Instance-oriented delegation: A solution for providing security to Grid-based mobile agent middleware  

作　　者：马天驰 李善平 

机构地区：[1]School of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China

出　　处：《Journal of Zhejiang University-Science A(Applied Physics & Engineering)》2005年第5期405-413,共9页浙江大学学报（英文版）A辑（应用物理与工程）

基　　金：Project (No. 602032) supported by the Natural Science Foundationof Zhejiang Province, China

摘　　要：New challenges are introduced when people try to build a general-purpose mobile agent middleware in Grid envi- ronment. In this paper, an instance-oriented security mechanism is proposed to deal with possible security threats in such mobile agent systems. The current security support in Grid Security Infrastructure (GSI) requires the users to delegate their privileges to certain hosts. This host-oriented solution is insecure and inflexible towards mobile agent applications because it cannot prevent delegation abuse and control well the diffusion of damage. Our proposed solution introduces security instance, which is an en- capsulation of one set of authorizations and their validity specifications with respect to the agent’s specific code segments, or even the states and requests. Applications can establish and configure their security framework flexibly on the same platform, through defining instances and operations according to their own logic. Mechanisms are provided to allow users delegating their identity to these instances instead of certain hosts. By adopting this instance-oriented security mechanism, a Grid-based general-purpose MA middleware, Everest, is developed to enhance Globus Toolkit’s security support for mobile agent applications.New challenges are introduced when people try to build a general-purpose mobile agent middleware in Grid envi- ronment. In this paper, an instance-oriented security mechanism is proposed to deal with possible security threats in such mobile agent systems. The current security support in Grid Security Infrastructure (GSI) requires the users to delegate their privileges to certain hosts. This host-oriented solution is insecure and inflexible towards mobile agent applications because it cannot prevent delegation abuse and control well the diffusion of damage. Our proposed solution introduces security instance, which is an en- capsulation of one set of authorizations and their validity specifications with respect to the agent’s specific code segments, or even the states and requests. Applications can establish and configure their security framework flexibly on the same platform, through defining instances and operations according to their own logic. Mechanisms are provided to allow users delegating their identity to these instances instead of certain hosts. By adopting this instance-oriented security mechanism, a Grid-based general-purpose MA middleware, Everest, is developed to enhance Globus Toolkit’s security support for mobile agent applications.

关 键 词：Mobile agent GRID Trust model DELEGATION 

分 类 号：TP393.09[自动化与计算机技术—计算机应用技术]