Int. J. Agent-Oriented Software Engineering, Vol. X, No. Y, xxxx
The MP architecture: towards a secure framework for mobile agents Djamel Eddine Menacer* Ecole Nationale Supérieure d’Informatique, ESI, BP 68M Oued Smar, 16309, Algiers, Algeria E-mail:
[email protected] *Corresponding author
Habiba Drias Université des Sciences et de la Technologie Houari Boumediene (USTHB), BP 32, El-Alia, Bab-Ezzouar, Algiers, Algeria E-mail:
[email protected]
Christophe Sibertin-Blanc IRIT, Université Toulouse 1 – Capitole, 2 place du doyen G. Marty, F-31042 Toulouse cedex, France E-mail:
[email protected] Abstract: Currently, distributed applications are mainly based on the client-server model and its variants. The growing use of the internet and the development of mobile communication technologies yield more needs in terms of performance, reliability and security. By its synchronous nature, the client-server model no longer seems to be able to meet these new demands. The mobile agents’ paradigm is one of the approaches that have been proposed, and this technology holds great promises with regard to questions related to reliability and security. In this paper, we present the market-place architecture, a secure mobile agents-based framework. The main idea is to generalise the market mechanisms to non-market systems through an extended mobile agents’ model, the seller-buyer model. This architecture provides developers with the opportunity to build efficient and safe mobile agents-based distributed applications. We give the outline for designing applications according to the MP architecture and propose a Jade implementation. Keywords: mobile agent; MA; seller-buyer model; market-place architecture; distributed applications; security; Jade. Reference to this paper should be made as follows: Menacer, D.E., Drias, H. and Sibertin-Blanc, C. (xxxx) ‘The MP architecture: towards a secure framework for mobile agents’, Int. J. Agent-Oriented Software Engineering, Vol. X, No. Y, pp.000–000.
Copyright © 200x Inderscience Enterprises Ltd.
1
2
D.E. Menacer et al. Biographical notes: Djamel Eddine Menacer has been an Assistant Lecturer in the National Computer Science School of Algiers (ESI), Algeria since 2007. He received his Master degree from the National Computer Science School of Algiers in 2004. He is also a PhD student and works on the mobile agents’ technology. His research investigations include also network security and cognitive systems. Recently, he has attended the IADIS Conference 2009 in Algarve, Portugal and has two other papers in the proceedings of the same conference in 2010 and 2011. Habiba Drias received her MS in Computer Science from Case Western Reserve University, Cleveland, Ohio, USA in 1984 and her PhD in Computer Science from USTHB, Algiers, Algeria in collaboration with UPMC, Paris6, France, in 1993. Her research was primarily focused on the satisfiability problem and then on artificial intelligence technologies. She has worked on satisfiability, multi-agent systems, tabu search, scatter search, genetic and memetic algorithms, guided local search and bio-inspired approaches such as ACO and PSO. She is the author of Bees Swarm Optimization (BSO) published in 2005. More recently, her research investigations include intelligent data mining and large scale and knowledge-based information retrieval. She has published since 1992 more than 100 papers in well-recognised international conferences and journals. Christophe Sibertin-Blanc is a full Professor at the University Toulouse 1 – Capitole and a member of the Institut de Recherche en Informatique of Toulouse. In the ‘80s, he was one of the pioneers in the design of formalisms integrating the Petri net theory and the concepts of the object-oriented approach. Now, he is working on protocols, coordination and the organisational level in multiagents systems and, together with sociologists, on the formal modelling, simulation and analysis of social organisations, with applications especially in the domain of natural resources.
1
Introduction
Most of the existing distributed applications are built around the client-server paradigm. The importance of the quality of service requirements in distributed applications (non-functional aspect) is becoming critical. The quality of service includes (Coulouris et al., 2001): the performance, the security and the safety of operating (or reliability). In order to meet these growing requirements, the client-server model has been extended to other well-adapted models, especially the mobile code execution model. Mobile agents (MAs) inherit two technologies: the mobile code-based distributed systems and the agents-based software systems (Gulyás et al., 2001). The technical aspect of MAs, including asynchronism, service personalisation (Ismail and Hagimont, 1999) and scalability in pervasive systems (Cardoso and Kon, 2002), is the main argument for their use (Lange and Oshima, 1999; Rouvrais, 2002). However, the security problem of MAs blocks their development (Harrison et al, 1995; Papaioannou, 1999) since developers and practitioners need a secure way to use MAs. Thus, benefiting from the advantages of MAs for the development of distributed applications mainly depends on the possibility to satisfy security requirements. The low activity on MAs over the last decade results from the difficulties encountered to solve security problems.
The MP architecture
3
Security is a global concern – the level of security of any system is determined by its more vulnerable point – and, in the MAs’ context, security is a multifaceted problem since both the visited hosts and the visiting agents have to be secured. This paper proposes a new MAs-based architecture that intends to provide a comprehensive solution to the various issues related to security. This architecture is a generalisation of market mechanisms to non-market systems and it relies on an extended MAs’ model, the seller-buyer (SB) model. The proposed architecture would help developers in using, safely and efficiently, MAs to build distributed large-scale applications. The remainder of this paper is organised as follows. Section 2 presents MAs systems and standards. Related MAs-based architectures in the literature are presented and security issues in the context of MAs are also discussed. The SB model of MAs is described in Section 3. Section 4 presents the application of this model to support the market-place (MP) architecture, and gives some examples of distributed applications designed according to the MP architecture. Section 5 gives an analytical evaluation of the SB model. Section 6 presents a Jade implementation of the MP architecture and summarises some experimental results. Finally, Section 7 concludes the whole paper.
2
MA systems
2.1 Standards An MA needs a specific execution environment on all the sites that constitute its itinerary. The execution environment is provided by an MA platform. A lot of MA platforms have been developed around the world, such as Aglets from IBM (Lange, 1996; Lange and Oshima, 1998; ASDK, 2010), Concordia (Wong et al., 1997), Voyager (ObjectSpace, 2010), Grasshopper (Bäumer and Magedanz, 1999) or Mole (Baumann et al., 2002). These platforms are used to support the development of distributed applications by providing built-in agent features (such as agent creation, agent behaviour, mobility). Among the efforts to make the MAs technology to be more accessible to the industry, two organisations provide standards: the Foundation for Intelligent Physical Agents (FIPA) and the Object Management Group (OMG). The FIPA (2009) issues standards that deal with cooperation between intelligent agents. Examples of FIPA platforms are: Jade (Tilab, 2010), Jack (AOSG, 2010) and ADK (Tryllian, 2010). Most of the recent platforms use FIPA mechanisms and consider the mobility of the agents as an additional feature. OMG deals with interoperability between MAs through the Mobile Agent System Interoperability Facilities (MASIF) specification (Milojicic et al., 1998). In addition to Corba-based services, MASIF proposes an MA architecture including the following components: the agents, the agencies that include one or more places which constitute a virtual machine hosting agents’ runs, and the regions that are administrative collections of agencies. Unlike the FIPA-based platforms, the MASIF standard allows interoperability between MASIF-based platforms and considers the mobility as an important feature. Grasshopper and Voyager are examples of MASIF platforms.
