virtual users are used by the simulation program, as a replacement for human users. The actions that a Vuser performs during the scenario are described in a Vuser script, which includes functions that measure and record the performance of the server during the scenario.
69
A scenario defines the events that occur during each testing session. For example, a scenario defines and controls the number of users to emulate, the actions that the users perform, and the machines on which they run their emulations. When a scenario is made to run, Vusers emulate the actions of human users working with the application. A scenario can contain tens, hundreds, or even thousands of Vusers running concurrently on a single workstation. When a scenario is executed, the tool generates load on the application and measures the system’s performance. After executing a scenario, the tool’s graphs and reports can be used to analyze the performance of the application and the systems. Individual graphs can be studied and compared with other graphs.
Figure 3.5 Load Test Process
70
3.3.1.3 Load Testing Scenario
A common flow of transaction is designed for both approaches (with and without agents) namely: Browse for an item, Login to get details of a selected item, Add to Cart, View Cart, Search for some other item, and Logout. The customer behavior model chosen for the experiment is given in Figure 3.6. There are five transactions designed namely Logon, AddToCart, ViewCart, Search, and Logout. Initially, 2 users are started at every 30 seconds and once the load reaches 10 users, then a consistent load of 10 users is maintained for 10 minutes. After that, 2 users at every 30 seconds are made to exit the site gradually. All the users exhibit the behavior depicted in Figure 3.6 and they do the entire transaction flow once and come out.
Figure 3.6 Customer Behavior Model
71
To mimic the behavior of real-time users, client think time is enabled and is made to change randomly from 50% to 150% of actual noted think time at the period of scenario (behavior) recording process. Maximum bandwidth is simulated and browser cache is disabled. All the runtime behaviors are captured and performance metrics like throughput, average response time and HTTP responses per second are measured for both the implementations with agents and without agents. The experimental results are shown in the following sections.
3.3.2
Performance Analysis
The complete analysis summary of test results for implementation without agents is displayed in Figure 3.7. In this summary report, a ‘Transaction’ represents an action or a set of actions used to measure the performance of the server. ‘Transaction Summary’ displays the number of transactions that passed, failed, stopped or ended with errors. It also displays the
average
response
time
taken
by
the
transaction
namely
‘jewel_sm1_Transaction’ that represents the entire transaction starting from Logon to Logout implemented without agents. As highlighted, it can be observed that the average response time is 30.948 seconds.
The complete analysis summary of test results for implementation with
agents
is
given
in
Figure
3.8.
The
transaction
named
‘jewel_sm_agent1_Transaction’ represents the entire transaction starting from Logon to Logout that has been completed with agents. As highlighted,
72
it can be observed that the average response time is 23.864 seconds. The proposed implementation significantly improves the average response time.
Figure 3.7 Analysis Summary for Session Management without Agents
73
Figure 3.8 Analysis Summary for Session Management with Agents
3.3.3 Transaction Response Time
The same scenario is repeated for varying number of users from 1 to 10 and the average transaction response times observed during the load test
74
for both implementations are depicted in Figure 3.9 with the corresponding data in Table 3.1. This graph helps to visualize the general impact of user load on average response time and is most useful when analyzing a load test. For both the implementations, the average response time increases linearly with the number of users, but the agent based approach provides better response time for the given number of users.
3.3.4 Throughput
Throughput represents the amount of data that the clients received from the server. From the analysis summary depicted in Figure 3.7, it can be observed that the average throughput for the implementation without agents is 53,495 bytes per second with the server generating 10.526 average hits per second. From the analysis summary depicted in Figure 3.8, it can be observed that the average throughput for the implementation with agents is 61,545 bytes per second with the server generating 12.213 average hits per second.
It shows that the agent based approach produces significantly more throughput than its counterpart. The average throughput measured during the load test varying the number of users from 1 to 10 for both cases is shown in Figure 3.10 with corresponding data in Table 3.2.
75
Average Response Time (Seconds)
Average Response Time Under Load 35 30 25 20 15 10 5 0 1
2
3
4
5
6
7
8
9
Number of Virtual Users Without Agents
With Agents
Figure 3.9 Average Transaction Response Time under Load
Table 3.1 Average Transaction Response Time under Load No. of Users
Average Response Time in Seconds Without Agents
With Agents
1
30.417
16.301
2
30.674
16.556
3
30.803
16.795
4
30.909
16.899
5
31.141
17.063
6
31.238
17.159
7
31.245
17.225
8
31.319
17.277
9
31.478
17.298
10
31.7
17.324
76
10
Average Throughput Under Load
Average Throughput (bytes/second)
70,000 60,000 50,000 40,000 30,000 20,000 10,000 0 1
2
3
4
5
6
7
8
Number of Virtual Users Without Agents
With Agents
Figure 3.10 Average Throughput under Load
Table 3.2 Average Throughput under Load No. of Users
Average Throughput (bytes/second) Without Agents
With Agents
1
6,220
11,563
2
12,500
22,500
3
17,866
31,988
4
23,752
41,735
5
28,401
46,476
6
34,127
58,268
7
39,313
59,444
8
43,632
62,225
9
48,169
63,838
10
53,495
64,588
77
9
10
3.3.5 Impact Based on Windows Resources
The server’s Windows Operating System resources usage for processor, disk, or memory utilization is monitored during the analysis, in order to identify the source of poor performance. The impact of Windows Operating System resources usage on the average time of whole transactions for both the cases is analyzed by correlating the average response time of the whole transaction with that of Windows resources measurements. Graphs are constructed as shown in Figures 3.11 and 3.12 to depict the correlation match of various system entities with the average response time for the implementation without and with agents respectively. Results show that the thread objects present in the system are the major source of poor performance in case of implementation without agents. But the agent based implementation has experienced only slight degradation in the performance due to the high processor time and memory requirements.
The correlation match of various operating system entities with the average response time for the implementation without agents is depicted in Table 3.3, from which it can be concluded that the Threads, File Data Operations, and Private Bytes have a correlation match of 93%, 67%, and 50% respectively. The behavior of these elements was closely related to the response time of whole transaction without agents during the specified time interval. When the transaction time reached its peak, there was an extensive usage of thread objects present in the system. The bottleneck in this case is the thread objects.
