Mobile Code Bibliography. A collection of mobile code publications.
1f73d5e6a8f92b5c704078bdf2fbfc85<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN//2.0">
<HTML><HEAD>
<TITLE>Mobile Code Bibliography</TITLE>
</HEAD>
<BODY>
<H1>Mobile Code Bibliography</H1>
<P><A HREF="index.html">Description</A> of the collection
<HR>
<!-- BEGIN BIBLIOGRAPHY mobile -->
<!--
DO NOT MODIFY THIS BIBLIOGRAPHY BY HAND! IT IS MAINTAINED AUTOMATICALLY!
YOUR CHANGES WILL BE LOST THE NEXT TIME IT IS UPDATED!
-->
<!-- Generated by: /usr/local/bin/bib2html -a mobile.bib mobile-abs.bib.html -->
<UL>
<!-- Authors: Anurag Acharya and Mudumbai Ranganathan and Joel Saltz -->
<LI><A NAME="acharya97:dynamic"></A>Anurag Acharya,
Mudumbai Ranganathan, and Joel Saltz.
<A HREF="http://www.cs.umd.edu/~acha/papers/lncs97-2.html">Dynamic linking
for mobile programs</A>.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 245-262. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>Programs that use
mobility as a mechanism to adapt to resource changes have three requirements
that are not shared with other mobile programs. First, they need to monitor
the level and quality of resources in their operating environment. Second,
they need to be able to react to changes in resource availability. Third,
they need to be able to control the way in which resources are used on their
behalf (by libraries and other support code). In this chapter, we describe
the design and implementation of Sumatra, an extension of Java that supports
resource-aware mobile programs. We also describe the design and
implementation of a distributed resource monitor that provides the
information required by Sumatra programs.</BLOCKQUOTE>
<P>
<!-- Authors: Anurag Acharya and Mudumbai Ranganathan and Joel Saltz -->
<LI><A NAME="acharya97:sumatra"></A>Anurag Acharya,
Mudumbai Ranganathan, and Joel Saltz.
<A HREF="http://www.cs.umd.edu/~acha/papers/lncs97-1.html">Sumatra: A
language for resource-aware mobile programs</A>.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 111-130. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>Programs that use
mobility as a mechanism to adapt to resource changes have three requirements
that are not shared with other mobile programs. First, they need to monitor
the level and quality of resources in their operating environment. Second,
they need to be able to react to changes in resource availability. Third,
they need to be able to control the way in which resources are used on their
behalf (by libraries and other support code). In this chapter, we describe
the design and implementation of Sumatra, an extension of Java that supports
resource-aware mobile programs. We also describe the design and
implementation of a distributed resource monitor that provides the
information required by Sumatra programs. changes.</BLOCKQUOTE>
<P>
<!-- Authors: Ali Reza Adl Tabatabai and Geoff Langdale and Steven Lucco and
Robert Wahbe -->
<LI><A NAME="adl-tabatabai96:efficient"></A>Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco, and Robert
Wahbe.
<A HREF="http://www.cs.cmu.edu/afs/cs.cmu.edu/user/ali/www/pldi96-omniware.ps">Efficient and language-independent mobile programs</A>.
In <CITE>Proceedings of the ACM SIGPLAN '96 Conference on Programming Language
Design and Implementation (PLDI)</CITE>, pages 127-136, Philadelphia, Pa.,
May 1996.<BLOCKQUOTE>This paper evaluates the design and implementation of
Omniware: a safe, efficient, and language-independent system for executing
mobile program modules. Previous approaches to implementing mobile code rely
on either language semantics or abstract machine interpretation to enforce
safety. In the former case, the mobile code system sacrifices universality to
gain safety by dictating a particular source language or type system. In the
latter case, the mobile code system sacrifices performance to gain safety
through abstract machine interpretation. Omniware uses software fault
isolation, a technology developed to provide safe extension code for
databases and operating systems, to achieve a unique combination of
language-independence and excellent performance. Software fault isolation
uses only the semantics of the underlying processor to determine whether a
mobile code module can corrupt its execution environment. This separation of
programming language implementation from program module safety enables our
mobile code system to use a radically simplified virtual machine as its basis
for portability. We measured the performance of Omniware using a suite of
four SPEC92 programs on the Pentium, PowerPC, Mips, and Sparc processor
architectures. Including the overhead for enforcing safety on all four
processors, OmniVM executed the benchmark programs within 21% as fast as the
optimized, unsafe code produced by the vendor-supplied compiler.</BLOCKQUOTE>
<P>
<!-- Authors: Mario Baldi and Silvano Gai and Gian Pietro Picco -->
<LI><A NAME="baldi97:exploiting"></A>Mario Baldi,
Silvano Gai, and Gian Pietro Picco.