4
D.E. Menacer et al.
2.2 Security issues On large-scale public networks such as the internet, security is an essential concern. In the case of MAs, the hosts receive the agents and provide them an execution environment. The agents can then use the local resources of the host. The MAs’ security problem is then dual: we have to secure not only the visited hosts but also the visiting agents. MAs’ security issues can be categorised into four streams (Gulyás et al., 2001): Table 1
Security categories
Category
Description
Category I
Protecting hosts against agents (or agents against each other)
Category II
Protecting a group of hosts
Category III
Protecting agents against hosts
Category IV
Securing the communication
It is important to note that most of the MA security issues have counterparts and already occur in some form in classical client-server systems. However, four specific threats are identified for MAs (Jansen et al., 1999): an agent attacking an agent platform or an agent attacking another agent on the agent platform (both in Category I); an agent platform attacking an agent and other entities attacking agents (both in Category III). Therefore, in the following, we focus on Categories I and III. •
Category I security issues: The hosts can be damaged by malicious codes or agents. An incoming agent has three main lines of attack. The first is to gain unauthorised access to information residing at the host; the second is to use its authorised access in an unexpected and disruptive fashion; the third is to deny host services to other agents by exhausting computational resources, if resource constraints are not established or set tightly. This category includes also the protection of other agents being executed on the same host.
•
Category III security issues: The main unsolved security problem concerns the protection of visiting agents against a malicious host. Indeed, a receiving agent platform can easily isolate and capture an agent and attack it by extracting information, corrupting or modifying its code or state, denying requested services, or simply reinitialising or terminating it (Jansen et al., 1999). Moreover, an agent is very dependent on the agent platform and may be corrupted by the platform responding falsely to requests for information or service, or delaying the agent until its task is no longer relevant.
Security solutions. The security solutions for the first category are similar to those of traditional systems. The main unsolved security problem belongs to the third category. There are a number of solutions proposed to protect agents against malicious hosts which can be summarised into three streams (Tschudin, 1999; Sander and Tschudin, 1998), as shown in Table 2.
5
The MP architecture Table 2
Some solutions and their limitations Description
Limitation
Establish a closed network
Solution
Limit the visited sites to trusted sites
limitation of the mobility and the capacity of the agents
Agent tampering detection
Use state evaluation functions to detect if an agent has been tampered during its trip (digital signatures).
Difficulty to restore from attacks. Not effective for agents that carry out critical missions.
Agent tampering prevention
Hide the agent data and the functions executed by the agent on the visited site, by encrypting the agent’s code and data.
Increase the payload on the system
2.3 State-of-the-art Many efforts are made to build more efficient MA platforms or to enhance existing FIPA and MASIF platforms. Other efforts are made to propose new frameworks that are based upon existing platforms. These frameworks provide additional features in terms of security and models of interaction of the agents.
2.3.1 Examples of works on interaction models In Wang et al. (2002), the authors propose an interesting MAs framework using a market-based interaction model for the e-commerce on the internet and they apply their framework to test parallel processing. The MA platform used is Aglets. In Vogler et al. (1999), the authors show how to provide MAs with market capabilities in the e-commerce context. The proposed architecture can be deployed on top of existing agent platforms as an enhancement and it is based on standard components as Corba. In Lentini et al. (1998), the authors propose extensible mobile agents architecture (called EMAA) to ease the development of MAs applications. This architecture is aimed to be the foundation for several different applications. To the best of our knowledge, the implementation of EMMA remains just a project. In Chieng et al. (2000), the authors propose an MA brokering environment for future open network marketplaces (for example, the internet). MAs use brokering capabilities to facilitate expertise-brokering activities on behalf of the users. The proposed framework helps users to do the best deals in terms of financial costs and quality of services. In Esmahi et al. (2002), the authors focus on the issues arising from the interactions of many MAs in multi-agents systems. The application is an intelligent agent MP, where buyer and seller agents cooperate and compete to process sales transactions for their owners. In contrast with other approaches including negotiations between agents, the authors introduce an explicit mediator (the MP manager) into the negotiation. In Kim and Noh (2003), the authors propose an MA architecture for mobile market applications. By implementing and evaluating their architecture, the authors found that MA technique could be suited for mobile applications and could solve the vulnerabilities caused by a mobile computing environment.
6
D.E. Menacer et al.
2.3.2 Examples of works on security Recently, some works focus on the protection of agents (Category III) but propose solutions for just specific threats. We can summarise these threats in two lines: risk on the agent’s code and risk on the agent’s itinerary. For the first type of threat, the authors in Garrigues et al. (2009) propose a solution for protecting MAs from external replay attacks. This kind of attacks is performed by malicious platforms by dispatching an agent several times to a remote host, thus making it to re-execute parts of its itinerary. The protection of the agents’ itinerary by encrypting the itinerary prevents this attack but decreases the system performance to a great extent. Another solution in Chan et al. (2000) consists in leaving the itinerary in clear but merging it with an encrypted chain at each visited site, and a recent solution in Garrigues et al. (2008) consists in a cryptographic scheme for shielding dynamic itineraries from tampering, impersonation and disclosure. For the second type of threat, the authors in Pechoucek et al. (2005) propose an MA platform called secure mobile agent platform (SECMAP) and its security infrastructure. SECMAP presents abstractions which ensure the protection of agents and system components through a shielded agent model. This solution has a cost: at each execution of an agent, data must be decrypted in memory. The solution increases also the processor payload in the visited agents’ platforms. The logging process, though useful, should make the whole system very heavy. Moreover, the presence of untrusted nodes is not discussed. Finally, a new approach known as trusted computing introduced by Arbaugh et al. (1997) has received interest in Muñoz et al. (2009). In a trusted computing scenario, trusted applications run exclusively on top of trusted supporting software. This approach provides, therefore, a secure environment for agent execution (Category III). However, this solution is generally expensive and spreading trusted environments on internet is not possible.