78
Figure 3.11 Impact of Windows Resources on Transaction Behavior (Without Agents)
Table 3.3 Correlation Match of Windows Resources (Without Agents)
The correlation match of various operating system entities with the average response time for the implementation without agents is depicted in Table 3.4, from which it can be concluded that the Private Bytes, Processor Time, and Threads have a correlation match of 65%, 64% and 61% respectively. This means that the behavior of these elements was closely related to the average response time of whole transaction with agents during the specified time interval. When the transaction time reached its peak, the processor time availability was low and memory utilization (private bytes, a
79
memory related measurement) was in its peak. As agents need little more time to execute and they need additional memory, these elements have a direct impact on the average response time of whole transaction when agents are deployed. Also, this is only slightly higher than the existing architecture. Here, the impact of thread objects is only 61% which is 93% in case when no agents present in the scenario. Hence, the bottleneck in the current session management, namely “Threads” (software contention problem) is eliminated by the proposed agent based model.
Figure 3.12 Impact of Windows Resources on Transaction Behavior (With Agents)
Table 3.4 Correlation Match of Windows Resources (With Agents)
80
3.3.6 Scalability Analysis
In order to investigate when the agent based model outperforms the existing model of session management, the number of users is increased till a failure is encountered using a different type of load testing tool. In this case, the users are made to enter the site with the burst strategy to test the application for sudden load. Burst strategy is recommended to study the effect of sudden load on the target application and is generally used with a short time duration setting.
Figure 3.13 Burst Load of 50 Users (Without Agents)
81
As depicted in Figure 3.13, for a sudden load of 50 users, the existing model without agents has generated 150 task hits out of which only 48 were successful, 11 were failed and 91 were timed out. It has produced 237,913 milliseconds as the average response time with a throughput of 32 KB. The proposed model with agents has generated 400 task hits all of them were successful, which is shown in Figure 3.14.
Figure 3.14 Burst Load of 50 Users (With Agents)
82
The agent based architecture has produced 263,989 milliseconds as the average response time with a throughput of 1694 KB. Based on these measurements, it can be deduced that the existing architecture is unable to scale to the sudden load, whereas the agent based model scales well to handle the sudden load in a normal manner.
Results show that agent based architecture perform better than that of thread based architecture in the simulated environment. The agent based approach serves more number of clients than the thread based approach when the load on the system increases and hence it can be concluded that the proposed architecture scales well. The performance metrics measured shows that the proposed architecture offers improved response time to the clients thereby reducing the waiting time of clients during a visit to the e-business site. Also, for the given number of users, the agent based architecture produces more throughput than the thread based architecture.
The scalability of e-business applications can be enhanced further by the use of mobile agents in another dimension. The database server present in the e-business infrastructure can be made to scale in a secured manner with the introduction of shared objects along with the mobile agents. The thesis proposes a new approach based on shared objects and mobile agents to enhance the security and scalability aspects of enterprise applications, the details of which are discussed in next section.
83
3.4
DATABASE SECURITY MODEL FOR ENTERPRISE APPLICATIONS
E-business must be highly secured and scalable to provide efficient services to millions of clients on the web. Regardless of the type of ebusiness model adapted, there are some issues that have to be carefully considered during design and implementation of an e-business site. Ebusiness activities and Web Services are essentially real time processes in which performance, security, and availability problems have a high cost. Also, allowing users to directly access the business database may cause severe security problems. An unauthenticated user with browser access to a web server hosting the e-business application can exploit the database.
In this section, a new approach based on shared objects to improve security, and mobile agents to the improve scalability of e-business applications is proposed. The e-business uses shared objects and mobile agents to notify the users on particular events, such as insertion of new data or modification of existing data. The agent that resides in the database server is informed about the new information by triggering a function. Then the agent updates the shared object which is accessed by another agent that sends the information to the clients. This approach improves security, as clients are not aware of the location of central database and makes ebusiness more scalable by deploying mobile agents. The shared object is designed in such a way that it synchronizes the data transfer between agents. Proposed approach is implemented in a testing environment and the performance is analyzed. 84
3.4.1 Proposed Agent Based Architecture for Scalable and Secure Databases
The architecture of e-business system under study is given in Figure 3.15. It includes a web server, an application server, and a database server connected through 100 Mbps Ethernet LAN. The web server and application server are installed in single machine.
Figure 3.15 Architecture of E-Business System under Study
The architecture of existing database servers in an e-business system is presented here by considering an example application that includes a database service provider (DBSP), which takes care of business database of its subscribers, one or many database owners, who are the owners of the database. The application includes one or more database users who are interested in using the data present in the database. Figure 3.16 depicts the database service architecture of the most common e-business applications.
85
The DataBase Owner (DBOwner) is any business organization that wants to host its database in the DataBase Service Provider’s DBServer (DBS). Here the users who are interested in the data have to continuously enquire DBS by sending requests. The DBS has to send responses to all the users who have requested for data. The users have to connect to the DBS all the time and continuously send requests. This architecture imposes more time requirements on the database users, and places more service requirements on the DBS. Also, allowing users to directly access the database
introduces
security
vulnerabilities,
which
may
allow
a
knowledgeable and malicious user to execute unauthorized procedures or SQL inside the database. It has been identified that the risk to exposure to business data is high.
Figure 3.16 Existing E-Business Database Service Architecture
The concept of Shared Object is introduced to improve the security of business database. Figure 3.17 shows the architecture of the system that includes the Shared Object. Servlets namely DataServlet and WebServlet
86
have also been deployed in order to act as intermediaries between the DBS and Shared Object, and between Shared Object and the clients respectively. The Shared Object contains following attributes: • old information - the information that was present in the database before modification • new information - the information that is present in the database after modification • a flag - to indicate whether the information contained in the Shared Object is consumed by the clients or not.
Figure 3.17 Database Service Architecture with Shared Object
The Shared Object is accessed and updated by any number of objects. The Shared Object and the DBS are placed somewhere in the web, such that the users are not aware of their location. When there is an information update, the DBS sends both old and new information to DataServlet through a trigger. The DataServlet checks the flag attribute of Shared Object to find out whether the information provided by previous update has been 87
consumed by WebServlet or not. If the flag is set to ‘false’, it means that the previous information is consumed, and then DataServlet updates the old and new information attributes of Shared Object. Also, the DataServlet sets the flag attribute of Shared Object to ‘true’ to indicate that new information is available for the WebServlet to consume.
