www.fanklub123.fora.pl

buyboots23

dan s. wallach, dirk balfanz, drew dean, and edward w. felten.
extensible security architectures for java.
technical report 546-97, department of computer science, princeton university, april 1997.mobile code technologies such as java, javascript, and activex generally limit all programs to a single security policy. however, software-based protection can allow for more flexible security models, with potentially significant performance improvements over traditional hardware-based solutions. we describe and analyze three implementation strategies for interposing flexible security policies in software-based security systems. implementations exist for all three strategies: several vendors have adapted capabilities to java, netscape communicator extended java's stack introspection, and we built a type-hiding system as an add-on to microsoft internet explorer.
this thesis proposes that the distributed information management provided by open hypermedia systems needs to be extended so that it is more interoperable, extensible and pervasive and that this can be achieved by integrating the principles of open hypermedia with the technology of mobile agents. mobile agents present a new development mechanism for designing and building distributed applications which are well suited to the dynamic environment of large-scale networks.

robert grimm and brian n. bershad.
providing policy-neutral and transparent access control in extensible systems.
technical report uw-cse-98-02-02, university of washington, department of computer science and engineering, february 1998.
robert s. gray.
agent tcl: alpha release 1.1.
department of computer science, dartmouth college, december 1995.agent tcl is a transportable agent system. the agents are written in an extended version of the tool command lanuage (tcl). each agent can suspend its execution at an arbitrary point, transport to another machine and resume execution on the new machine. this migration is accomplished with the agent jump command. agent jump captures the current state of the tcl script and transfers this state to the destination machine. the state is restored on the new machine and the tcl script continues its execution from the command immediately after the agent jump. in addition to migration, agents can send messages to each other and can establish direct connections. a direct connection is more efficient than message passing for bulk data transfer. finally, agents can use the tk toolkit to create graphical user interfaces on their current machine. agent tcl is implemented as two components. the first component is an extended tcl interpreter. the second component is a server which runs on each machine. the server accepts incoming agents, messages and connection requests and keeps track of the agents that are running on its machine. an alpha release of agent tcl is available for public use. this documentation describes how to obtain and compile the source code, how to run the server and how to write transportable agents.

under this perspective we can outline a system of any scale which uses the dynamic linking capability of java to distribute the code and the coordination facility of jada to handle distributed entities inter-relations.
david j. wetherall.
safety mechanisms for mobile code.
area examination paper, november 1995.
wouter joosen, frank matthis, johan van oeyen, and bert robben.
on flexible support for mobile objects.
in proceedings of the fifth international workshop on object orientation in operating systems, pages 3-7, seattle, wa., october 1996.

michael franz.
adaptive compression of syntax trees and iterative dynamic code optimization: two basic technologies for mobile object systems.
in mobile object systems: towards the programmable internet, pages 263-276. springer-verlag, april 1997.
lecture notes in computer science no. 1222.we are designing and implementing a flexible infrastructure for mobile-object systems. two fundamental innovations distinguish our architecture from other proposed solutions. first, our representation of mobile code is based on adaptive compression of syntax trees. not only is this representation more than twice as dense as java byte-codes, but it also encodes semantic information on a much higher level than linear abstract-machine representations such as p-code or java byte-codes. the extra structural information that is contained in our mobile-code format is directly beneficial for advanced code optimizations.
william cockayne and michel zypa, editors.
itinerant agents: explanations and examples with cdrom.
manning, 1997.

günter karjoth, danny b. lange, and mitsuru oshima.
a security model for agents.
ieee internet computing, 1(4), july/august 1997.mobile agents offer a new paradigm for distributed computation, but their potential benefits must be weighed against the very real security threats they pose. these threats originate not just in malicious agents but in malicious hosts as well.
robert grimm and brian n. bershad.
security for extensible systems.
in proceedings of the 6th workshop on hot topics in operating sytems (hotos-vi), cape cod, mass., may 1997.
languages with first-class functions provide a good starting point for agent programming, as they make it easy to express the construction, transmission, receipt, and subsequent execution of agents. however, for developing real agent-based systems, a language implementation must handle architectural heterogeneity between communicating machines and provide sufficient performance for applications based on agents. in addition, agents need to be able to access resources on remote execution sites yet remain in a framework that provides sufficient security.

dag johansen, robbert van renesse,[link widoczny dla zalogowanych], and fred b. schneider.
an introduction to the tacoma distributed system.
technical report 95-23, department of computer science, university of tromsø, tromsø, norway, june 1995.this report briefly introduces tacoma version 1.0. this distributed system supports agents, computations that can roam the internet. the report presents the tacoma project, the computational model, how to get started, and the basic tacoma abstractions.

david halls.
applying mobile code to distributed systems.
phd thesis, computer laboratory, university of cambridge, june 1997.use of mobile code can make distributed systems and the abstractions they provide more flexible to build and use.

hermann härtig and lars reuther.
encapsulating mobile objects.
in proceedings of the 17th international conference on distributed computing systems, baltimore, md., may 1997.
m. ranganathan, laurent andrey, anurag acharya, and virginie schaal.
mobile streams.
technical report trcs98-11, computer science department, university of california, santa barbara, april 1998.a large class of distributed testing, control and collaborative applications are reactive or event driven in nature. such applications can be structured as a set of handlers that react to events and that in turn can trigger other events. we have developed an application building toolkit that facilitates development of such applications. our system is based on the concept of mobile streams. applications developed in our system are dynamically extensible and re-configurable and our system provides the application designer a means to specify resource-control policy-modules that can control how the system can be extended and reconfigured. we describe our system model and compare our design to the design of other similar systems. we also describe three applications that have built using our implementation of mobile streams.
john hartman, udi manber, larry peterson, and tood proebsting.
liquid software: a new paradigm for networked systems.
technical report 96-11, department of computer science, university of arizona, tucson,[link widoczny dla zalogowanych], az, june 1996.this paper introduces the idea of dynamically moving functionality in a network--between clients and servers, and between hosts at the edge of the network and nodes inside the network. at the heart of moving functionality is the ability to support mobile code--code that is not tied to any single machine, but instead can easily move from one machine to another. mobile code has been studied mostly for application-level code. this paper explores its use for all facets of the network, and in a much more general way. issues of efficiency, interface design, security, and resource allocation, among others, are addressed. we use the term liquid software to describe the complete picture--liquidsoftware is an entire infrastructure for dynamically moving functionality throughout a network. we expect liquid software to enble new paradigms, such as active networks that allow users and applications to customize the network by interjecting code into it.