2.3.3 Discussion First, we can notice that most of works that deal with market models focus on e-commerce and similar applications. To the best of our knowledge, there is no work that proposes to generalise the market mechanisms to no-market applications (information retrieval for example). Second, few MA platforms provide Category III security features. According to the developers, the main reason is that these additional features most often decrease the performance of the platform to a great extent. Most of the existing MA platforms secure the hosts visited by the agents and some platforms allow secure communications (Gulyás et al., 2001). However, they do not ensure the protection of the agents themselves and most of the studied works propose solutions to only specific threats. In the following, we propose a comprehensive architecture that deals with all aspects of MAs’ security and generalises the use of market mechanisms as interaction model. To do so, this architecture is based on an enhanced MA model, the SB model.
The MP architecture
3
7
The SB model
3.1 Overview of the SB model Our first contribution is to propose to extend the classical MA model towards a more suitable model, the SB model (Menacer et al., 2009). The SB model allows to keep at least the same performance level as the MA model (Figure 1), and to reduce the MAs security problem. This is done by preventing an agent from migrating directly to a host and a host from receiving MAs. This is possible if we dissociate the rendering of services and the hosting of visiting agents; then an MA representing the client meets, on intermediate sites, a service provider representative. As the client agent, the server agent process becomes mobile. The client agents are delegated by clients to buy a service (buyer agents) and the server agents are delegated by the remote services to sell a service (seller agents). MAs (buyer and seller) may migrate only on meeting sites: the market places or MP. As in Messerschmitt and Hubaux (1999), and Xu and Shatz (2003), we adapt market mechanisms to distributed systems. Figures 1 and 2 show the change from the MA to the SB models. Figure 1
The MA model
Figure 2
The SB model
The interaction between a buyer agent (client) and a seller agent (server) is a negotiation about a price p that can or not be null. This price measures the quality or the worth of the service. Since there may be several seller agents in a MP, a buyer agent can choose the one which proposes the same service with the best price. The seller agents are then in competition. We assume that a seller agent carries only the minimum resources from the
8
D.E. Menacer et al.
provider site, in order not to overload the network, and may interact, if necessary, with its home site to deliver the full service.
3.2 Security in the SB model Table 2 shows clearly that security issues of MAs are symmetric because they include the protection of both agents and hosts. In contrast to this, the research efforts concerning these issues seem to be asymmetric (Gulyás et al., 2001). The originality of our approach is based on the fact that the best way to solve the unsolved Category III security problem is to translate this problem to the well-solved Category I security problem. In the SB model, all the delegated agents are created by the system and only these agents can migrate on the MP sites. The risk of attacks comes from the providers’ sites, not from the clients’ sites. Indeed, only providers’ sites can provide code and data to seller delegated agents. Therefore, we can have malicious provider sites and malicious agents (seller agents with malicious service provided by malicious providers). The malicious seller agent can migrate to non-malicious MP sites. It is possible that the MP site itself becomes malicious by the effect of the received agent (Category I). In order to avoid this problem, we must check the service provided by the providers’ sites. To this end, the SB model binds the checked provider’s service to the seller agent. Now, the MP sites receive safe seller agents and mobile buyer agents can move to these trusted MP sites (Figure 3). Figure 3
Security in the SB model
The SB model avoids the Category III security problems as follows: 1
representing providers’ sites by seller agents
2
checking the digital signature of the providers’ service code; any malicious code (unsigned code) is rejected
3
embedding accepted service codes in seller agents
4
moving only the non-malicious seller agents to the MPs
5
providing secure and trusted MPs; if we guarantee that the MPs are secure, the buyer agents can move to them safely.
The initial security problem (Category III) becomes then a Category I security problem. Based upon this solution, the SB provides security features summarised in the Table 3.
9
The MP architecture Table 3 Category I III
SB security features Feature
Description
Certified and signed mobile agents
Only these trusted agents can migrate on the MP
Closed network
The agents migrate only on the MPs
Agent tampering prevention
The MPs are certified and high trusted hosts. The only permitted migration is the migration on the these trusted MP
Agent tampering detection
The certified agents are digitally signed. Recovering from attacks is easier in a closed network
Conclusion. The SB model reduces the security problem by a symmetric approach: the Category III problem (the unsolved problem) is solved by a translation into the Category I problem (the well-solved problem).
4
The SB model for distributed applications: the MP architecture
We propose the MP architecture based upon the SB model for the development of MAs distributed applications. This architecture can be considered as a closed space in which the agents, representing the clients and the providers, move to search or offer services. This architecture can be built in both LAN environment and WAN environment. In WAN environment, the bandwidth represents an important cost and security is an important concern (incoming MAs cannot be accepted by all hosts). The internet network is the typical example. Therefore, we will focus on the WAN environment. In Section 5, we will show that the extra bandwidth of the proposed architecture entails almost the same cost as classical MAs-based architectures.
4.1 MP components There are two external actors to the MP architecture: clients that send requests by means of buyer MAs and providers that offer services at MP sites by means of seller MAs. The novelty of our architecture is to propose a general framework that can deal with any type of distributed application. The basic idea is that each service S in MP architecture belongs to a class of services SC. A class of services SC belongs to an application domain D. We can put: D = {SC1 , SC2 , ..., SC N } SCi = {Si1 , Si 2 , ..., SiM }
For example: D = ‘information retrieval’, SC = ‘image documents search’, S = ‘medical images search’. The MP architecture comprises the following components: •
The MPs. In order to give MAs a directed way to request a service, the MP sites are organised according to the class of the offered services. One MP hosts one service class SCi (so one or several services (Si1, Si2, …, SiN) belonging to the class SCi), but one service class can be hosted by several MP. The services are located, within the
10
D.E. Menacer et al. MP site, in e-shops (Wang et al., 2002). In the same manner, each e-shop hosts one service, but one service can be hosted by several e-shops. Therefore, seller agents visit e-shops and the dialogue between buyer agents and seller agents takes place in e-shops. Each MP holds a special database service called market-place directory service (MPDS) that manages information about e-shops and agents present in the place. MP sites are identified by IP address or URL.
•
The agent service providers (ASP). The client and provider users need a mean to create their MAs. A user connects via its browser to a specific site. This site is responsible for the creation of mobile buyers or seller agents, according to the type of user (client or provider). We refer this site to as ASP (Wang et al., 2002). An ASP is accessible by a URL, for example, mp://www.it.com. The ASP can propose several entry points (for example, the DNS domain http://www.it.com will point to several ASP hosts).
•
The market-place name servers (MPNS). When an MA requests or offers a service S that belongs to the class SC, it searches MP sites providing the class SC. To do this, the agent sends a request to MPNS, analogue to the DNS servers on the internet. The answer is a list of IP addresses of MP sites that offer the class of service SC, constituting the itinerary of the agent: (mp1, mp2, …, mpN).