The WebServlet which is the client interface continuously monitors the Shared Object for the availability of new information. When the flag attribute is ‘true’ then it means that new information is available, and hence WebServlet retrieves the information and sets the flag to ‘false’, to indicate that the information is consumed. The flag field is updated accordingly in order to ensure synchronized and reliable data transfer between the database server and the clients. The users have to contact the WebServlet continuously by sending request messages for any information update. The users need not contact the DBS for the information. Also, the location of Shared Object and the DBS are hidden from the users. By this approach, the business database is made secure by avoiding direct access to the DBS. In this approach, the users have to send the request messages to the WebServlet all the time continuously. The WebServlet becomes a bottleneck here as it has to respond to a large number of users who are sending request messages for updated information. With the tremendous growth of Internet traffic, the WebServlet has to be highly scalable in order to provide service to the increasing volume of user community.
88
Agents are introduced in the architecture to improve the scalability of the system by eliminating the bottleneck identified at the WebServlet. Figure 3.18 shows the architecture that includes agents along with the Shared Object. Here, two stationary agents called InfoUpdaterAgent and InfoSenderAgent replace the DataServlet and WebServlet respectively. The Shared Object and the InfoSenderAgent are placed somewhere in the web such that the users are not aware of their location.
Figure 3.18 Proposed Database Service Architecture
Whenever there is an information update, the database server sends this
information
to
InfoUpdaterAgent
through
a
trigger.
The
InfoUpdaterAgent in turn updates the Shared Object. The InfoSenderAgent continuously monitors the Shared Object for updated information. The users must have already registered with the DBSP for being informed about the
89
information update. On finding new information, the InfoSenderAgent creates a mobile agent called InfoDispatcherAgent, provides it with the itinerary of list of users to be visited, and launches it. The InfoDispatcherAgent migrates to all users in the itinerary and provides them with the requested information. If the users are off-line also, the agent updates them. Here, the users need not contact the DBS. Instead, they have to register themselves with the DBServer for information update. Thereafter, they need not be in connect-state all the time.
By this approach, the database is made secure by avoiding direct contact of users to the DBServer. Also, the DBS is made scalable, as large volume of users can be served. Further, the network resources are also conserved as the number of message exchanges is reduced. From the user’s perspective, it saves the time and cost of connecting to the DBServer.
3.4.2 Implementation Procedure
The Agent Based Information Updating Algorithm The algorithm to be executed by various components of proposed architecture is given below: • Trigger if (new data old data) call function (new, old);
90
• Function Create InfoUpdater; Provide info to InfoUpdater; Start InfoUpdater;
• InfoUpdater (UpdateAgent) receive info; identify SharedObject through DirectoryServices; while (old data not consumed) block itself; update SharedObject; block_on_event (acknowledgement); destroy itself; • SharedObject register with DirectoryServices; while (true) { if (request from UpdateAgent) { if (old data consumed) { receive data; send acknowledgement; } else block UpdateAgent; } else if (request from MobileAgent)
91
if (new data available) send data; }
• InfoSender (SenderAgent) while (true) { if (new data available) { create DispatcherAgent; provide itinerary; launch DispatcherAgent; } }
• DispatcherAgent while (more sites to visit) { migrate to next site; provide data; } destroy itself;
The algorithm is well explained by means of the activity diagram as depicted in Figure 3.19.
92
Figure 3.19 Activity Diagram for Information Updating Process
93
3.4.3 Experimental Methodology
The proposed approach is implemented in a testing environment that contains three systems to act as: a client, a database server, and a system to contain the Shared Object. The client system is equipped with the web server. All the three systems are connected through 100 Mbps Ethernet LAN. The web/application server and database server both combined together forms the architectural components of DataBase Service Provider (DBSP).
The client machine is used to simulate the DBOwner and DBUser components. Towards DBOwner’s perspective, it contains applications that are used to update the database in the DBServer. The applications include addition of new records, modification and deletion of existing records. Towards DBUser’s perspective, the client machine contains applications that are used to query the database. The applications include registering the user with the DBSP for any information of interest. The database server is loaded with database and InfoUpdater components. The third machine is loaded with the Shared Object.
All the three systems have Windows based platforms. Also the web server selected is Tomcat Apache Web Server. Oracle 9i is chosen as the Database Server. A simple application for DBOwners is created that will allow adding, modifying and deleting some records in the DB. Then, a simple application that will behave like a DBUser is developed. This
94
application will register itself for any information of interest. The implementation details of the approach with Shared Object and agents are given below.
The details of Shared Object, its data members and the methods are given in Figure 3.20 (a). The getInstance() method returns an instance of the Shared Object, through which all the objects can invoke the required methods. Checking for information update is done using isUpdated() method and the flag value is updated through update() method. Value of new data and old data are stored and retrieved using corresponding ‘get’ and ‘set’ methods.
SharedObject String newdata String olddata boolean flag public static SharedObject getInstance() public void setNewData(String data) public String getNewData() public void setOldData(String data) public String getOldData() public boolean isUpdated() public void update() Figure 3.20 (a) Shared Object Details
The code snippet to generate the trigger on information update is given in Figure 3.20 (b). The trigger calls a function written in Java by passing the old and new information as parameters. Since the function is a 95
static one, it can be called without creating an object of the class in which it is defined. The class file is to be loaded into Oracle by using loadjava utility. On loading this file, two new tables are created automatically in the database. The table CREATE$JAVA$LOB$TABLE is used to store the reference
to
the
class
files
that
are
added.
The
table
JAVA$CLASS$MD5$TABLE is used to store the class file itself in the database.
if :new.data :old.data then newdata := :new.data; olddata := :old.data; str := func(newdata, olddata); end if; Figure 3.20 (b) Trigger to Call Function
The function that is called by the trigger on information update is stored in Oracle as given in Figure 3.20 (c). The Java method takes in two String arguments and returns a String object which is mapped with Oracle’s varchar2. The method sends this data to a Java object that in turn creates an InfoUpdaterAgent whose code snippet is shown in Figure 3.20 (d). The old and new information are passed as arguments at the time of agent creation.