<A HREF="http://www.polito.it/~picco/papers/ma97.ps.gz">Exploiting code
mobility in decentralized and flexible network management</A>.
In <CITE>Proceedings of the First International Workshop on Mobile
Agents</CITE>, Berlin, Germany, April 1997.<BLOCKQUOTE>Network management is
gaining increasing importance due to the pervasiveness of computer networks.
Nevertheless, mainstream approaches to network management are presently
limited by centralized management strategies and poor flexibility--a
consequence of their rigid client-server architecture. In this paper we
analyze how to overcome these problems by new design paradigms and
technologies encompassing the capability to relocate dynamically the
components of a distributed application. We evaluate the opportunities
offered by this approach and provide feasibility considerations, also
discussing a few interim architectural solutions adopted in our on-going
implementation work.</BLOCKQUOTE>
<P>
<!-- Authors: Jaochim Baumann and Christian Tschudin and Jan Vitek -->
<LI><A NAME="ecoop96:mos"></A>Jaochim Baumann,
Christian Tschudin, and Jan Vitek, editors.
<A HREF="http://cuiwww.unige.ch/~ecoopws/index.html#ws96"><CITE>Proceedings
of the 2nd ECOOP Workshop on Mobile Object Systems</CITE></A>, Linz, Austria,
July 1996.<P>
<!-- Authors: Joachim Baumann and Fritz Hohl and Nikolaos Radouniklis and Kurt
Rothermel and Markus Strer -->
<LI><A NAME="baumann97:communication"></A>Joachim
Baumann, Fritz Hohl, Nikolaos Radouniklis, Kurt Rothermel, and Markus Strßer.
<A HREF="http://www.informatik.uni-stuttgart.de/ipvr/vs/Publications/1997-baumann-01.sub.ps.gz">Communication concepts for mobile agent systems</A>.
In <CITE>Proceedings of the First International Workshop on Mobile
Agents</CITE>, Berlin, Germany, April 1997.<BLOCKQUOTE>Driven by the question
how to identify potential communication partners and the need for well-suited
communication schemes in agent-based systems, we discuss two communication
concepts: sessions and global event management. Sessions establish either
actively or passively a context for inter-agent interactions. Communication
partners are addressed by globally unique agent identifiers or via badges.
Communication in sessions is based on RPC or message mechanisms. Global event
management addresses the need for anonymous communication. Event managers are
employed as a synchronization means within agent groups. Based on this
approach, we introduce synchronization objects, -- active components that
offer various synchronization services. The presented model is finally mapped
onto OMG event services.</BLOCKQUOTE>
<P>
<!-- Authors: John K Bennett -->
<LI><A NAME="bennett90:experience"></A>John K. Bennett.
Experience with Distributed Smalltalk.
<CITE>Software-Practice and Experience</CITE>, 20(2):157-180, February
1990.<P>
<!-- Authors: Krishna A Bharat and Luca Cardelli -->
<LI><A NAME="bharat95:migratory"></A>Krishna A.
Bharat and Luca Cardelli.
<A HREF="http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-138.html">Migratory applications</A>.
In <CITE>Proceedings of the 8th Annual ACM Symposium on User Interface Software
and Technology</CITE>, Pittsburgh, Pa., November 1995.
Also available as Digital Systems Research Center Research Report
138.<BLOCKQUOTE>We introduce a new genre of user interface applications that
can migrate from one machine to another, taking their user interface and
application contexts with them, and continue from where they left off. Such
applications are not tied to one user or one machine, and can roam freely
over the network, rendering service to a community of users, gathering human
input and interacting with people. We envisage that this will support many
new agent-based collaboration metaphors. The ability to migrate executing
programs has applicability to mobile computing as well. Users can have their
applications travel with them, as they move from one computing environment to
another. We present an elegant programming model for creating migratory
applications and describe an implementation. The biggest strength of our
implementation is that the details of migration are completely hidden from
the application programmer; arbitrary user interface applications can be
migrated by a single ``migration'' command. We address system issues such as
robustness, persistence and memory usage, and also human factors relating to
application design the interaction metaphor and safety.</BLOCKQUOTE>
<P>
<!-- Authors: Krishna Bharat and Luca Cardelli -->
<LI><A NAME="bharat97:migratory"></A>Krishna
Bharat and Luca Cardelli.