•
The trust and security authorities (TSA). An MA must be certified before it visits MPs. We propose to add public key infrastructure (PKI) components to the architecture. The ASP provides a pair of keys (private, public) to MAs by means of a cryptography service. In the case of a buyer agent, the certification authority delivers a user certificate linked to the public key of the agent; in the case of a seller agent, a server certificate is issued. The MA can be signed or encrypted. We propose to host the certification authorities in special sites called Trust & Security Authority (TSA). All the components of the MP architecture should be certified: ASP, MP, MPNS and the TSA themselves.
•
Agents in MP architecture. There are two types of agents: MAs that comprise buyer agents and seller agents, and static agents that comprise manager agents and facilitator’s agents. Manager agents manage different sites in the system: ASP, MP and the e-shops. For MP site, the manager agent is called market-place service manager (MPSM) agent. The facilitator agents are responsible for recording information about MAs running on their place or site, and also for providing migration services for MAs running on other places or sites. There is one facilitator agent at the following hosts: ASP, MP and e-shops.
4.2 The dynamics of the MP architecture Each request of a client user is associated to a specific service S that belongs to a service class SC. This request is linked to a buyer MA created in the ASP site. The buyer agent obtains its private and public keys from a local cryptographic service. The buyer agent registers to the TSA by its Id and its public key and it obtains a certificate. Before migrating, the buyer agent asks the MPNS for an itinerary for the SC class of service. Almost the same process is applied to the seller agents that represent providers. We can represent the dynamics of the MP architecture through the diagram shown in Figure 5 (in bold the agents’ migrations).
11
The MP architecture •
MP interaction model. This is our second contribution: generalising market mechanisms to non-market applications. The negotiation between a buyer agent and seller agents takes place in e-shops that comprise one or more seller agents. The FIPA Contract-Net (Hsieh, 2006) interaction protocol is used to implement negotiation between agents by using CFP (call for proposal). The initiator of CFP is the buyer agent, and the seller agents are the participants. The CFP allows getting a list of interested seller agents. Then, the buyer agent has to choose the appropriate seller(s). To this end, it starts a negotiation through a reverse auction mechanism. The e-shop becomes then an auction room. The following algorithm describes how a buyer agent interacts with the seller agents of an e-shop.
Algorithm 1
The MP interaction model
/* CFP process */ 1
The buyer agent issues a call for proposal by sending a CFP message to all seller agents;
2
The seller agents interested by the CFP answer the buyer agent by sending a service offer;
3
The buyer agent select one (or several) of the sellers having sent an answer
4
The buyer agent sends its request to the selected seller agents
5
The selected seller agents answer the buyer agent with a proposition;
/* reverse auction process */ 6
The buyer agent defines the wished (and hidden) price wp
7
For each round in (1..MaxRnd) do a
/*price between a maximum and a minimum prices*/
/* MaxRnd is the maximum number of rounds allowed */
While number of iterations ≤ MinIt do
/* MinIt is the minimum number of iterations */
Selected seller agents send public propositions to the buyer agent; End while; b
if wp is lesser than all the propositions then Seller agents are invited to decrease their propositions; Else The buyer agent selects the first lesser proposition Exit;
/* End of auction */
End if; Next round;
•
MP migration model. The ASP facilitators help the buyer and seller agents to migrate to the MP sites by providing them an itinerary obtained by querying the MPNS servers. The address of the facilitators is included in the itinerary provided by the MPNS server to the MA. This kind of migration is called external migration. The MP facilitators help buyer and seller agents to migrate on the e-shops within the same MP by using the MPDS service. This second kind of migration is called internal migration and is similar to the migration process provided in FIPA platforms as Jade (cf. Section 6). Finally, the e-shop facilitators help buyer agents to locate seller agents within the e-shop. This double migration process constitutes an important feature of our architecture.
12
D.E. Menacer et al.
The external migration process is shown in Figure 4 (Xu and Shatz, 2003). Host-A and Host-B are two MPs connected by a network. When an MA MA1 on Host-A wants to migrate to Host-B, it needs first to ask the remote facilitator agent FAB (by the IP address included in the itinerary provided by the MPNS) which resides on host-B (step 1) whether it can move to host-B. Based on security and resource criteria, the remote facilitator agent FAB decides whether the migration request is granted. If the migration request is granted (step 2), the MA MA1 notifies its local facilitator agent FAA about its leaving (step 3), and finally it moves to the remote Host-B (step 4). Figure 4
MP migration process
4.3 Security in MP architecture 4.3.1 The protection of MP components •
ASP sites protection. An external service provider can provide an ASP site with malicious service code. The ASP site must be capable to prevent this risk. This prevention consists in: 1 Certification of the providers by the par TSA authorities or a well-known PKI authority. 2 Checking of the code of the offered service before embedding it in a seller agent by digital signatures mechanism (discussed later).
•
MP sites protection. The MP sites must be protected by a firewall service (MP security service, MPSS) that receives and authenticates the incoming agents. To do this, root certificates of the authorities must be available on the MPSS. The MP sites are then secured by the MPSS firewalls and the TSA system: non-certified agents will be rejected by the MPSS. If the code of the agent is signed, the MPSS can analyse it. The MP site environment will then execute the incoming MAs without any risk. The MPNS system and the TSA (that certify the MPNS sites) make the MP places to be high-trust sites.
•
Securing communications in MP. The communications between the different components must be protected: 1 communication between an agent and a MPNS server (risk on the returned itinerary) 2 communication between an agent and a TSA authority (risk on the certificate)
The MP architecture 3
13
remote interactions between a seller agent and its provider.
These three cases can be resolved by the PKI system because the MP components are already certified. The last case involves also the checking of the data yielded by the provider to its seller agent located in an MP site. This problem can be dedicated to the MPSS of the MP place while filtering the inputs.
4.3.2 The protection of agents •
Closed network. The MAs are not allowed to move to sites other than the MPs. The tampering of agents is then reduced. However, a malicious MP or a malicious agent can be introduced into the MP system by a malicious provider: a seller agent with a malicious code may contaminate a MP that becomes malicious. Therefore, it’s very important to protect the ASP sites.
•
Detection of agents tampering. The protection of the MA’s code (including the request) is done by digital signatures. If the code has been modified by a malicious place or another malicious agent, the MP site can detect this tampering by the PKI system: the MPSS recuperates the public key of the presented agent certificate, validates the authority that delivered the certificate and checks the digital signature. The digital signature of agent code is a mandatory procedure in the MP architecture.