96
create or replace function func(newdata varchar2, olddata varchar2) return varchar2 as language java name ‘trigger.send(java.lang.String, java.lang.String) return java.lang.String’; Figure 3.20 (c) Function to Send Data
Runtime rt = Runtime.instance(); Profile p = new ProfileImpl(); AgentContainer ac = rt.createAgentContainer(p); Object args[] = new Object[2]; args[0] = newdata; args[1] = olddata; AgentController updater = ac.createNewAgent(“sender”, InfoUpdaterAgent”, args); updater.start(); Figure 3.20 (d) InfoUpdaterAgent Creation
The InfoSenderAgent checks for the availability of new information in the Shared Object by using CyclicBehaviour defined by JADE. The corresponding code snippet is given in Figure 3.20 (e).
The mobile agent called DispatcherAgent visits all the users one by one and provides them with the data. It migrates to the locations specified in its itinerary by calling its doMove() method. The code snippet for DispatcherAgent migration is shown in Figure 3.20 (f).
97
protected void setup() { addBehaviour(new CyclicBehaviour(this) { public void action() { SharedObject obj = SharedObject.getInstance(); if(obj.isUpdated()) { newdata = obj.getNewData(); olddata = obj.getOldData(); obj.update(); } } }); }
Figure 3.20 (e) InfoSenderAgent Checks for New Information
while(locid < availableLocations.size()) { if((availableLocations.get(locid).toString()).compareTo (homesite.toString()) != 0) { Location dest = (Location) availableLocations.get(locid); traversedLocations.add(homesite); cursite = dest; doMove(dest); break; } locid++; }
Figure 3.20 (f) DispatcherAgent Migration
3.4.4 Performance Analysis – Security and Scalability Improvements The proposed architecture is implemented in the testing environment described above. The DBUsers, once they register themselves need not 98
contact the web server of DBSP for information retrieval. Hence the overhead involved in request response cycle is eliminated. Also, the network resources, web server session threads are also saved to a considerable amount as the DBUsers community is hundreds of times larger than the DBOwners community. Hence the DBS is able to register and serve more and more new users with updated information while serving the existing users without any performance degradation. Also, the scalability of DBS is improved by using agent technology for information updation.
The same approach can be used in a distributed environment, which is the natural scenario for many e-business applications. The database servers and the shared objects can be organized in a distributed manner, which implies even when there is a tremendous growth in the volume of users, the capacity of database servers can be increased either by using scaling out or scaling up approaches, or directly by increasing the number of shared objects.
As the proposed approach hides the location of the database server from the users, and eliminates the users accessing the database directly, the risk factor regarding security is also reduced considerably. Even though the DBMS provides locking and access control rights mechanisms to ensure security, this approach opens up a new window to security enhancements as it enhances the security of databases.
99
The updated data is immediately available in the Shared Object. The users when contact for the data, will get it immediately even if the DBServer is busy serving others. Also from the user’s perspective, they need not be online always to retrieve the information. They can be provided with the information even when they are off-line, by agents. This offers the users, a considerable gain in the time and cost components.
The data in the Shared Object is updated only after the previous data is consumed by the clients through SenderAgent. Also, the data is retrieved only if there is new data. This ensures the synchronization of data exchange. In the earlier cases, if the user directly accesses the data, chances are there to retrieve old data or to miss some intermediate data between updates. These problems are avoided and the synchronization of data exchange is ensured at all the times.
The proposed approach can be adapted to various applications in a generalized way. The approach considers all the data in the String form and can be used to deal with any kind of data. The data are considered as old and new to represent data before and after modification. Some of the potential applications of this proposed approach include: • Home/Bank Security System in which alerts can be sent to house owners, police officials in case of any modification of data. The data can be made modified by the use of sensors and electronic circuits when there is an abnormal event, like opening the door in the absence of owner.
100
• Share Price Updating System, in which the interested shareholders can be informed of particular share prices reaching specified threshold values • Shopping Information System, in which the customer can be notified when there is an offer for a particular product • Sudent Information System, in which the students can be notified of happenings of events like results declaration, dates to remember and so on.
3.5 CONCLUSION
Agent technology is gaining importance in various application domains. In this chapter, a new approach based on agent technology is proposed to manage the customer sessions in a web server present in the ebusiness environment. The existing architecture and proposed architecture are implemented, and detailed performance analysis is done using simulation. Results show that agent based architecture performs better than that of existing architecture. The agent based approach serves more number of clients in the normal manner than the existing approach when load on the system increases and hence it can be concluded that the proposed architecture scales well. Also the performance metrics measured shows that the average response time is better in the proposed architecture, and hence the clients can have significant savings in the time spent during a visit to the
101
e-business site. The architecture is designed, implemented and tested in a limited environment with limited resources.
Also, a new approach based on shared objects and agents is proposed to enhance the security and scalability of database servers present in the ebusiness environment. Architecture for the approach is designed and implementation details are given. The proposed approach can be adapted to various applications in a generalized way. Potential benefits of this approach include: enhanced scalability, enhanced security, synchronized data transfer, generic model for potential applications and so on.
For these two approaches to be successfully implemented, following are the pre-requisites and limitations. • Agent Platform must be implemented in each of the systems involved • Acceptance of agent technology is not so popular • Security problems of agent technology are a matter of concern • Common interaction protocols for agents are not standardized • Failure of agent platform in remote hosts raises reliability issues.
Among these limitations, the security and reliability issues concerned with agent technology have become the major hurdle for deploying agent based systems in enterprise applications. Next chapter of this thesis analyzes the security and reliability issues of agent based enterprise applications and proposes models to address these issues. The proposed models have been developed, and their performance is also analyzed.
102
CHAPTER 4
SECURITY AND RELIABILITY ENHANCEMENTS OF AGENT BASED E-BUSINESS SYSTEMS
4.1 INTRODUCTION
Mobile agent systems provide a great flexibility and customizability to distributed applications like e-business and information retrieval in the current scenario. Two new approaches based on agents have been proposed to enhance the scalability of web servers, and security of database servers present in the e-business environment and these approaches are found to be efficient. The inherent advantages provided by agent based systems are hampered mainly by security concerns, especially when agents are to be used to deal with money transactions.