akihiko ohsuga, yasuo nagai, yutaka irie, masanori hattori, and shinichi honiden.
plangent: an approach to making mobile agents intelligent.
ieee internet computing, 1(4), july/august 1997.network environments allow computer users to employ distributed information and services to complete a task. however, gathering information and using services distributed in networks requires knowing exactly what kinds of information and services are required for a task, where they are, and how they can be obtained or utilized. tracking down the answers to these questions can be difficult, time-consuming tasks. mobile agent technology is expected to free users from these tasks. instead of the user searching, ïntelligent mobile agents will comprehend the users requirements, search network nodes autonomously for appropriate information and services, and return with the answers.
dag johansen, robbert van renesse, and fred b. schneider.
supporting broad internet access to tacoma.
in proceedings of the seventh acm sigops european workshop, pages 55-58, connemara, ireland, september 1996.

kenneth e. harker.
tias: a transportable intelligent agent system.
technical report tr95-258, department of computer science, dartmouth college, hanover, n.h., 1995.
also submitted as senior thesis.in recent years, there has been an explosive growth in the amount of information available to our society. in particular, the amount of information available on-line through vast networks like the global internet has been growing at a staggering rate. this growth rate has by far exceeded the rate of growth in network speeds, as has the number of individuals and organizations seeking access to this information. there is thus a motivation to find abstract methods of manipulating this on-line data in ways that both serve the needs of end users efficiently and use network resources intelligently. in lieu of a traditional client-server model of information processing, which is both inflexible and potentially very inefficient, a transportable intelligent agent system has the potential to achieve a more efficient and flexible network system. an intelligent agent is a program that models the information space for a user, and allows the user to specify how the information is to be processed. a transportable agent can suspend its execution, transport itself to a new location on a network, and resume execution at the new location. this is a particularly attractive model for both wireless and dialup networks where a user might not be able to maintain a permanent network connection, as well as for situations where the amount of information to be processed is large relative to the network bandwidth. preliminary work in the field has shown that such agent systems are possible and deserve further study. this thesis describes a prototype transportable intelligent agent system that extends work already done in the field. agents are written in a modified version of the tcl programming language and transported using tcp/ip connections. several simple examples demonstrate the properties of the system.
krishna a. bharat and luca cardelli.
migratory applications.
in proceedings of the 8th annual acm symposium on user interface software and technology, pittsburgh, pa., november 1995.
also available as digital systems research center research report 138.we introduce a new genre of user interface applications that can migrate from one machine to another, taking their user interface and application contexts with them, and continue from where they left off. such applications are not tied to one user or one machine, and can roam freely over the network, rendering service to a community of users, gathering human input and interacting with people. we envisage that this will support many new agent-based collaboration metaphors. the ability to migrate executing programs has applicability to mobile computing as well. users can have their applications travel with them, as they move from one computing environment to another. we present an elegant programming model for creating migratory applications and describe an implementation. the biggest strength of our implementation is that the details of migration are completely hidden from the application programmer; arbitrary user interface applications can be migrated by a single ``migration'' command. we address system issues such as robustness, persistence and memory usage, and also human factors relating to application design the interaction metaphor and safety.

robert s. gray, george cybenko, david kotz, and daniela rus.
d'agents: security in a multiple-language, mobile-agent system.
in [vigna, 1998].
to appear.mobile-agent systems must address three security issues: protecting an individual machine, protecting a group of machines, and protecting an agent. in this chapter, we discuss these three issues in the context of d'agents, a mobile-agent system whose agents can be written in tcl, java and scheme. (d'agents was formerly known as agent tcl.) first we discuss mechanisms existing in d'agents for protecting an individual machine: (1) cryptographic authentication of the agent's owner, (2) resource managers that make policy decisions based on the owner's identity, and (3) secure execution environments for each language that enforce the decisions of the resource managers. then we discuss our planned market-based approach for protecting machine groups. finally we consider several (partial) solutions for protecting an agent from a malicious machine.

markus stra?er, joachim baumann, and fritz hohl.
mole -- a java based mobile agent system.
in 2nd ecoop workshop on mobile object systems, pages 28-35, linz, austria, july 1996.mobile agents are active, autonomous objects, which are able to movebetween locations in a so-called agent system, a distributed abstractionlayer providing security of the underlying systems on one hand and theconcepts and mechanisms for mobility and communication on the otherhand. in this paper, the mobility, the communication concepts and thearchitecture of mole, an agent system developed at the university of stuttgart, are presented.
our approach poses a tradeoff relative to hardware fault isolation: substantially faster communication between fault domains, at a cost of slightly increased execution time for distrusted modules. we demonstrate that for frequently communicating modules, implementing fault isolation in software rather than hardware can substantially improve end-to-end application performance.
michael condict, dejan milojicic, franklin reynolds, and don bolinger.
towards a world-wide civilization of objects.
in proceedings of the seventh acm sigops european workshop, connemara, ireland, september 1996.

james gosling, david s. h. rosenthal, and michelle j. arden.
the news book: an introduction to the network/extensible window system.
springer-verlag, new york, 1989.

