Skip to main content

Security in Agent Systems

1.2 Introduction

What is an agent, and should you be worried about them? Because agents are a hot concept, the label is used, and overused, in all sorts of contexts. But one common theme is that an agent is a computer program that represents, in one sense or another, a human user. This may mean that the program makes decisions, or gives advice, that would normally have been made or given only by a human. It may mean that the program travels over a network, to carry out operations on remote systems on behalf of a less mobile human. It may mean both. Agents that travel from system to system are called "mobile" or "itinerant" [1]. A sample itinerant agent is a program that I dispatch into a network to find some information for me. It moves from system to system, finding pieces of the desired information, and clues as to where more of it, or more clues, may be found. A sample "intelligent" agent is a sophisticated mail-sorting program, that processes incoming mail for me, making decisions about what mail to discard unread, what to mark as urgent, what to send a canned reply to, and so on. An agent that falls into both categories is a shopping agent, that I dispatch into the network to find goods for sale, and to decide which, if any, to purchase on my behalf. This paper will concentrate primarily on security concerns raised by itinerant agents, although I will also speculate briefly on some of the risks of intelligent agents. Agent systems face all the security challenges involved with any system that sends messages (see for instance [2]). Delegating tasks to mobile programs raises another set of concerns as well. Whenever programs travel rapidly from system to system, we need to be wary of openings for viruses. In the aftermath of the Internet Worm in 1988 [3], security experts generally concluded that the Worm had succeeded partly by arranging to begin executing as soon as it arrived at a new host. The obvious lesson was that this is a bad idea: systems should be carefully checked to ensure that there is no way for a program to send itself to the system, and begin executing upon arrival. Itinerant agent systems, of course, break this rule purely and directly! Given that we now want to allow programs to arrive and begin running at once, we need to develop ways to allow them to do this safely. Agent-based systems also increase the connectedness and the complexity of the computing universe. As connectedness and complexity increase, new failure modes arise, some of which have security implications. These emergent security concerns are more speculative than the more traditional ones inherited from previous computing systems, but I will mention a few of the possibilities.

[ Top of Page | Previous Page | Next Page | Table of Contents ]

 

  back to index