Mobile agents moving around the network are not safe as the remote hosts that accommodate the agents can initiate all kinds of attacks and attempt to analyze the agents' decision logic and agents' accumulated data. Hence mobile agent security is one of the most challenging problems that attract the research community. The security attacks to mobile agents by malicious hosts have been analyzed in this chapter and solutions based on public key authentication techniques and cryptography is proposed to
103
address mobile agent security problems. A performance model is developed to evaluate the overhead introduced when mobile agents are implemented with the proposed solution.
In this chapter, detailed description is given on the experimental multi-agent based e-business application namely Shopping Consultant Agent System (SCAS) that is designed and developed to analyze the performance overhead introduced by the proposed solutions for security and reliability issues. The SCAS is updated in order to apply the proposed security solutions in large-scale distributed environments.
In any distributed system, along with security issues, reliability and fault tolerance are vital issues for deploying mobile agent based systems. Ebusiness being a prominent domain for deploying agent technology, it also faces reliability problems due to various factors like the failure of agent platform and communication link etc. Reliability is a factor that may affect the performance, availability, and strategy of mobile agent systems. The reliability issues of mobile agents, particularly in an e-business environment, are discussed in this chapter and models for mobile agent system reliability have been developed. Solutions namely periodic scan and forward echo are implemented to address some of the reliability issues concerned with agent technology. Reliability enhancements obtained are also measured using the proposed model.
104
4.2 SECURITY ENHANCEMENTS OF AGENT BASED E-BUSINESS SYSTEM
Any distributed system is subject to security threats such as eavesdropping, corruption, denial of service, replaying, and repudiation, so is a mobile agent system. Therefore, issues such as authentication and nonrepudiation should be addressed in a mobile agent system. Moreover, a secure mobile agent system must protect the hosts as well as the agents from being tampered by malicious parties. The problem of mobile agent system security can be divided into two parts: • Protection of hosts against malicious agents • Protection of agents against malicious hosts.
As the hosts are not aware of the origin of agents and the code they are going to execute in the host, the hosts are vulnerable to security threats from malicious agents. The hosts can be protected by authentication techniques and by limiting access rights of incoming agents such that the agents can access only a limited portion of the local system resources. This kind of protection is already implemented in Java security model.
Agent security problem is due to the property of mobile agents that are autonomous software agents that travel in a computer network to execute and perform tasks on different hosts, on behalf of their owners. These agents are composed of data collected as a result of computation from remote hosts, state information to resume their work at a remote host and code information that is used to execute their task. The hosts in which the agents execute, have
105
complete control over the agents. When the mobile agent arrives at the host, the agent is loaded into the host's memory [25]. The host machine is armed with the external environment like the system clock, the code library to access the system or to access other host specific information, to target at the mobile agent. In effect, the remote host monitors the execution of every statement of the agent program. The mobile agent is entirely subordinate to the host. Program code can be inserted, modified, deleted, and selectively executed. The vulnerabilities of the mobile agent to execute in the hostile environment are hence readily reflected.
If the host is malicious, the agents are exposed to security threats that may violate confidentiality, integrity, authentication, availability, nonrepudiation etc. This kind of agent security problem is the main unsolved security problem, because of the possible existence of malicious hosts that can manipulate the execution and data of agents.
4.2.1 Experimental Multi-Agent System
An experimental multi-agent system namely Shopping Consultant Agent System (SCAS) is designed and developed to identify the security and reliability issues that may arise in agent based e-business systems. The SCAS is a web-based mobile agent system that provides users with information on the products for sale in an electronic marketplace (emarketplace).
106
SCAS deploys mobile agents to retrieve product information in an emarketplace for users. An e-marketplace consists of hosts that sell and buy products on the Internet. Sellers and buyers register themselves with the marketplace to become a part of the marketplace as in the traditional markets. In SCAS, each seller maintains a local database that stores the price and quantity in stock of different products available with that host (seller). SCAS maintains a list of all hosts in the e-marketplace and a list of all products available in the e-marketplace. The architectural components of the system are depicted in Figure 4.1.
Figure 4.1 Shopping Consultant Agent System Architecture
SCAS allows users to specify a set of products and the corresponding quantities the users want to buy from the e-marketplace. An agent is created for the user, which on behalf of the user will collect price details from the participating hosts in the e-marketplace. The itinerary of the agent is
107
determined before the agent is launched. After the agent visits all hosts specified in its itinerary, it returns to its sender and reports the price details.
The description of each of the components present in SCAS follows: • Client Browser initiates the action by sending requests for prices of required items by specifying the product IDs and quantities. • LauncherAgent, which resides in the home site of e-marketplace, is responsible for: Receiving a request from a user Creating a mobile agent on behalf of the user Initializing the agent by providing necessary details like product IDs, quantities and itinerary Launching the agent to the hosts, receiving it, and presenting the information as a response to the user. • MobileAgent keeps a list of product IDs and a list of the corresponding quantities specified by the user. It is responsible to travel around the network and collect price information for the user from different hosts in the e-marketplace. • RemoteAgent, which resides in the participating host, provides the price details to MobileAgent when the MobileAgent requests for it, by querying the corresponding database present in the local host.
108
4.2.2 Security Issues of SCAS
System security is of crucial importance to applications in an emarketplace, where money transaction is concerned.
The host security
problem of SCAS can be addressed by the Java programming language, which is used for the development of the system. This thesis focuses on the agent security against malicious hosts. The security requirements idnetified for SCAS are: • Integrity: the query results reported by a MobileAgent must truly represent the market prices of the products and at the quantities, specified by the user. • Confidentiality: information collected from a remote host by a MobileAgent should not be revealed to other hosts or agents. • Authenticity: an agent must visit and collect information only from the list of hosts specified by LauncherAgent. • Non-Repudiation: a host must not deny the information that has been provided by it earlier.
The possible types of attacks to the MobileAgent that can compromise the above security requirements of the system are described below.
4.2.2.1 Modification of query products
The list of products specified by user is stored as the product ID attribute of the MobileAgent, in plain text form. When the agent goes to a malicious host, the malicious host can change the product list, the agent
109
wants to query. When the agent later goes to another host, the later host will respond to the modified products of query and hence report wrong information unknowingly. This violates the integrity of the queries.