dominic duggan.
a type-based implementation of a language with distributed scope.
in mobile object systems: towards the programmable internet, pages 277-294. springer-verlag, april 1997.
lecture notes in computer science no. 1222.several languages have been designed and implemented for programming mobile computations. this chapter describes a mobile code language based on extending the popular ml language. the language design, and its implementation, are distinguished by the use of run-time type information for computation. this is intended to motivate the use of run-time types in implementations of languages intended for distributed programming and mobile computations, particularly languages such as ml that provide type polymorphism.
mobile code can make distributed systems adaptable to application needs. rather than fixing the interface to a resource and the pattern of interaction with it, a minimal interface can be defined and code implementing higher-level interfaces placed alongside it as and when required. these higher-level interfaces can be application-specific, allowing for interaction patterns that were unknown at the time the resource was made available. sending code close to a resource can also reduce network usage because the point of interaction with it moves.
james e. white.
telescript technology: mobile agents.
in [bradshaw, 1996].
also available as general magic white paper.
dominic duggan and piotr przybylski.
a type-based implementation of a language with distributed scope.
in 2nd ecoop workshop on mobile object systems, pages 52-59, linz, austria, july 1996.the ml programming language has several features that make it desirableas a language for distributed application programming. it supportsfirst-class closures, which are useful for distributed scope and mobileagents. type inference removes much of the tedium of lower-levelprogramming, without compromising reliability. finally ml provides apowerful type system, including type polymorphism. a dialect of mlintended for distributed application programming is introduced. adistinguishing characteristic of this implementation is the use ofrun-time type information, motivated by several constructs in thelanguage. this is intended to motivate the use of run-time types in implementations of polymorphic languages intended for distributed programming.
jaochim baumann, christian tschudin, and jan vitek, editors.
proceedings of the 2nd ecoop workshop on mobile object systems, linz, austria, july 1996.
denis tschritzis.
objectworld.
in mobile object systems: towards the programmable internet, pages 7-22. springer-verlag, april 1997.
lecture notes in computer science no. 1222.an environment is outlined in which programming objects collect and disseminate information, using analogies from the animal world. objects have their own rules of behaviour. they coordinate their activities by participating in events. objects get born, move around, communicate and receive information and, eventually, die.
we demonstrate the viability of our ideas by providing a prototype implementation of object and thread mobility among heterogeneous computers. the prototype uses the emerald distributed programming language without modification; we have merely extended the emerald runtime system and the code generator of the emerald compiler. our extensions allow object and thread mobility among vax, sun-3, hp9000/300, and sun sparc workstations. the excellent intra-node performance of the original homogeneous emerald is retained: migrated threads run at native code speed before and after migration; the same speed as on homogeneous emerald and close to c code performance. our implementation of mobility has not been optimized: thread mobility and trans-architecture invocations take about 60% longer than in the homogeneous implementation.
luca cardelli.
mobile computations.
in mobile object systems: towards the programmable internet, pages 3-6. springer-verlag, april 1997.
lecture notes in computer science no. 1222.

steve stone, mike zyda, don brutzman, and john falby.
mobile agents and smart networks for distributed simulation.
in proceedings of the 14th distributed simulations conference, orlando, fl., march 1996.as the use of distributed interactive simulations has grown, the need to support a large number of players in the environment has become apparent. dis has not been able to support a large number of entities because of its high network bandwidth requirements and the large computational loads it places on host computers. a combination of an agent based architecture and smart networks provides a promi sing solution to these problems when implementing large-scale distributed simulations. an agent system using the remote programming paradigm, transporting the necessary parameters and the necessary code for remote execution [white95], could reduce the network bandwidth requirements and large computational loads associated with a large distributed simulation. this reduction would occur by eliminating unnecessary pdu traffic through the use of mobile agents that represent the originating entity. these agents would travel to, and reside on, the host computer of other entities and provide the necessary state information for stationary entities without using network resources. smart networks could be used to create a flexible area of interest manager, allowing entities to specify their area of interest and the information that they require from within that area [harr95a]. this approach allows an entity to get all of the information it requires to represent its view of the simulated world while eliminating unnecessary information processing.

miguel mira da silva.
mobility and persistence.
in mobile object systems: towards the programmable internet, pages 157-176. springer-verlag, april 1997.
lecture notes in computer science no. 1222.in the last three years we have been working with persistence and distribution, in particular migration of higher-level objects between autonomous persistent programs. in this chapter we introduce persistence and then present a few examples of opportunities and many more challenges that exist in the combination of persistence and mobility.

ophir holder and isreal ben-shaul.
a reflective model for mobile software objects.
in proceedings of the 17th international conference on distributed computing systems, pages 339-346, baltimore, md., may 1997.

jeff rulifson.
del, june 1969.
internet engineering task force, rfc 5.the decode-encode language (del) is a machine independent language tailored to two specific computer network tasks: accepting input codes from interactive consoles, giving immediate feedback, and packing the resulting information into message packets for network transmissin. and accepting message packets from another computer, unpacking them, building trees of display information, and sending other information to the user at his interactive station.
ian goldberg, david wagner, randi thomas, and eric a. brewer.
a secure environment for untrusted helper applications.
in proceedings of the 6th usenix security symposium, san jose, ca., july 1996.many popular programs, such as netscape, use untrusted helper applications to process data from the network. unfortunately, the unauthenticated network data they interpret could well have been created by an adversary, and the helper applications are usually too complex to be bug-free. this raises significant security concerns. therefore, it is desirable to create a secure environment to contain untrusted helper applications. we propose to reduce the risk of a security breach by restricting the program's access to the operating system. in particular, we intercept and filter dangerous system calls via the solaris process tracing facility. this enabled us to build a simple, clean, user-mode implementation of a secure environment for untrusted helper applications. our implementation has negligible performance impact, and can protect pre-existing applications.
colin g. harrison, david m. chess, and aaron kershenbaum.
mobile agents: are they a good idea?, march 1995.mobile agents are programs, typically written in a script language, which may be dispatched from a client computer and transported to a remote server com- puter for execution. several authors have suggested that mobile agents offer an important new method of performing transactions and information retrieval in networks. other writers have pointed out, however, that mobile agent introduce severe concerns for security. we consider the advantages offered by mobile agents and assess them against alternate methods of achieving the same function. we conclude that, while the individual advantages of agents do not represent an overwhelming motivation for their adoption, the creation of a pervasive agent framework facilitates a very large number of network services and applications.