•
Prevention of agents tampering. We secure the agent data, if necessary, by data encryption. The encryption can decrease the performances. However, this procedure is only necessary in the case of critical applications such as financial data in the electronic commerce. Moreover, the MP sites, the only hosts that the agents can visit, are high-trust sites. So, it is not necessary to encrypt all the agents’ data. The data encryption is not a mandatory procedure in the MP architecture.
Although the security pattern proposed is based upon common cryptographic mechanisms, our solution does not require the encryption of the MAs.
4.4 Examples of MP-applications •
E-commerce. The MP architecture is suitable for the e-commerce. We just have to secure the payments. To this end, we complete the MP architecture by a new component, the Virtual Banking Authority (VBA). The VBA generates a sort of virtual temporary bank account (virtual credit card initialised with a certain amount), the virtual account number (VAN) (Vogler et al., 1999) for each registered client in the ASP. The VAN is associated to the buyer agent. Once in the MP site, a seller agent will require the VAN account from the buyer agent before to deal with it.
•
Distributed information retrieval (DIR). We define the application domain ‘IR’ as including the class of service as ‘search category’, and the service as ‘Search theme’. For example, D = IR, SC = general, S = general, for general purpose search; D = IR, CS = IT, S = software, for specific search.
The MPs are classified according to the search category they offer. A buyer MA is a search agent (also called metasearch agent) which acts on behalf of a user. A seller agent owns an index and a search code, and can be considered as search engines. The search engine agent acts on behalf of a provider. To respect the obligation for the seller agent to
14
D.E. Menacer et al.
carry just the minimum resources, it is reasonable that a seller agent carries only an index of a search theme S. To facilitate the users’ searches, we propose a distributed index through search engine agents. According to the search category SC of the request, the asked MPNS server gives the metasearch agent an itinerary composed of the MPs belonging to this search category. Finally, the metasearch agent meets the search engine agents in the e-shop corresponding to the search theme S and located in a MP site that belongs to the search category SC; the metasearch agent can then ask several search engines agents, filter the different results and return the best result to the user. Figure 5
5
MP architecture (see online version for colours)
Evaluation of the SB model performance
Two performance indicators can be used: network bandwidth consumption and response time. Response time depends on servers’ workload but also on bandwidth consumption. MAs use local interactions instead of remote interactions and the servers’ workload should be at most the same as in client-server. However, they cause bandwidth overload during their migrations. We then evaluate the performances of the SB model in terms of bandwidth consumption rather than servers’ workload. We consider two types of services: composite and non-composite service. The SB model is compared with the MAs’ model. Let us consider a network with one client site and n service nodes. The client sends a request having the size r to each service node S, which answers with out(S). We assume that an agent has an average size s. With
The MP architecture
15
MA model, one MA migrates with the request to each service node S and returns with the all the results. With the SB model, one mobile buyer agent migrates with the same request to a place that hosts the service class SC that owns the service S. If we assume that there are m service classes, the n services sites can be gathered together in m places (m < n). Since a seller agent must carry just the minimum resources from its home site, the seller agents answer the buyer agent with a partial result out1(S). The remaining service, out2(S), is provided by remote invocation with the original provider’s node (out1(S) + out2(S) = out(S)). Instead of making n + 1 migrations, the MA will do just m + 1. To simplify the calculations, we assume that out(Si) = out(Si+1) = out.
5.1 Composite services In this kind of services, we have:
in( s1) = r , out ( s1) = out; ⎧ ⎨ in ( si ) out ( si − 1) = out , out ( si ) = out , for i > 1. = ⎩ MA consumption (s + r) + n ∗ (s + out) SB consumption
(s + r) + n ∗ (out1 + out2) + m ∗ (s + out) = (s + r) + n ∗ out + m ∗ (s + out)
SB better than MA if: m 1 < n 1 + out s
(1) Comment [t1]: Author: Please confirm if the amended sentence/statement is correct.
Therefore, equation (1) should be satisfied, most likely, when: m < n2 . Figures 6(a) and 6(b) shows MA and SB in composite services.
5.2 Non-composite services In this kind of services, we have: in( s1) = r , out ( s1) = out ; ⎧ ⎨ ⎩in( si ) = r , out ( si ) = out , for i > 1. MA consumption (n + 1)(s + r) + out ∗ n(n + 1) / 2 SB consumption
(m + 1) (s + r) + n(r + out2) + out ∗ n(m + 1) / 2
SB better than MA if: m r + out 2 < 1− n n ( s + r ) + out ∗ 2 But: r + out 2 < ( s + r ) + out ∗ n2 , so (2) is satisfied. Figures 7(a) and 7(b) shows MA and SB in non-composite services.
(2)
16 Figure 6
D.E. Menacer et al. (a) The MA model in composite services (b) the SB model in composite services
(a) Figure 7
(b)
(a) The MA model in non-composite services (b) the SB model in non-composite services
(a)
(b)
5.3 Evaluation of a document collection application We will study the performance of a well-known applications proposed in Carzaniga et al. (1997) because it is considered as the most unfavourable for the MAs. A client wants to acquire documents (average size of the body is b) stored in n sites in a network. Each site stores D documents. For each site, the client acquires first the documents’ headers (average size is h). A service S1 (on each site) allows to get these headers, that is Out(S1) = D*h. from these headers, The client selects, the relevant documents. Then, another service S2 allows to get the documents’ bodies, that is Out(S2) = i*D*b, where i (0 ≤ i ≤ 1) represents the average ratio between the number of relevant documents and the
17
The MP architecture
total number of the documents in each site. The requests issued by the client have a fixed size r (ask for header or for document), that is, for each i, In(S1) = In(S2) = r. •
Using the MA model. Figure 8 shows the interactions in an MA implementation of the documents collection application.
Figure 8
Interactions in the MA model
If s is the size of the MA, we can easily deduce that the MA consumption Tma is: inDb ⎞ ⎛ Tma = (n + 1) ⎜ r + s + ⎟ ⎝ 2 ⎠
•
(3)
Using the SB model with one MP. If the n sites provide the same service S, they can be gathered, by means of seller agents, in one MP [cf. Figure 9(a)]. The seller agents propose just the document headers to the buyer agent. The document bodies remain on the home site. Instead of making n + 1 migrations, the buyer MA will do just 2 (go to the MP place and return). If s is the size of the buyer agent, we have: 1 2
migration cost (buyer agent): 2*(s + r) + results remote interactions cost of the seller agents: n*(iDr + iDb)
3
final result (relevant information): I = inDb.