4.2.2.2 Modification of query quantities
When a MobileAgent goes to a malicious host, the malicious host can change the quantities of products the agent wants to query, which is simply in plain text form. When the agent goes to another host, the later host will respond to the modified quantities of query, and hence report wrong information unknowingly. This also violates the integrity of queries.
4.2.2.3 Spying out and modification of query results
MobileAgents carry query results also in plain text form. Therefore, when a MobileAgent goes to a malicious host, the malicious host can spy out and modify the results that the agent has collected from previous hosts in such a way that the changed results would favor the malicious host itself. For example, a malicious host may raise the prices quoted by other hosts, to convince the user that the malicious host is selling at the lowest price, which is not true. This violates the confidentiality and integrity of query results.
4.2.2.4 Redirect mobile agent to some other host
The itinerary of the MobileAgent is a list of locations to be visited by the agent in a simple plain text form. The malicious host can modify the
110
itinerary, in such a way that the agent is redirected to a host that is not at all present in the itinerary. The new destination may be a host that favors the malicious host. Hence, the MobileAgent may report price details from a host that is not a genuine one. This violates the authenticity requirements.
4.2.2.5 Denial of actions related to data
Agents provide results when they return home. If the user selects a host as the preferred seller based on the information provided by the MobileAgent and if the host later denies that it has not provided that information or price, then all the effort taken till then would become a waste of time and money. This violates the non-repudiation requirement.
4.2.3 Proposed Security Enhancements
In order to address the above described security issues, a new component named KeyServer is introduced in the architecture of SCAS as depicted in Figure 4.2.
Various security mechanisms had been designed, but yet a single complete solution to mobile agent security is not found in the literature [37] in general, to protect the system against exploitation of the four system vulnerabilities described. An enhanced approach to protect mobile agents in SCAS against attacks from malicious hosts is devised by updating the SCAS architecture by means of introducing the centralized KeyServer. This approach is a hybrid approach of the solutions namely establishing a closed
111
network and agent tampering prevention. The detailed design of components of secure SCAS with the attributes and methods are illustrated in Figure 4.3.
Figure 4.2 Secured SCAS Architecture
Apart from other components present in the SCAS, a new component named KeyServer is added which is a kind of trusted third party that provides services in the same way as a centralized key management authority. It resides in the e-marketplace as a separate independent entity with the following responsibilities: • Storing the public key of participating hosts and mobile agents • Registering and deregistering the mobile agent key details • Providing the public key details to LauncherAgent and RemoteAgent.
112
Figure 4.3 Component Design for Secured SCAS
4.2.3.1 Closed Network
The component, KeyServer is introduced into the system, which provides a public key infrastructure for agents and hosts in the system. Each host should have a public key certificate registered to the KeyServer for encryption or decryption purposes. The LauncherAgent generates a pair of keys for each MobileAgent created, and registers the public key of the MobileAgent with a unique agent identification number to the KeyServer at run-time. On the other hand, each host must identify itself and register its public key to the KeyServer before, by such means as formal paper writing. This, in effect, establishes a closed set of hosts registered and known to the
113
KeyServer. MobileAgents are then confined to travel among a closed network formed by these registered hosts.
4.2.3.2 Agent Tampering Prevention
To protect query integrity, a MobileAgent can digitally sign its list of products and quantities using its private key, before it is launched. A host receiving the MobileAgent should verify the product and quantity lists with the signatures by using the public key of the MobileAgent that is stored with the KeyServer. Since only the LauncherAgent possesses the private key for the MobileAgent, malicious hosts would not be able to fake the information contained in the query. Moreover, each host should encrypt the query results that are returned to the MobileAgent, encrypted with the public key of the MobileAgent. Therefore, only the LauncherAgent can decrypt the query result, and confidentiality of query results is achieved. Furthermore, each host should digitally sign the query result it provides to the MobileAgent to address integrity, non-repudiation, and authenticity requirements of the query result returned.
4.2.4 Work Flow Model of Secured SCAS
The detailed sequence of activities that model the workflow of various components present in the system with proposed security enhancements is given by means of a sequence diagram as depicted in Figure 4.4.
114
Figure 4.4 Workflow Model of Secured SCAS
115
The sequence diagram describes the activities of various components as follows:
On receiving client’s request, the LauncherAgent generates a key pair for the MobileAgent to be created, registers the public key with the KeyServer, creates the MobileAgent, provides it with necessary information like productID and product quantity, and launches the MobileAgent to remote hosts. Before migrating, the MobileAgent signs the query details.
On receipt of request from MobileAgent for price data, the RemoteAgent at the remote host requests and receives the public key of MobileAgent from the KeyServer, verifies the authenticity and integrity of MobileAgent and query data respectively. Then the RemoteAgent provides the necessary price details by querying the database server, and signs the query result by using its own private key. The RemoteAgent encrypt the query result using the public key of MobileAgent before sending the result to MobileAgent.
The MobileAgent then migrates to next site, and the whole interaction between the MobileAgent and RemoteAgent continues as explained above. After visiting all the sites, the MobileAgent returns back to the homesite of e-marketplace, which is the location of LauncherAgent. The LauncherAgent verifies the signature of each of the RemoteAgents by requesting and receiving the corresponding public key from the KeyServer. If the query results are verified for their integrity, then the LauncherAgent decrypts the
116
result using private key of MobileAgent and finally presents the user with the necessary information. The proposed security mechanisms are evaluated by using performance models and simulation models.
4.2.5 Performance Model for Secured SCAS
A performance model has been developed for the secured SCAS in order to evaluate the impact of proposed security solutions on the performance. The parameters selected for this case study are based on the workflow given in the previous section and are summarized in Table 4.1. Table 4.1 Parameters for Evaluating Security Enhancements
Name
Description
N
Number of Nodes
Dcode
Code size of MobileAgent (MA)
Dstate
Status data size of MA (prod id and qty and data other than that collected from remote hosts)
Ddata
Amount of data collected from remote hosts
TreqPK
Time taken to request public key
TrespPK
Time taken to respond for public key
Rs
Rate of signature creation
Rv
Rate of signature verification
Re
Rate of encryption
Rd
Rate of decryption
Rse
Rate of Database search
Rth
Network throughput
Treqdata
Time taken to request data
117
Dinit
Size of MA before migrating
Tinit
Initial time required for MA migration
Dmig
Size of MA while migrating
Tmig
Time taken for MA to migrate and retrieve information
TMath
Total time for MA migration (MA throughput)
TMAAuth
Time taken for MA authentication
TSdata
Time taken for signing and encrypting the result
TMASec
Time to provide security services
TSMA
Total Execution time for Secured SCAS
Since the MobileAgent does not perform the encryption task before it is launched, it does not generate the result of task. It consists of code and state information. Its size Dinit is given by Dinit = Dcode + Dstate
(4.1)
MobileAgent signs the product id and quantity specified (the details of query). Hence its initial time for migration Tinit is
Tinit = Dstate * (1 / Rs )
(4.2)
When a mobile agent migrates among nodes, it performs its task and generates the result of the task. While a mobile agent is migrating among nodes, its size is defined as Dmig = Dcode + Dstate + Ddata
118
(4.3)
The total execution time of the model amounts the time for information retrieval and the time for security services such as authentication, integrity and confidentiality.
