Protection of a mobile agent with a reference clone Lotfi Benachenhou, Samuel Pierre * Mobile Computing and Networking Research Laboratory (LARIM), Department of Computer Engineering, E ´ cole Polytechnique de Montre ´al, C.P. 6079, Station Centre-ville, Montreal, Que., Canada, H3C 3A7 Received 24 July 2003; revised 20 December 2004; accepted 10 January 2005 Available online 28 January 2005 Abstract Many areas such as electronic commerce, network management and information retrieval can benefit from the application of mobile agents technologies. The exploitation of mobile agents offers several advantages such as reduction of network latency, asynchronous execution, fault-tolerant behavior. However, a wider use of mobile agents is currently limited by the lack of a comprehensive security framework that can address the security concerns, especially the protection of mobile agents from malicious hosts. This paper presents a protocol that protects a mobile agent against attacks from malicious hosts, for electronic commerce applications. We used the reference execution concept by executing, in parallel to the mobile agent execution, its clone on trusted servers. This protocol protects a mobile agent from its code, its execution flow, its data and its itinerary modifications. Moreover, these attacks are detected almost in real time, the malicious hosts are identified and the protocol continues its execution transparently to the user. q 2005 Elsevier B.V. All rights reserved. Keywords: Mobile agent; Security; Integrity; Reference execution; Electronic commerce 1. Introduction With the emergence of agent technologies, mobile agents have become an attractive paradigm to implement objects that can migrate from one computer to another over the Internet. The term agent refers to autonomous software that has one or more objective(s), a scope of competency, and which may or may not collaborate or communicate with other softwares and users. An agent is deemed mobile when it is designed to move from one computer to another. A Mobile agent includes a program code, data and execution state (i.e. the execution stack, the stack pointer, etc.) The agent programmer is called the creator, its user the owner and its execution environment the platform. The agent is first launched from its home platform to a first migration platform, it migrates from one platform to another, and finally returns to its home platform. This set of visited platforms is called the agent’s itinerary. When the agent wants to move to another platform, it either chooses one from its initial itinerary, or it asks for recommendations from the current platform, or it contacts a broker. The open nature of agents and their execution environ- ments make them vulnerable and subject to attacks over the Internet. More precisely, platforms are exposed to attacks from malicious agents and simultaneously, agents are subject to attacks from malicious hosts that can spy on their behaviour or access critical information. Therefore, security problems in the mobile agent paradigm may be classified into two main categories: the platform protection and the mobile agent protection. Basically, platform protection consists of controlling the access to its resources based on the identity of the agent and its user. The agent executes its program code using the platform resources, thus making them vulnerable. Without protection mechanisms, the agent can collect or modify critical system information, consume more resources (memory, CPU, etc.) and remain on the platform longer than it is supposed to. Such behaviour affects the platform’s performance and response time and may even lead to a denial of service to other agents executing on this platform. Moreover, during its execution, the mobile agent can create a stationary agent that will spy on the platform. Computer Communications 29 (2006) 268–278 www.elsevier.com/locate/comcom 0140-3664/$ - see front matter q 2005 Elsevier B.V. All rights reserved. doi:10.1016/j.comcom.2005.01.006 * Corresponding author. Tel.: C1 514 340 4711x4685; fax: C1 514 340 5159. E-mail address: samuel.pierre@polymtl.ca (S. Pierre).