fred b. schneider.
towards fault-tolerant and secure agentry.
in proceedings 11th international workshop on distributed algorithms, saarbucken, germany, september 1997.
also published as cornell univ., computer science dept. technical report tr94-1568.
daniela rus, robert s. gray, and david kotz.
transportable information agents.
in international conference on autonomous agents, pages 228-236, february 1997.transportable agents are autonomous programs. they can move through a heterogeneous network of computers under their own control, migrating from host to host. they can sense the state of the network, monitor software conditions, and interact with other agents or resources. the network-sensing tools allow our agents to adapt to the network configuration and to navigate under the control of reactive plans. in this paper we describe the design and implementation of the navigation system that gives our agents autonomy. we also discuss the intelligent and adaptive behavior of autonomous agents in distributed information-gathering tasks.

we create a formal utility model to derive user-demand functions, allowing agents to efficiently plan expenditure and deal with price fluctuations. by quantifying demand and utility, resource owners can precisely set a value for a good. we simulate our model in a mobile agent scheduling environment and show how prices fluctuate, compounding uncertainty in an agent's plans. to solve this problem, we propose that resource owners sell options to allow agents to trade away their risk.

dag johansen, robbert van renesse, and fred b. schneider.
operating system support for mobile agents.
in proceedings of the 5th ieee workshop on hot topics in operating systems, pages 42-45, orcas island, wash., may 1994.
also available as technical report tr94-1468, department of computer science, cornell university.an ``agent'' is a process that may migrate through a computer network in order to satisfy requests made by its clients. agents implement a computational metaphor that is analogous to how most people conduct business in their daily lives: visit a place, use a service (perhaps after some negotiation), and then move on. thus, for the computer illiterate, agents are an attractive way to describe network-wide computations. agents are also useful abstractions for programmers who must implement distributed applications. this is because in the agent metaphor, the processor or ``place'' the computation is performed is not hidden from the programmer, but the communications channels are. most current research on agents has focused on language design and application issues. the tacoma project (tromso and cornell moving agents) has, instead, focused on operating system support for agents and how agents can be used to solve problems traditionally addressed by operating systems. we have implemented prototype systems to support agents using unix and using tcl/tk on top of horus. this paper outlines insights and questions based on that experience. we discuss abstractions needed by an operating system to support agents, and discuss some problems that arise in connection with electronic commerce involving agents.
active architectures permit a massive increase in the sophistication of the computation that is performed within the network. they will enable new applications, especially those based on application-specific multicast, information fusion, and other services that leverage network-based computation and storage. furthermore, they will accelerate the pace of innovation by decoupling network services from the underlying hardware and allowing new services to be loaded into the infrastructure on demand.
krishna bharat and luca cardelli.
migratory applications.
in mobile object systems: towards the programmable internet, pages 131-149. springer-verlag, april 1997.
lecture notes in computer science no. 1222.we present a new genre of user interface applications: applications that can migrate from one machine to another, taking their user interface and application contexts with them, and continue from where they left off. such applications are not tied to one user or one machine, and can roam freely over the network, rendering service to a community of users, gathering human input and interacting with people. we envisage that this will support many new agent-based collaboration metaphors. the ability to migrate executing programs has applicability to mobile computing as well. users can have their applications travel with them, as they move from one computing environment to another. we present an elegant programming model for creating migratory applications and describe an implementation. the biggest strength of our implementation is that the details of migration are completely hidden from the application programmer; arbitrary user interface applications can be migrated by a single ``migration'' command. we address system issues such as robustness, persistence and memory usage, and also human factors relating to the application design process, the interaction metaphor and safety.

we propose a standard architecture for crafting mobile code verifiers, based on the concept of proof linking. this architecture modularizes the verification process and isolates the dependencies among the loader, verifier, and linker. we also formalize the process of proof linking and establish properties to which correct implementations must conform. as an example, we instantiate our architecture for the problem of java bytecode verification and assess the correctness of this instantiation. finally, we briefly discuss alternative mobile code verification architectures enabled by our modularization.

joachim baumann, fritz hohl, nikolaos radouniklis, kurt rothermel, and markus str?er.
communication concepts for mobile agent systems.
in proceedings of the first international workshop on mobile agents, berlin, germany, april 1997.driven by the question how to identify potential communication partners and the need for well-suited communication schemes in agent-based systems, we discuss two communication concepts: sessions and global event management. sessions establish either actively or passively a context for inter-agent interactions. communication partners are addressed by globally unique agent identifiers or via badges. communication in sessions is based on rpc or message mechanisms. global event management addresses the need for anonymous communication. event managers are employed as a synchronization means within agent groups. based on this approach, we introduce synchronization objects, -- active components that offer various synchronization services. the presented model is finally mapped onto omg event services.
munehiro fukuda, lubomir f. bic, and michael b. dillencourt.
global virtual time support for individual-based simulations.
in proceedings of the international conference on parallel and distributed processing techniques and applications (pdpta'98), las vegas, nv, july 1998.an individual-based simulation organizes the application as a collection of autonomous entities. the behavior of the system is simulated as interactions among such entities and hence the application development focuses primarily on describing the entities' behaviors. a natural implementation of individual-based modeling is to use autonomous objects, i.e., mobile entities navigating autonomously through their underlying computational network. this is further simplified if the programming and execution environment supports global virtual time management. messengers is a virtual-time computing environment for autonomous objects, and therefore the present work is the first experiment in applying the paradigm of autonomous objects to distributed individual-based simulations. we discuss messengers' advantages for application development from the software engineering point of view and compare its performance with conventional message-passing executions.
jonathan bredin, david kotz, and daniela rus.
utility driven mobile-agent scheduling.
technical report pcs-tr98-331, dept. of computer science, dartmouth college, may 1998.we investigate the possibility of using markets to regulate mobile agents, computer programs that are capable of migrating from one machine to another. market participation requires quantitative information about resource consumption to define demand and calculate utility.