Let Tmig be the time required that a MobileAgent moves to a remote host and retrieves the information. Tmig is given by Tmig = (1 / Rse ) + (Dmig / Rth )
(4.4)
The total time required that a MobileAgent executes the assigned task, TMAth is given by TMAth = (Dinit / Rth ) + Tinit + (Ddata / Rth ) + (N - 1) * Tmig
(4.5)
The remote host has to authenticate the MobileAgent by requesting the public key of MobileAgent from the KeyServer. The necessary time for mobile agent authentication TMAAuth is given by TMAAuth = Treqdata + TreqPK + TrespPK + (Dstate * (1 / Rv ))
(4.6)
Time for signing and encrypting the results to be provided by remote host, TSdata is defined as TSData = Ddata * ((1 / Rs ) + (1 / Re )) The time for providing integrity and confidentiality is defined as:
119
(4.7)
TMASec = (Ddata / Rs) + (Ddata / Re ) + (Ddata / Rd ) + (Ddata / Rv ) + ( N * (Dstate / Rv )) + (N - 1) * TSData
(4.8)
If the mobile agent visits N nodes, it needs to N + 1 migration and authentication. The total execution time for the secure SCAS, TSMA is defined as,
TSMA = TMAth + (N + 1) * TMAAuth + TMASec
(4.9)
4.2.6 Security Analysis
There are two aspects to evaluate the security design implemented. First, the security provided to SCAS by the additional measures is to be analyzed. Second, the performance overhead introduced to the system by such measures, according to different number of hosts in the system is to be measured. Security is provided through the introduction of KeyServer that facilitates the use of public key cryptography. Assuming the KeyServer and the communication channel using which the MobileAgent migrates are secure enough, which can be justified by the popularity of Kerberos and Secure Socket Layer, the required closed network can be built effectively.
Furthermore, if the keys of MobileAgent are managed properly, the prevention of modification of the signed query carried by a MobileAgent, by a malicious host is supported by the security of the RSA encryption algorithm. The time complexity for breaking the system depends on the
120
length of the key in number of bits. The longer the key, the more secure would be the system. In the implementation, a key length of 1024 bits is chosen. This would be sufficiently secure for domestic purpose. Similarly, a malicious host would understand or modify the encrypted query results collected by an agent from another host, at the same complexity. Therefore, integrity of queries, and confidentiality and integrity of query results are achieved by prevention of tampering.
The host provides details to the MobileAgent after signing the information using its own private key. Hence the host cannot deny the information provided by it in a later stage through which the non-repudiation requirements are met. Also the LauncherAgent verifies the signature before processing the results. Hence the authenticity requirements are met. The proposed security model addresses all the security requirements of the experimental e-business system (SCAS) developed.
4.2.7 Performance Analysis
To evaluate and analyze the performance impacts of proposed security enhancements against the scalability of the system, the system is implemented in the execution environment, in which all the systems have AMD Athlon XP 2400+ processor, 256 MB of RAM and Windows XP as the operating system. The systems are connected through 10Mbps Ethernet LAN. Java and JADE are used to implement the system.
121
The database that contains the public key details of MobileAgent and participating hosts, and the data source for connecting to the database are created. KeyServer and Agent Platform are started in a system that acts as the Main Container of the agent platform. In each of the participating hosts, agent system is started with an instance of the RemoteAgent. Also, these hosts are made to join the Main Container of agent platform as Containers, so that the MobileAgent to be launched from the Main Container can recognize them. The MobileAgent is started at the Main Container and it performs the tasks: migrate to all the hosts, find out whether the RemoteAgent exists in the host, send request and get reply with all security enhancements, check whether all the hosts have been visited, come to its home site, and through the LauncherAgent, display the information collected from all the hosts to the client.
The time taken by the MobileAgent to travel around the e-marketplace consisting of different number of hosts, without security enhancements and then with security enhancements are measured, and results are plotted in Figure 4.5. The Turnaround Time for the MobileAgent to travel in SCAS changes more or less linearly over the number of hosts in the system, for both implementations. This is due to the additional time taken to travel increasing number of hosts in case of SCAS without security enhancements. This additional time requirement in case of secured SCAS is due to the time taken
to
travel
increasing
number
of
hosts
and
the
time
for
encryption/decryption operations. Also, the overhead for each additional host is more or less same in both the cases. The execution of MobileAgent is repeated for a number of times and average Turnaround Times of the
122
MobileAgent with and without security enhancements are given in Table 4.2.
Average Turnaround Time (milliSeconds)
Turaround Time of MobileAgent 60000 50000 40000 30000 20000 10000 0 1
2
3
4
5
Number of Hosts SCAS
Secured SCAS
Figure 4.5 Average Turnaround Time of MobileAgent
Table 4.2 Average Turnaround Time for Mobile Agent Number of Hosts
Turnaround Time (milliseconds) Secured SCAS SCAS
1
3238.86
6921.18
2
5623.75
17267.64
3
8008.64
26440.18
4
10632.54
34036.23
5
13209.43
42982.81
6
16054.78
49830.77
123
6
The overhead introduced in the case with security enhancements is due to the extensive use of the RSA algorithm to encrypt and decrypt each item, which is time consuming especially when the key is long, but a longer key gives a stronger protection to the system. Hence a trade-off between performance and security for SCAS is identified.