Migratory applications.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 131-149. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>We present a new genre
of user interface applications: applications that can migrate from one
machine to another, taking their user interface and application contexts with
them, and continue from where they left off. Such applications are not tied
to one user or one machine, and can roam freely over the network, rendering
service to a community of users, gathering human input and interacting with
people. We envisage that this will support many new agent-based collaboration
metaphors. The ability to migrate executing programs has applicability to
mobile computing as well. Users can have their applications travel with them,
as they move from one computing environment to another. We present an elegant
programming model for creating migratory applications and describe an
implementation. The biggest strength of our implementation is that the
details of migration are completely hidden from the application programmer;
arbitrary user interface applications can be migrated by a single
``migration'' command. We address system issues such as robustness,
persistence and memory usage, and also human factors relating to the
application design process, the interaction metaphor and safety.</BLOCKQUOTE>
<P>
<!-- Authors: Lubomir F Bic and Munehiro Fukuda and Michael B Dillencourt -->
<LI><A NAME="bic96:distributed"></A>Lubomir F. Bic,
Munehiro Fukuda, and Michael B. Dillencourt.
<A HREF="http://www.ics.uci.edu/~bic/messengers/COMPUTER.ps">Distributed
computing using autonomous objects</A>.
<CITE>IEEE Computer</CITE>, August 1996.<BLOCKQUOTE>Autonomous Objects are a
new paradigm for distributed systems, based on the concept of intelligent
messages that carry their own behavior as they navigate autonomously through
the underlying computational network.</BLOCKQUOTE>
<P>
<!-- Authors: Andrew Birrell and Greg Nelson and Susan Owicki and Edward Wobber
-->
<LI><A NAME="birrell95">Andrew</A> Birrell, Greg
Nelson, Susan Owicki, and Edward Wobber.
<A HREF="http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-115.html">Network objects</A>.
<CITE>Software-Practice and Experience</CITE>, 25(S4):87-130, December 1995.
Also available as Digital Systems Research Center Research Report
115.<BLOCKQUOTE>A network object is an object whose methods can be invoked
over a network. This report describes the design and implementation of a
network objects system for Modula-3. The system is novel for its overall
simplicity. The report includes a thorough description of realistic
marshaling algorithms for network objects, precise informal specifications of
the major internal interfaces, preliminary experience, and performance
results.</BLOCKQUOTE>
<P>
<!-- Authors: Jeffrey Bradshaw -->
<LI><A NAME="bradshaw96:software"></A>Jeffrey Bradshaw,
editor.
<CITE>Software Agents</CITE>.
AAAI Press/MIT Press, Menlo Park, Cal., 1996.<P>
<!-- Authors: Jonathan Bredin and David Kotz and Daniela Rus -->
<LI><A NAME="bredin98:market"></A>Jonathan Bredin,
David Kotz, and Daniela Rus.
<A HREF="ftp://ftp.cs.dartmouth.edu/TR/TR97-326.ps.Z">Market-based resource
control for mobile agents</A>.
In <CITE>Proceedings of Autonomous Agents '98</CITE>, pages 197-204, 1998.
Earlier version published as Darmouth College, Department of Computer Science
technical report TR97-326.<BLOCKQUOTE>Mobile agents are programs that can
migrate from machine to machine in a heterogeneous, partially disconnected
network. As mobile agents move across a network, they consume resources. We
discuss a system for controlling the activities of mobile agents that uses
electronic cash, a banking system, and a set of resource managers. We
describe protocols for transactions between agents. We present fixed-pricing
and dynamic-pricing policies for resources. We focus on and analyze the
sealed-bid second-price auction as a mechanism for dynamic
pricing.</BLOCKQUOTE>
<P>
<!-- Authors: Jonathan Bredin and David Kotz and Daniela Rus -->
<LI><A NAME="bredin98:demand"></A>Jonathan Bredin,
David Kotz, and Daniela Rus.
<A HREF="ftp://ftp.cs.dartmouth.edu/TR/TR98-331.ps.Z">Utility driven
mobile-agent scheduling</A>.
Technical Report PCS-TR98-331, Dept. of Computer Science, Dartmouth College,
May 1998.<BLOCKQUOTE>We investigate the possibility of using markets to
regulate mobile agents, computer programs that are capable of migrating from
one machine to another. Market participation requires quantitative
information about resource consumption to define demand and calculate
utility. <P> We create a formal utility model to derive user-demand
functions, allowing agents to efficiently plan expenditure and deal with
price fluctuations. By quantifying demand and utility, resource owners can
precisely set a value for a good. We simulate our model in a mobile agent
scheduling environment and show how prices fluctuate, compounding uncertainty
in an agent's plans. To solve this problem, we propose that resource owners
sell options to allow agents to trade away their risk.</BLOCKQUOTE>
<P>
<!-- Authors: Ting Cai and Peter Gloor and Saurab Nog -->
<LI><A NAME="cai96:dataflow"></A>Ting Cai, Peter Gloor,
and Saurab Nog.