second, our architecture achieves superior run-time performance by integrating the activity of generating executable code into the operating system itself. rather than being an auxiliary function performed off-line by a stand-alone compiler, code generation constitutes a central, indispensable service in our system. our integral code generator has two distinct modes of operation: instantaneous load-time translation and continuous dynamic re-optimization.
george c. necula and peter lee.
safe, untrusted agents using proof-carrying code.
submitted for an lncs special volume on mobile agent security., october 1997.this paper is intended to be both a comprehensive implementation guide for a proof-carrying code system and a case study for using pcc in a mobile agent environment. specifically, the paper describes the use of pcc for enforcing memory safety, access control and resource usage bounds for untrusted agents that access a database.
mudumbai ranganathan, anurag acharya, and joel saltz.
distributed resource monitors for mobile objects.
in proceedings of the fifth international workshop on object orientation in operating systems, pages 19-23, seattle, wa., october 1996.
david kotz, robert gray, saurab nog, daniela rus, sumit chawla, and george cybenko.
agent tcl: targeting the needs of mobile computers.
ieee internet computing, 1(4):58-67, july/august 1997.mobile computers have become increasingly popular as users discover the benefits of having their electronic work available at all times. however, because network conditions vary from connection to connection, using internet resources from a mobile platform is a major challenge. mobile agents are one solution. a mobile agent is an autonomous program that can move from machine to machine in a heterogeneous network under its own control. it can suspend its execution at any point, transport itself to a new machine, and resume execution on the new machine from the point at which it left off. on each machine, it interacts with service agents and other resources to accomplish its task, returning to its home site with a final result when that task is finished.
munehiro fukuda, lubomir f. bic, and michael b. dillencourt.
performance of the messengers autonomous-objects-based system.
in proceedings of the first international conference on worldwide computing and its applications (wwca97), tsukuba, japan, march 1997. springer-verlag.
lecture notes in computer science 1274.messengers is a system for general-purpose distributed computing based on the concept of autonomous mobile objects, capable of navigating through a network and invoking native-mode c functions in the nodes they visit. we present performance measurements using three specific applications to illustrate the cost of using this paradigm for developing and using distributed applications.

gianpaolo cugola, carlo ghezzi, gian pietro picco, and giovanni vigna.
a characterization of mobility and state distribution in mobile code languages.
in 2nd ecoop workshop on mobile object systems, pages 10-19, linz, austria, july 1996.the growing importance of telecommunication networks has stimulatedresearch on a new generation of programming languages. such languagesview the network and its resources as a global environment in whichcomputations take place. in particular, they support the notion of codemobility and state distribution. to understand, discuss, evaluate, andcompare such languages, it is necessary to develop an abstract modelthat allows the meaning of mobility and state distribution to be definedprecisely. the purpose of this paper is to provide such a model and toapply it to the analysis of a number of existing new languages.
we developed a model based on the ability of agents to make flexible plans. the plangent system enables mobile agents to make a plan based on user input and adopt it accordingly to information gathered from the network. in this article, we describe how we combined planning functions with mobile agent facilities, and show how the agents behave intelligently in an example application of personal travel assistance.

dag johansen, kjetil jacobsen, nils p. sudmann, kaare j. lauvset, kenneth p. birman, and werner vogels.
using software design patterns to build distributed environmental monitoring applications.
technical report tr97-1655, cornell university, department of computer science, ithaca, ny, december 1997.

david l. tennenhouse and david j. wetherall.
towards an active network architecture.
computer communication review, 26(2), april 1996.active networks allow their users to inject customized programs into the nodes of the network. an extreme case, in which we are most interested, replaces packets with `capsules' -- program fragments that are executed at each network router/switch they traverse.

christian tschudin.
the messenger environment m0 -- a condensed description.
in mobile object systems: towards the programmable internet, pages 149-156. springer-verlag, april 1997.
lecture notes in computer science no. 1222.implementation techniques for distributed applications can be positioned in a spectrum that ranges from data-exchange to code-exchange. date-exchange means that the logic (i.e., code) of a distributed application is statically installed and that coordination is done by exchanging messages with predefined meanings. code-exchange, on the other hand, means that coordination is achieved by sending around code fragments which alter the data that is bound to the network's hosts. actual systems usually pick and combine several techniques that are positioned at different places in this spectrum. sun's java and the corresponding code-on-demand approach, for example,[link widoczny dla zalogowanych], would be closer to the data-exchange viewpoint, while stamos' and gifford's remote evaluation is more in the line of mobile code because the initiator has more instructional capabilities. mobile software agent systems are quite close to pure code-exchange, although they often mix-in classical data-exchange techniques (data streams between agents, or mailboxes). the aim of the mobile code environment m (m-zero) is to be as faithful as possible to the code-exchange point of view.
frederick c. knabe.
language support for mobile agents.
phd thesis, carnegie mellon university, paittsburgh, pa., december 1995.
also available as carngie mellon school of computer science technical report cmu-cs-95-223 and european computer industry centre technical report ecrc-95-36.mobile agents are code-containing objects that may be transmitted between communicating participants in a distributed system. as opposed to systems that only allow the exchange of nonexecutable data, systems incorporating mobile agents can achieve significant gains in performance and functionality.
jim waldo, ann wollrath, and sam kendall.
afterword.
in mobile object systems: towards the programmable internet, pages 65-66. springer-verlag, april 1997.
lecture notes in computer science no. 1222.
daniela rus, robert s. gray, and david kotz.
transportable information agents.
journal of intelligent information systems, 9:215-238, 1997.transportable agents are autonomous programs. they can move through a heterogeneous network of computers under their own control, migrating from host to host. they can sense the state of the network, monitor software conditions, and interact with other agents or resources. the network-sensing tools allow our agents to adapt to the network configuration and to navigate under the control of reactive plans. in this paper we describe the design and implementation of the navigation system that gives our agents autonomy. we also discuss the intelligent and adaptive behavior of autonomous agents in distributed information-gathering tasks.
jonathan dale.
a mobile agent architecture for distributed information management.
phd thesis, university of southampton, september 1997.large-scale networked environments, such as the internet, possess the characteristics of distributed data, distributed access and distributed control; this gives the user a powerful mechanism for building and integrating large repositories of distributed information from diverse resource sets. however, few support tools have been developed to allow the user to take advantage of the distributed nature of their information.