Finally, Tsb = 2( s + r ) + inD (2b + r )
(4)
Let us compare the formula (4) with formula (3): 2(s + r) < (n + 1)(s + r) and inD(2b + r) < in(n + 1)Db / 2 (term with n2). So Tsb < Tma and SB is better than MA. •
Using SB with several MP. We again assume that the n sites are gathered in m MP sites (m < n). Each site MPi hosts pi seller agents (cf. Figure 9b). Since pi = n,
∑
the SB model will consume: m
Tsb = (m + 1)( s + r ) + inDb + inDr + iDb
∑ (m − j + 1) pj j =1
If we assume that one MP has in average p seller agents (each MP place gathers p sites together), we will have:
18
D.E. Menacer et al. m
Tsb = (m + 1)( s + r ) + inDb + inDr + iDbp
∑j j =1
Since p*m = n, we will have finally:
inDb ⎞ Tsb = (m + 1) ⎛⎜ s + r + ⎟ + inD(b + r ) ⎝ 2 ⎠
(5)
Let us compare with formula (3): SB better than MA if: inDb ⎞ ⎛ Tma > Tsb ⇔ (n − m) ⎜ s + r + ⎟ > inD(b + r ) 2 ⎠ ⎝
m iD(b + r ) < 1− n s + r + inDb / 2
(6)
inDb ⎞ We know that m / n < 1, so 1 = iD(b + r ) / ⎛⎜ s + r + ⎟ < 1. 2 ⎠ ⎝
iD(b + r ) must be lesser than 1. It would be possible if: s + r + inDb / 2 n > 2+
2(iDr − s − r ) . iDb
iDb > iDr (since r < b), and iDb > 2(iDr – s – r) for medium and large documents. So: 0
3 iDb
The condition (6) is then generally satisfied when n > 3. Figure 9
(a) One-place SB interactions (b) m-places SB interactions
(a)
(b)
Conclusion. The SB model is better than the MA model in terms of performance as soon as we deal with medium or large documents. In fact, many surveys such as Chia and Kannapan (1997), Straβer and Rothernel (1998), and Straβer and Schwehm (1997) had shown that a mixed strategy (using MAs and remote invocations) is a best choice. In the
The MP architecture
19
SB model, the number of migrations is reduced (m < n), due to the fact that the buyer agents are still mobile but the seller agents interact remotely with their home sites. Therefore, the SB model uses a mixed strategy.
6
Implementation and experimentation
6.1 A Jade implementation of the MP architecture Java agent development framework (Jade) (Tilab, 2010; Bellifemine et al., 2001; Fortino et al., 2010) is a free and open source platform for the development of FIPA agents-based systems. JADE can be considered as the reference FIPA compliant platform. The Jade agents run on specific environments called containers. The containers can be distributed over several computers on a network. Each computer in the network can run a Jade platform instance. A Jade platform is a set of containers. A Jade main platform is a platform that holds one special container, its main-container that contains two specific agents: the agent manager service (AMS) of the platform and the directory facilitator (DF). All the containers within a platform are registered into the main-container of its main platform. In its basic version, Jade provides a mobility service that allows the agents to move from a container to another one within the same platform (intra-platform migration also called internal migration). Therefore, Jade does not provide external migration (inter-platforms migration). Figure 10 Jade MP
The MP architecture can be implemented as a set of Jade platforms distributed over several computers in a network. A MP is a set of computers including a Jade main platform server and one or several Jade platforms (containers) servers that implement e-shops. The ASP site is a main Jade platform which allows the creation of MAs in the system. The other MP components (MPNS and TSA) do not need to be Jade platforms, they may be Java services. The communication between Jade platforms and these servers
20
D.E. Menacer et al.
are performed by sockets. The Jade implementation of the MP architecture is the MP platform. Figure 10 shows a Jade implemented MP. Every agent inherits the Agent class of the package jade.core.agent. The tasks of each Jade agent are called behaviours. Jade allocates one thread for each agent. •
Static agents. These agents provide services to the system. The DF agent of a MP acts as a MP facilitator agent. The AMS agent of the main platform manages the MPs and acts as the MPSM agent. There is only one DF in a Jade platform. However, Jade provides sub-DF agents which are similar to DF agent and act as e-shop facilitators. In the ASP, the AMS manages the ASP and the DF agent represents the ASP facilitator. Since Jade does not provide inter-platforms migration (also called external migration), the ASP facilitator agent should be modified in order to provide a list of Jade platforms (itinerary) instead of providing a list of containers. The static agents implement a cyclicBehaviour (a repetitive behaviour issued from the class CyclicBehaviour of the package jade.core.behaviours) since they run repetitive tasks.
•
MAs. The buyer agents may have an advanced decision autonomy model. We think that the Jade finite state machine (FSM) model is suitable for this type of agent. The FSM are instances of the class FSMBehaviour of the package jade.core.behaviours.FSMBehaviour and can implement behaviours. The request of the client is included in the behaviour. The seller agents may also implement a FSM but lighter than those of the buyer agents because it does not performs multiple migrations as buyer agents do. The service code of the provider is included in the behaviour. At its arrival in a MP, a seller MA registers its services to the sub-DF agent of the appropriate e-shop. Finally, a seller agent interacts remotely with its provider site by sockets.
6.2 Experimental validation The MP security model can be validated by the simulation of the most known attacks against agents on network simulators. Now, we show that security improvements do not affect the performances and confirm the analytical results. We have evaluated the performance of the MP architecture by using a DIR application with SB MAs: the document’s collection application (cf. 5.3). The tests involve 10 Windows XP computers running Jade instances in a 100 Mbps LAN network. We have developed two versions of the application: the first version, called Jade+MA, uses the MA model, and the second version, called Jade+MPm, uses the MP architecture with m MPs Each computer stores up to 200 files. The ratio i is fixed to 4%. We have calculated the bandwidth consumptions (in kb) in three cases: varying the file size (b), varying the database size (D) and varying the number of nodes (n). •
Variation of the consumption with the document’s body b. n is fixed to 5 and D is fixed to 100. The file size b varies from 5 to 35 kb. The results are shown in Figure 11.
The MP architecture
21
Figure 11 Curves of the consumption for the different models by varying the file size (b) (see online version for colours)
m has the n values (1/5 = 0.2, 2/5 = 0.4, 3/5 = 0.6) respectively for Jade+MP1, Jade+MP2 and Jade+MP3. We see that the Jade+MPm is better than Jade+MA. Note that the ratio
•
Variation of the consumption with the number of documents D. n is fixed to 5 and b is fixed to 20 kb. The DB size D varies from 25 to 175 files. The results are shown in Figure 12.