<A HREF="http://www.cs.dartmouth.edu/reports/abstracts/TR96-283/">Dataflow: A
workflow management system on the Web using transportable agents</A>.
Technical Report TR96-283, Department of Computer Science, Dartmouth College,
Hanover, N.H., 1996.<P>
<!-- Authors: Luca Cardelli -->
<LI><A NAME="cardelli95:language"></A>Luca Cardelli.
<A HREF="http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-122.html">A language with distributed scope</A>.
<CITE>Computing Systems</CITE>, 8(1):27-59, 1995.
Also available as Digital Systems Research Center Research Report
122.<BLOCKQUOTE>Obliq is a lexically-scoped untyped interpreted language that
supports distributed object-oriented computation. An Obliq computation may
involve multiple threads of control within an address space, multiple address
spaces on a machine, heterogeneous machines over a local network, and
multiple networks over the Internet. Obliq objects have state and are local
to a site. Obliq computations can roam over the network, while maintaining
network connections.</BLOCKQUOTE>
<P>
<!-- Authors: Luca Cardelli -->
<LI><A NAME="cardelli97:mobile"></A>Luca Cardelli.
<A HREF="http://www.research.digital.com:80/SRC/personal/Luca_Cardelli/Papers/MobileComputBookIntro.ps">Mobile computations</A>.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 3-6. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<P>
<!-- Authors: Antonio Carzaniga and Gian Pietro Picco and Giovanni Vigna -->
<LI><A NAME="carzaniga97:designing"></A>Antonio
Carzaniga, Gian Pietro Picco, and Giovanni Vigna.
<A HREF="http://www.polito.it/~picco/papers/icse97.ps.gz">Designing
distributed applications with a mobile code paradigm</A>.
In <CITE>Proceedings of the 19th International Conference on Software
Engineering</CITE>, Boston, Ma., May 1997.<BLOCKQUOTE>Large scale distributed
systems are becoming of paramount importance, due to the evolution of
technology and to the interest of market. Their development, however, is not
yet supported by a sound technological and methodological background, as the
results developed for small size distributed systems often do not scale up.
Recently, <EM>mobile code languages</EM> (MCLs) have been proposed as a
technological answer to the problem. In this work, we abstract away from the
details of these languages by deriving design paradigms exploiting code
mobility that are independent of any particular technology. We present such
design paradigms, together with a discussion of their features, their
application domain, and some hints about the selection of the correct
paradigm for a given distributed application.</BLOCKQUOTE>
<P>
<!-- Authors: Henry Cejtin and Suresh Jagannathan and Richard Kelsey -->
<LI><A NAME="cejtin95:higher"></A>Henry Cejtin, Suresh
Jagannathan, and Richard Kelsey.
<A HREF="ftp://ftp.nj.nec.com/pub/pls/toplas95.ps">Higher-order distributed
objects</A>.
<CITE>ACM Transactions on Programming Languages and Systems</CITE>,
17(5):704-739, September 1995.<BLOCKQUOTE>We describe a distributed
implementation of Scheme that permits efficient transmission of higher-order
objects such as closures and continuations. The integration of distributed
communication facilities within a higher-order programming language engenders
a number of new abstractions and paradigms for distributed computing. Among
these are user-specified load-balancing and migration policies for threads,
incrementally linked distributed computations, and parameterized
client-server applications. To our knowledge, this is the first distributed
dialect of Scheme (or a related language) that addresses lightweight
communication abstractions for higher-order objects.</BLOCKQUOTE>
<P>
<!-- Authors: David Chess and Benjamin Grosof and Colin Harrison and David
Levine and Colin Paris and Gene Tsudik -->
<LI><A NAME="chess95:itinerant"></A>David Chess,
Benjamin Grosof, Colin Harrison, David Levine, Colin Paris, and Gene Tsudik.
<A HREF="http://www.research.ibm.com/massdist/rc20010.ps">Itinerant agents for
mobile computing</A>.
IBM Research Report RC 20010, IBM, March 1995.<P>
<!-- Authors: David Chess and Colin Harrison and Aaron Kershenbaum -->
<LI><A NAME="chess97:mobile"></A>David Chess, Colin
Harrison, and Aaron Kershenbaum.