bent thomsen, lone leth, sanjiva prasad, tsung-min kuo, andre kramer, fritz c. knabe, , and alessandro giacalone.
facile antigua release programming guide.
technical report ecrc-93-20, european computer industry research centre, munich, germany, december 1993.facile is an experimental concurrent functional programming language intended to support applications that require a combination of physical distribution and complex computation. this report gives an introduction to programming with facile. examples are based on the facile antigua release, which makes distributed programming over a network possible.
robert s. gray.
agent tcl: a flexible and secure mobile agent system.
in proceedings of the fourth annual tcl/tk workshop, pages 9-23, monterey, cal., july 1996.an information agent manages all or a portion of a user's information space. the electronic resources in this space are often distributed across a network and can contain tremendous quantities of data. mobile agents provide efficient access to such resources and are a powerful tool for implementing information agents. a mobile agent is an autonomous program that can migrate from machine to machine in a heterogeneous network. by migrating to the location of a resource, the agent can access the resource efficiently even if network conditions are poor or the resource has a low-level interface. telescript is the best-known mobile-agent system. telescript, however, requires the programmer to learn and work with a complex object-oriented language and a complex security model. agent tcl, on the other hand, is a simple, flexible, and secure system that is based on the tcl scripting language and the safe tcl extension. in this paper we describe the architecture of agent tcl and its current implementation.
robert grimm and brian n. bershad.
access control in extensible systems.
technical report, department of computer science, university of washington, march 1997.the recent trend towards dynamically extensible systems holds the promise of more powerful and flexible systems. at the same time, the impact of extensibility on overall system security and, specifically, access control is still ill understood, and protection mechanisms in these extensible systems are rudimentary at best. in this paper, we identify the structure of extensible systems as it relates to system security, and present an access control mechanism that is user-friendly and complete. the mechanism, by using ideas first introduced by the security community, offers mandatory access control which can be used to enforce a given security policy. additional discretionary access control allows users to express their own fine-grained access constraints.

john k. bennett.
experience with distributed smalltalk.
software-practice and experience, 20(2):157-180, february 1990.
paolo ciancarini and davide rossi.
jada -- coordination and communication for java agents.
in mobile object systems: towards the programmable internet, pages 213-228. springer-verlag, april 1997.
lecture notes in computer science no. 1222.in this chapter we are going to analyze mobile code issues in the perspective of object oriented systems in which thread migration is not supported. this means that both object's code and data can be transmitted from a place to another but not the current execution state (if any) associated to the object. this is the case with the java language which is often used in the www for developing applets which are little applications downloaded on the fly and executed in the client machine. while this mechanism is quite useful for enhancing html documents with sound and animation, we think that this technology can give its best in the field of distributed-cooperative work, both in the perspective of internet and intranet connectivity. java is indeed a concurrent, multithreaded language, but it offers little help for distributed programming. thus, we introduce jada, a coordination toolkit for java where coordination among either concurrent threads or distributed java objects is achieved via shared object spaces. by exchanging objects through tuple spaces, java programs and applets can exchange data or synchronize their actions over a single host, a lan, or even the internet.
philip w. l. fong.
viewer's discretion: host security in mobile code systems.
technical report sfu cmpt tr 1998-19, school of computing science, simon fraser university, burnaby, bc, november 1998.mobile code computation is a new paradigm for structuring distributed systems. mobile programs migrate from remote sites to a host, and interact with the resources and facilities local to that host. this new mode of distributed computation promises great opportunities for electronic commerce, mobile computing, and information harvesting. there has been a general consensus that security is the key to the success of mobile code computation. in this paper, we survey the issues surrounding the protection of a host from potentially hostile mobile programs.

drew dean, ed felten, and dan wallach.
java security: from hotjava to netscape and beyond.
in proceedings of the 1996 ieee symposium on security and privacy, oakland, cal., may 1996.the introduction of java applets has taken the worldwide web by storm. information servers can customize the pre- sentation of their content with server-supplied code which executes inside the web browser. we examine the java language and both the hotjava and netscape browsers which support it, and find a significant number of flaws which compromise their security. these flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. on a deeper level, these flaws arise because of weaknesses in the design methodology used in creating java and the browsers. in addition to the flaws, we discuss the underlying tension between the openness desired by web application writers and the security needs of their users, and we suggest how both might be accommodated.