Figure 12 Graph of the consumption of the different paradigms by varying the database size (D) (see online version for colours)
22
D.E. Menacer et al. m has the n values (1/5 = 0.2, 2/5 = 0.4, 3/5 = 0.6) respectively for Jade+MP1, Jade+MP2, Jade+MP3.
We see that the Jade+MPm is better than Jade+MA. Note that the ratio
•
Variation of the consumption with the number of nodes. b is fixed to 20 kb and D is fixed to 100. The number of nodes n varies from 3 to 7. The results are shown in m Figure 13. The values of the ration are summarised in the table 4. n
Figure 13 Graph of the consumption of the different paradigms by varying the number of server nodes (n) (see online version for colours)
Table 4
Values of the ration m / n
n
1
2
3
4
5
Jade+MP1 (m = 1)
1*
0.5*
0.33*
0.25*
0.20*
Jade+MP2 (m = 2)
2
1*
0.66*
0.5*
0.4*
Jade+MP3 (m = 3)
3
1.5
1*
0.75*
0.6*
Note: *When Jade+MPm is better than Jade+MA.
We can notice that when m > n, Jade+MA is better than Jade+MPm. However, when m ≤ 1 or n ≥ 3 Jade+MPm is better than Jade+MA. n Conclusion. The above results are compatible with the formulas (1), (2) and (6) in Section 5. Therefore, the experimental results confirm the analytical ones described in Section 5.
The MP architecture
7
23
Conclusions and future works
MAs are just a technology that needs an appropriate architecture for being fully used. The suitability of the MAs’ paradigm for the building of distributed systems depends on the availability of adequate mechanisms to ensure the required level of security. While most of the related works focus on specific aspects of this problem, our approach is more global. The main idea is to extend the classical MA model towards a more suitable model, the SB model, that distinguishes the service rendering and the meeting places concerns. This allows reducing the unsolved category III security to the well-solved category I security problem. As a result, instead of providing asymmetric security solutions, the SB model provides symmetric security mechanisms for the agents and the hosts. The SB model is our first contribution. Based upon this model, we propose the MP architecture, a general framework suitable for the development of a wide range of distributed applications. This is obtained by defining an interaction model that generalises market mechanisms to non-market applications. The MP interaction model is our second contribution. Although the security pattern is based upon common cryptographic mechanisms, this architecture does not raise performance issues since there is no encryption of the MAs. To ensure that the performances do not decrease, we give analytical results and confirm them by testing a document collection prototype. We outline the design of two MP-based applications and propose a Jade implementation of this architecture. Currently, we are achieving a prototype of a Jade MP platform that allows implementing most of the known distributed applications. We project to develop a complete information retrieval application upon this prototype. Finally, we believe that this architecture provides the developers and practitioners with a suitable way to use MAs for the design of MAs-based applications.
References Arbaugh, B., Farber, D. and Smith, J. (1997) ‘A secure and reliable bootstrap architecture’, Paper presented at the IEEE Symposium on Security and Privacy. Baumann, J., Hohl, F., Rothernel, K., Straβer, M. and Theilmann, W. (2002) ‘Mole: a mobile agent system’, Journal of Software-Practice and experience (SPE), Vol. 32, No. 6, pp.575–603. Bäumer, C. and Magedanz, T. (1999) ‘The Grasshopper mobile agent platform enabling shortterm active broadband intelligent network implementation’, Lecture Notes in Computer Science, Vol. 1653/1999, CH347, DOI: 10.1007/978-3-540-48507-0_10. Bellifemine, F., Poggi, A. and Rimassa, G. (2001) ‘Developing multi-agent systems with a FIPA compliant agent framework’, Journal of Software Practice and Experience, Vol. 31, No. 2, pp.103–128. Cardoso, R.S. and Kon, F. (2002) ‘Mobile agents: a key for effective pervasive computing’, Proceeding of the ACM OOPSLA 2002 Workshop on Pervasive Computing, November, Seattle. Carzaniga, A., Picco, G.P. and Vigna, G. (1997) ‘Designing distributed applications with mobile code paradigms’, in Taylor, R. (Ed.): Proceedings of the 19th International Conference on Software Engineering (ICSE’97), May, pp.22–32, Boston, MA, USA, ISBN 0-89791-914-9. Chan, A.H.W., Wong, C.K.M., Wong, T.Y. and Lyu, M.R. (2000) ‘Securing mobile agents for electronic commerce: an experiment’, Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures, Kluwer, B.V. Deventer, The Netherlands, The Netherlands ©2000.
24
D.E. Menacer et al.
Chia, T. and Kannapan, S. (1997) ‘Strategically mobile agents’, in Rothermel, K. and Popescu-Zeletin, R. (Eds.): Proceeding of the First International Conference on Mobile Agents (MA’97), Lecture Notes in Computer Science, April, No. 1219, pp.149–161, Springer. Chieng, D., Ho, I., Marshall, A. and Parr, G. (2000) ‘A mobile agent brokering environment for the future open network marketplace’, Proceeding of the 7th International Conference on Intelligence and Services in Networks IS&N 2000, February, pp.3–15, Athens, Greece. Coulouris, G.F., Dollimore, J. and Kindberg, T. (2001) Distibuted Systems, Concepts and Design, 3rd ed., Addison-Wesley, Michigan University, Pearson Education 2001. Esmahi, L., Dini, P. and Bernard, J.C. (2002) ‘Towards an open virtual market place for mobile agents’, Proceedings of the IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 1999), pp.279–286. Fortino, G., Garro, A., Mascillaro, S. and Russo, W. (2010) ‘Using event-driven lightweight DSC-based agents for MAS modeling’, International Journal of Agent-Oriented Software Engineering, Vol. 4, No. 2, pp.113–140. Garrigues, C., Midas, N., Buchanan, W., Robles, S. and Borrell, J. (2009) ‘Protecting mobile agents from external replay attacks’, Journal of System Software, Vol. 82, No. 2, pp.197–206. Garrigues, C., Robles, S. and Borrell, J. (2008) ‘Securing dynamic itineraries for mobile agent applications’, Journal of Network & Computer Applications, Vol. 31, No. 