The thesis has attempted to improve security aspects of mobile agents by proposing an approach based on closed network and agent tampering protection. Results show that the agent based e-business system developed is sufficiently secure and a performance overhead is introduced when the system is made to scale. Though security requirements are met, it is difficult to apply this model to the large-scale distributed environment because of the centralized KeyServer. Also it causes the execution time to increase sharply because of using high costly security operations during travel.
4.3 SECURITY MODEL FOR LARGE-SCALE DISTRIBUTED ENVIRONMENT (MULTIPLE E-MARKETPLACES)
The performance of the secured SCAS gradually degrades due to the security implementation which in turn is because of the extensive cryptographic operations involved. Also, when the mobile agents are launched to travel multiple e-marketplaces, then the system should meet the scalability requirements also. When the agent has to collect information from multiple e-marketplaces, then the performance overhead would become too high to be possible to apply in real time scenario. Keeping the KeyServer as a centralized one makes it a bottleneck for the system.
124
Hence a new distributed security model is proposed in this section that aims to address the security problems identified in the previous sections, simultaneously handling performance degradation issues. The proposed model is based on Trusted Domain Guide Manager (TDGM) proposed by You and Lee [73].
4.3.1 Secured and Distributed SCAS (SDSCAS) Architecture
The experimental multi-agent system namely Shopping Consultant Agent System (SCAS) is updated in such a way that the mobile agent is launched to collect information from multiple e-marketplaces. Figure 4.6 shows an overview of the architecture of experimental distributed emarketplace along with the proposed security enhancements. The client can send request to any of the ‘k’ number of e-marketplaces in the given environment. Each of these e-marketplaces maintains the address details of other e-marketplaces that are part of the architecture. Also, each of these emarketplaces maintains the public key details of participating hosts present in its own. Here the concept of closed network of e-marketplaces is used where in each e-marketplace; again the closed network of hosts is maintained.
4.3.2 Components Design
The components present in the secured SCAS are redesigned to reflect the updations introduced in the new security model.
125
Figure 4.6 Secured SCAS Architecture for Distributed e-maketplaces
The detailed description of each of the components follows. Each emarketplace is responsible for maintaining the public key and private key details of each of the hosts registered with it.
126
The KeyServer is a kind of trusted third party that provides services in the same way, as a centralized key management authority. It resides outside any e-marketplace, as a separate independent entity, which is responsible for: • Storing the public key details of LauncherAgent present in the home-site of participating e-marketplaces • Registering and deregistering the mobile agent public key details • Providing the public key details to LauncherAgents.
The LauncherAgent present in the e-marketplace that receives the client’s request is responsible for: • Creating a MobileAgent for the client • Creating a private key/public key pair for the MobileAgent • Registering the public key of the MobileAgent with the KeyServer • Signing the query using its own private key • Providing the query details to the MobileAgent • Providing the list of hosts to be visited by the MobileAgent in the current e-marketplace • Providing the list of e-marketplaces to be visited by the MobileAgent in the entire environment and • Launching the MobileAgent.
127
The LauncherAgent present in the e-marketplace (which is not the one that has created the MobileAgent), that receives the MobileAgent from another e-marketplace is responsible for: • Retrieving the public key of MobileAgent • Verifying the signature of the query using public key of LauncherAgent of Home e-marketplace • Providing the list of hosts to be visited by the MobileAgent in the current environment and • Launching the MobileAgent.
The LauncherAgent present in the e-marketplace (which is the one that has created the MobileAgent), that receives the MobileAgent from another e-marketplace is responsible for: • Verifying the signature of the query using its own public key • Retrieving the public key of LauncherAgents from KeyServer • Verifying the signature of query results • Decrypting the result using private key of MobileAgent and • Sending the response to the client.
The LauncherAgent present in the e-marketplace that receives the MobileAgent from a host present in the same e-marketplace is responsible for: • Verifying the signature of the query using public key of LauncherAgent of Home e-marketplace
128
• Verifying the signature of query results provided by each of the hosts • Encrypting the query results by public key of MobileAgent and • Launching the MobileAgent into the next e-marketplace. The different types of activities performed by the LauncherAgent in the e-marketplace according to different situations are depicted by Figure 4.7.
Figure 4.7 Activities of LauncherAgent
129
The host (RemoteAgent that resides in the host) that receives a MobileAgent is responsible for: • Retrieving the results by querying its own database • Signing the query result using its own private key and • Encrypting the query result using the public key of LauncherAgent present in its own e-marketplace.
In this model, the services provided are: trusted domain management, security policy management and inter-marketplace authentication. Each of the marketplaces is authenticated and each of the hosts present in the emarketplace is in the trusted domain. Hence the MobileAgent cannot migrate to an agent system or a host that is not trusted. As this distributed model executes domain-level security operations and enables the mobile agent to migrate among nodes using domain-centric itinerary, it can provide higher performance than the secured SCAS. Also, this model is more scalable as the bottleneck at the centralized KeyServer is updated to a distributed one. The proposed security mechanisms are evaluated using performance models.
4.3.3 Performance Model for Secured and Distributed SCAS
A performance model has been developed for the secured and distributed SCAS in order to evaluate the impact on system performance introduced by the proposed solutions for the security problems. The parameters selected for this case study are based on the workflow given in the previous section, and the parameters required in addition to those given in Table 4.1, for this model are summarized in Table 4.3.
130
The total execution time of a MobileAgent in SDSCAS amounts the time for the information retrieval and the time for security service. Whenever the MobileAgent visits an e-marketplace to perform its task, authentication service is done twice by the Main Container of the agent platform: first to check the authenticity of the MobileAgent before beginning the task and the second to check the authenticity of participating hosts at the time of completion of assigned task at the e-marketplace. The hosts present in that e-marketplace assumes that the MobileAgent is safe as it is authenticated by the domain controller (LauncherAgent present in the home site of e-marketplace) based on the predefined security policies.
Table 4.3 Additional Parameters for Evaluating SDSCAS Name
Description
TSDTh
Total execution time for MA to complete the task
CAP
Number of agent platforms (e-marketplaces)
TSDAuth
Time required for authentication
TSDSec
Time required for providing security
Titnry
Time required for providing itinerary to MA
TSDMA
Total execution time in SDSCAS
The total execution time of MobileAgent to complete the assigned task, TSDTh is given by the relation, TSDTh