bjarne steensbaard and eric jul.
object and native code thread mobility among heterogeneous computers.
in proceedings of the 15th acm symposium on operating systems principles, pages 68-78, copper moutain, co., december 1995.we present a technique for moving objects and threads among heterogeneous computers at the native code level. to enable mobility of threads running native code, we convert thread states among machine-dependent and machine-independent formats. we introduce the concept of bus stops, which are machine-independent representations of program points as represented by program counter values. the concept of bus stops can be used also for other purposes, e.g., to aid inspecting and deb[link widoczny dla zalogowanych]ing optimized code, garbage collection etc. we also discuss techniques for thread mobility among processors executing differently optimized codes.
copyright © 1997 corporation for national research initiatives
joseph kiniry and daniel zimmerman.
a hands-on look at java mobile agents.
ieee internet computing, 1(4), july/august 1997.several companies riding the current wave of popularity of java want to let you play in the mobile agent sandbox. each claims that mobile agent technologies are going to change the way we live and work, and each wants to be the company that provides the breakthrough system we all end up using. what do these agent systems actually do and, more importantly, what distinguishes one agent system from another?
we are proposing a new kind of messaging system which incorporates adaptive behaviour into the messages themselves. we call these 'smart messages', and implement them using mobile agents. they are transported between machines via agent airports. the metaphor we use is of a message being delivered by a courier (mobile agent), through agent airports, on a potentially unresolved route. the 'intelligence' is in the messages (couriers in our metaphor) themselves rather than in the network.
frederick knabe.
performance-oriented implementation strategies for a mobile agent language.
in mobile object systems: towards the programmable internet, pages 229-244. springer-verlag, april 1997.
lecture notes in computer science no. 1222.the use of larger and more complex mobile agents in distributed applications has created a need for agent programming systems that deliver better performance. the implementation of extended facile, a mobile agent language, uses several strategies to boost performance. we review four main techniques: allowing agents to use different transmissible representations, optimistically transmitting machine code with agents, stripping agents of data and code that can be found at their recipients before transmitting them, and performing agent compilation lazily. quantitative measurements show that these methods can boost absolute and relative performance.
miguel mira da silva and malcolm atkinson.
combining mobile agents with persistent systems: opportunities and challenges.
in 2nd ecoop workshop on mobile object systems, pages 36-40, linz, austria, july 1996.in the last three years we have been working with persistence anddistribution, in particular migration of higher-level objects (such asprocedures) between autonomous persistent programs. in this paper weintroduce persistence and the suitability of napier88, the persistentsystem we have used for our experiments, as an agent language. we thenpresent a few examples of opportunities and many more challenges thatexist in the combination of persistence with agents.

decades of research in operating systems has provided significant experience and insight into the nature of system security. before we propose any new security model for mobile code systems, it is wise to question why the existing protection mechanisms found in distributed operating systems do not fully address the security needs of mobile code systems. we propose three security challenges that are distinctive of the mobile code phenomenon, namely, the establishment of anonymous trust (establishing trust with programs from unfamiliar origin), layered protection (establishing fine-grained protection boundaries among mutually-distrusting parts of the same process), and implicit acquisition (coping with the implicit nature of mobile program acquisition).

in order to gain preliminary experience with pcc, we have performed several case studies. we show in this paper how proof-carrying code might be used to develop safe assembly-language extensions of ml programs. in the context of this case study, we present and prove the adequacy of concrete representations for the safety policy, the safety proofs, and the proof validation. fi- nally, we briefly discuss how we use proof-carrying code to develop network packet filters that are faster than similar filters developed using other techniques and are formally guaranteed to be safe with respect to a given operating system safety policy.
melissa hirschl.
agdb: a debugger for agent tcl.
technical report tr97-306, department of computer science, dartmouth college, hanover, n.h., 1996.the agent tcl language is an extension of tcl/tk that supports distributed programming in the form of transportable agents. agdb is a debugger for the agent tcl language. agdb mixes of traditional and distributed debugging facilities. traditional debugging features include breakpoints (line-specific, conditional, and once-only), watch conditions and variables, and interrupts. distributed-debugging features address issues inherent in distributed programming such as migration and communication. these capabilities make debugging distributed programs difficult because they add complexities like race conditions to the set of problems a program can encounter. this paper discusses how agdb uses distributed debugging features to debug agents.

we introduce a new access mode, called the extend access mode, in addition to the familiar execute access mode, to reflect how extensions interact. furthermore, in a departure from work in the security community, we treat both extensions and threads of control as subjects, i.e., as active entities, in order to correctly capture their interaction in an extensible system. we present the design of the access control mechanism and define a formal model. we describe an implementation of the access control mechanism in the spin extensible operating system, which allows us to evaluate its performance and to explore optimizations that reduce the overhead of access control. the measured end-to-end overhead of access control in our system is less than 2%.

george c. necula.
proof-carrying code.
in proceedings of the 24th acm symposium on principles of programming languages, paris, france, january 1997.this paper describes proof-carrying code (pcc), a mechanism by which a host system can determine with certainty that it is safe to execute a program supplied (possibly in binary form) by an untrusted source. for this to be possible, the untrusted code producer must supply with the code a safety proof that attests to the code's adherence to a previously defined safety policy. the host can then easily and quickly validate the proof without using cryptography and without consulting any external agents.

in this article, we present our security model for the ibm aglets workbench, a java-based environment for building mobile agent applications. we detail both the security model and the corresponding security architecture that represents a framework for the inclusion of security services in future releases of the awb. this work therefore represents an additional step toward the comprehensive security model required for widespread commercial adoption of mobile agent systems to occur.

but then, the second operation mode of our embedded code generator soon corrects this shortcoming. central to our run-time architecture is a thread of activity that continually optimizes all of the already executing software in the background. since this is strictly a re-compilation of already existing code, and since it occurs completely in the background, speed is not critical, so that aggressive, albeit slow, optimization techniques can be employed. upon completion, the previously executing version of the same code is supplanted by the newly generated one and re-optimization starts over. by constructing globally optimized code-images from mobile software components, our architecture is able to reconcile dynamic composability with the run-time efficiency of monolithic applications.

we present four principles that we have identified as being key to achieving distributed information management and an architecture where mobile agents can move across distributed environments, integrate with local resources and other mobile agents, and communicate their results back to the user. we also describe a number of prototype distributed information management agents that we have developed.
the approach taken expands on the self-routing capabilities of current mobile agent systems such as aglets or telescript. we aim to provide structured support for handling the particular problems associated with wireless communications. these include very limited, variable and asymmetric bandwidth, frequent and prolonged disconnections, geographical mobility and high usage costs. we argue that this offers an efficient, adaptable and robust solution to many of the problems associated with this hostile communications environment.
james w. stamos and david k. gifford.
remote evaluation.
acm transactions on programming languages and systems, 12(4):537-565, october 1990.