4, pp.487–508. Gulyás, L., Kovács, L., Micsik, A., Pataki, B. and Zsámboki, I. (2001) ‘An overview of mobile software systems’, MTA SZTAKI Technical Report, Department of Distributed Systems, MTA SZTAKI, Computer and Automation Research Institute of the Hungarian Academy of Sciences. Harrison, C.G., Chess, D.M. and Kershenbaum, A. (1995) ‘Mobile agents: are they a good idea?’, IBM T.J. Watson Research Report, RC 19887. Hsieh, F-S. (2006) ‘Analysis of contract net in multi-agent systems’, Journal of Automatica, Vol. 42, No. 5, pp.733–740, Elsevier, Kidlington, UK. Ismail, L. and Hagimont, D. (1999) ‘A performance evaluation of the mobile agents’ paradigm’, Internal Publication of the SIRAC Laboratory, INRIA-Rhônes-Alpes, 655 Avenue de l’Europe, 38330 Montbonnot Saint-Martin, France. Jansen, W., Mell, P., Marks, D. and Karygiannis, T. (1999) ‘Mobile agent security’, National Institute of Standards and Technology (NIST) Special Publication – 800-19, October, Gaithersburg, MD 20899, USA. Kim, P.J. and Noh, Y.J. (2003) ‘Mobile agent system architecture for supporting mobile market application service in mobile computing environment’, Paper presented at the International Conference on Geometric Modeling and Graphics (GMAG’03). Lange, D.B. (1998) ‘Present and future trends of mobile agent technology’, Proceedings of the second International Workshop on Mobile Agents 98 (MA 98), 9–11 September, Stuttgart, Germany. Lange, D.B. and Oshima, M. (1999) ‘Seven good reasons for mobile agents’, Communications of the ACM, March, Vol. 42, No. 3, pp.88–89. Lentini, R.P., Rao, G.P., Thies, J.N. and Kay, J. (1998) ‘EMAA: an extendable mobile agent architecture’, Proceeding for the Software Tools for Developing Agents Workshop at the Fifteenth National Conference on Artificial Intelligence (AAAI ‘98), Madison, Wisconsin. Menacer, D.E., Drias, H. and Sibertin-Blanc, C. (2009) ‘The seller-buyer model: an extension of the client-server model by the mobile agents’, in Rodrigues, L. and Barbosa, P. (Assoc. Eds.): Proceeding of the IADIS international conference Intelligent Systems and Agents 2009, 21–23 June, pp.133–140, Algarve, Portugal, ISBN: 978-972-8924-87-4. Messerschmitt, D.G. and Hubaux, J-P. (1999) ‘Opportunities for e-commerce in networking’, IEEE Communications Magazine, September, Vol. 37, No. 9, pp.95–98.
Comment [t2]: Author: Please confirm if the amended reference is correct.
The MP architecture
25
Milojicic, D., Breugst, M., Busse, I., Campell, J., Covaci, S., Friedman, B., Kosaca, K., Lange, D., Oshima, M., Tham, C., Virdhagrisswaran, S. and White, J. (1998) ‘MASIF – the OMG mobile agent system interoperability facility’, in Rothernel, K. and Hohl, F. (Eds.): Proceeding of the 2nd International Workshop on Mobile Agents, Lecture Notes in Computer Science, No. 1477, pp.50–67, Springer. Muñoz, A., Maña, A. and Montenegro, M. (2009) ‘A hardware based approach for protecting multi-agents systems’, in Rodrigues, L. and Barbosa, P. (Assoc. Eds.): Proceeding of the IADIS international conference Intelligent Systems and Agents 2009, 21–23 June, pp.141–148, Algarve, Portugal, ISBN: 978-972-8924-87-4. Papaioannou, T. (1999) ‘Mobile agents: are they useful for establishing a virtual presence in space?’, in Agents with Adjustable Autonomy Symposium, Part of the AAAI 1999 Spring Symposium Series. Pechoucek, M., Petta, P., Varga, L., Ugurlu, S. and Erdogan, N. (2005) SECMAP: A Secure Mobile Agent Platform, Vol. 3690, pp.102–111, Springer, Berlin/Heidelberg. Rouvrais, S. (2002) ‘Construction de services distribués: une approche à base d’agents mobiles’, TSI-HERMES / RSTI – TSI, Vol. 21, No. 7, pp.985–1007. Sander, T. and Tschudin, C. (1998) ‘Protecting mobile agents against malicious hosts’, in Vigna, G. (Ed.): Journal of Mobile Agents and Security, Lecture Notes in Computer Science, Vol. 1419, pp.40–60. Straβer, M. and Rothernel, K. (1998) ‘Reliability concepts for mobile agents’, International Journal of Cooperative Information Systems, Vol. 7, No. 4, pp.355–382. Straβer, M. and Schwehm, M. (1997) ‘A performance model for mobile agents systems’, Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications PDPTA97, Las Vegas, USA, Vol. 2, pp. 1132–1140, Athens, GA. Tschudin, C. (1999) ‘Mobile agent security’, in Intelligent Information Agent: Agent Based Information Discovery and Management in the Internet, pp.431–446, Springer. Vogler, H., Moschgath, M.L. and Kunkelmann, T. (1999) ‘Enhancing mobile agents with electronic commerce capabilities’, Proceeding of the Second International Workshop, CIA’ 98, Lecture Notes in Computer Science, 4–7 July, Vol. 1435, pp.148–159, Springer, Paris, France. Wang, Y., Tan, K.L. and Ren, J. (2002) ‘A study of building internet marketplaces on the basis of mobile agents for parallel processing’, Journal of World Wide Web, Vol. 5, No. 1, pp.41–66, Kluwer Academic Publishers Hingham, MA, USA. Wong, D., Paciorek, N., Walsh, T., DiCelie, J., Young, M. and Peet, B. (1997) ‘Concordia: an infrastructure for collaborating mobile agents’, Mobile Agents: First International Workshop, MA’97, Lecture Notes in Computer Science, 7–8 April, Vol. 1219, pp.86–97, Springer, Berlin. Xu, H. and Shatz, S.M. (2003) ‘A framework for model-based design of agent-oriented software’, IEEE Transactions on Software Engineering (IEEE TSE), January, Vol. 29, No. 1, pp.15–30.
Websites Agent Oriented Software Group (AOSG) (2010) JACK Intelligent Agents, available at http://www.agent-software.com/shared/home (accessed on July 2010). ASDK (2010) IBM Aglets Software Development Kit Homepage, available at http://www.trl.ibm.com.jp/aglets/ (accessed on July 2010). FIPA (2009) Official site of the Foundation for Intelligent Physical Agents, available at http://www.fipa.org (accessed on 15 June 2009). ObjectSpace (2010) ObjectSpace, Inc. ObjectSpace Voyager Core Package Overview, available at http://www.objectspace.com (accessed on July 2010). Tilab (2010) Jade official site, available at http://jade.tilab.com (accessed on July 2010).
26
D.E. Menacer et al.
Tryllian (2010) Agent Development Kit, available at http://www.tryllian.com/technology:product1.html (accessed on July 2010).