dennis volpano.
provably-secure programming languages for remote evaluation.
acm computing surveys, 28a, december 1996.
participation statement for acm workshop on strategic directions in computing research.
peter dömel.
interaction of java and telescript agents.
in mobile object systems: towards the programmable internet, pages 295-314. springer-verlag, april 1997.
lecture notes in computer science no. 1222.this chapter gives an introduction into the two object-oriented programming environments telescript and java which both allow to write mobile code. it illustrates some of the more interesting features of these languages as platforms for mobile object systems. further emphasis lies on the cooperation of agents in these two object-oriented worlds. moreover, several descriptions of some higher-level agents scenarios are given.
robert e. kahn and vinton g. cerf.
the digital library project, volume i: the world of knowbots.
unpublished manuscript, corporation for national research initiatives, reston, va., march 1988.
torsten stolpmann.
execution environments for mobile code -- a cornerstone for adaptable distributed systems.
in position paper for 3rd cabernet radicals workshop, connemara, ireland, may 1996.
holger peine.
an introduction to mobile agent programming and the ara system.
technical report zri-report 1/97, department of computer science, university of kaiserslautern, germany, 1997.a good starting point for people new to ara and possibly mobile agent programming in general. this assumes very little prerequisite knowledge, so expert readers might want to only skim through its initial sections. the report introduces mobile agents and the ara system, regards potential applications, and proceeds to a fairly complete, but nonformal description of the ara api, subsequently demonstrated on a larger example of a www searching agent. the report closes with some discussion of the ara implementation and selected aspects of mobile agents in general.
danny b. lange and mitsuru ishima.
program and deploying java mobile agents with aglets.
addison-wesley, 1998.

philip w. l. fong and robert d. cameron.
proof linking: an architecture for modular verification of dynamically-linked mobile code.
in proceedings of the sixth acm sigsoft international symposium on the foundations of software engineering, pages 222-230, orlando, florida, november 1998.security flaws are routinely discovered in commercial implementations of mobile code systems such as the java virtual machine (jvm). typical architectures for such systems exhibit complex interdependencies between the loader, the verifier, and the linker, making them difficult to craft, validate, and maintain. this reveals a software engineering challenge that is common to all mobile code systems in which a static verification phase is introduced before dynamic linking. in such systems, one has to articulate how loading, verification, and linking interact with each other, and how the three processes should be organized to address various security issues.
david kotz, robert gray, saurab nog, daniela rus, sumit chawla, and george cybenko.
mobile agents for mobile computing.
in mobility, mobile agents, and process migration-an edited collection. addison wesley, 1998.
to appear.
we describe an extension to the ip options mechanism that supports the embedding of program fragments in datagrams and the evaluation of these fragments as they traverse the internet. the active option provides a generic approach to the extension of the ip network service.
dag johansen, nils p. sudmann, and robbert van renesse.
performance issues in tacoma.
in 3rd ecoop workshop on mobile object systems, jyvälskylä, finland, june 1997.
drew dean.
the security of static typing with dynamic linking.
in proceedings of the fourth acm conference on computer and communications security, zurich, switzerland, april 1997.
sec.dynamic linking is a requirement for portable executable content. executable content cannot know, ahead of time, where it is going to be executed, nor know the proper operating system interface. this imposes a requirement for dynamic linking. at the same time, we would like languages supporting executable content to be statically typable, for increased efficiency and security. static typing and dynamic linking interact in a security-relevant way. this interaction is the subject of this paper. one solution is modeled in pvs, and formally proven to be safe.

jan vitek, manuel serrano, and dimitri thanos.
security and communication in mobile object systems.
in mobile object systems: towards the programmable internet, pages 177-200. springer-verlag, april 1997.
lecture notes in computer science no. 1222.
m. ranganathan, anurag acharya, and joel saltz.
adapting to bandwidth variations in wide-area data combination.
in proceedings of the 18th international conference on distributed computing systems, amsterdam, the netherlands, may 1998.
also available as ucsb trcs97-26.efficient data combination over wide-area networks is hard as wide-area networks have large variations in available network bandwidth. in this paper, we examine the utility of changing the location of combination operators as a technique to adapt to variations in wide-area network bandwidth. we try to answer the following questions. first, does relocation of operators provide a significant performance improvement? second, is on-line relocation useful or does a one-time positioning at start-up time provide most if not all the benefits? if on-line relocation is useful, how frequently should it be done and is global knowledge of network performance required or can local knowledge and local relocation of operators sufficient? fourth, does the effectiveness of operator relocation depend on the ordering of the combination operations. that is, are certain ways of ordering more amenable to adaptation than others? finally, how do the results change as the number of data sources changes?

trent jaeger, aviel d. rubin, and atul prakash.
building systems that flexibly control downloaded executable content.
in proceedings of the 6th usenix security symposium, pages 131-148, san jose, ca., july 1996.downloading executable content, which enables principals to run programs from remote sites, is a key technology in a number of emerging applications, including collaborative systems, electronic commerce, and web information services. however, the use of downloaded executable content also presents serious security problems because it enables remote principals to execute programs on behalf of the downloading principal. unless downloaded executable content is properly controlled, a malicious remote principal may obtain unauthorized access to the downloading principal's resources. current solutions either attempt to strictly limit the capabilities of downloaded content or require complete trust in the remote principal, so applications which require intermediate amounts of sharing, such as collaborative applications, cannot be constructed over insecure networks. in this paper, we describe an architecture that flexibly controls the access rights of downloaded content by: (1) authenticating content sources; (2) determining content access rights based on its source and the application that it is implementing; and (3) enforcing these access rights over a wide variety of objects and for the entire computation, even if external software is used. we describe the architecture in the context of an infrastructure for supporting collaborative applications.

gary mcgraw and edward m. felten.
java security: hostile applets, holes, & antidote.
john wiley and sons, new york, 1996.
eric jul, henry levy, norman hutchinson, and andrew