Mobile agents: Are they a good idea? -- update.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 46-48. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<P>
<!-- Authors: Paolo Ciancarini and Davide Rossi -->
<LI><A NAME="ciancarini97:jada"></A>Paolo
Ciancarini and Davide Rossi.
Jada -- coordination and communication for java agents.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 213-228. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>In this chapter we are
going to analyze mobile code issues in the perspective of object oriented
systems in which thread migration is not supported. This means that both
object's code and data can be transmitted from a place to another but not the
current execution state (if any) associated to the object. This is the case
with the Java language which is often used in the WWW for developing applets
which are little applications downloaded on the fly and executed in the
client machine. While this mechanism is quite useful for enhancing HTML
documents with sound and animation, we think that this technology can give
its best in the field of distributed-cooperative work, both in the
perspective of Internet and Intranet connectivity. Java is indeed a
concurrent, multithreaded language, but it offers little help for distributed
programming. Thus, we introduce Jada, a coordination toolkit for Java where
coordination among either concurrent threads or distributed Java objects is
achieved via shared object spaces. By exchanging objects through tuple
spaces, Java programs and applets can exchange data or synchronize their
actions over a single host, a LAN, or even the Internet. <P> The access to
an object space is performed using a set of methods of the ObjectSpace class.
Such operations are Out (to put an object in the object space), In and
Read (to get or to read associatively an object from the object space), and
others, mostly inspired by the Linda language. <P> Jada does not extends the
syntax of Java because it is a set of classes. We show how it changes the way
we design multiuser, distributed applications (such as the ones based on the
WWW) allowing easy interactions between software components and agents. <P>
Under this perspective we can outline a system of any scale which uses the
dynamic linking capability of Java to distribute the code and the
coordination facility of Jada to handle distributed entities
inter-relations.</BLOCKQUOTE>
<P>
<!-- Authors: Stewart M Clamen and Linda D Leibengood and Scott M Nettles and
Jeanette M Wing -->
<LI><A NAME="clamen90:reliable"></A>Stewart M. Clamen,
Linda D. Leibengood, Scott M. Nettles, and Jeanette M. Wing.
Reliable distributed computing with Avalon/Common Lisp.
In <CITE>Proceedings of the Internional Conference on Computer
Languages</CITE>, pages 169-179, 1990.<P>
<!-- Authors: William Cockayne and Michel Zypa -->
<LI><A NAME="cockayne97:itinerant"></A>William
Cockayne and Michel Zypa, editors.
<CITE>Itinerant Agents: Explanations and Examples with CDROM</CITE>.
Manning, 1997.<P>
<!-- Authors: Michael Condict and Dejan Milojicic and Franklin Reynolds and Don
Bolinger -->
<LI><A NAME="condict96:towards"></A>Michael Condict,
Dejan Milojicic, Franklin Reynolds, and Don Bolinger.
<A HREF="http://mosquitonet.stanford.edu/sigops96/papers/condict.ps">Towards a
world-wide civilization of objects</A>.
In <CITE>Proceedings of the Seventh ACM SIGOPS European Workshop</CITE>,
Connemara, Ireland, September 1996.<P>
<!-- Authors: Antony Courtney -->
<LI><A NAME="courtney95:phantom"></A>Antony Courtney.
<A HREF="http://www.apocalypse.org/pub/u/antony/phantom/coots.ps">Phantom: An
interpreted language for distributed programming</A>.
In <CITE>Proceedings of the USENIX Conference on Object-Oriented
Technologies</CITE>, Monterey, Ca., June 1995.<P>
<!-- Authors: Gianpaolo Cugola and Carlo Ghezzi and Gian Pietro Picco and
Giovanni Vigna -->
<LI><A NAME="cugola96:characterization"></A>Gianpaolo
Cugola, Carlo Ghezzi, Gian Pietro Picco, and Giovanni Vigna.
<A HREF="http://www.polito.it/~picco/papers/dpunkt.ps.gz">A characterization
of mobility and state distribution in mobile code languages</A>.
In <CITE>2nd ECOOP Workshop on Mobile Object Systems</CITE>, pages 10-19,
Linz, Austria, July 1996.<BLOCKQUOTE>The growing importance of
telecommunication networks has stimulatedresearch on a new generation of
programming languages. Such languagesview the network and its resources as a
global environment in whichcomputations take place. In particular, they
support the notion of codemobility and state distribution. To understand,
discuss, evaluate, andcompare such languages, it is necessary to develop an
abstract modelthat allows the meaning of mobility and state distribution to
be definedprecisely. The purpose of this paper is to provide such a model and
toapply it to the analysis of a number of existing new
languages.</BLOCKQUOTE>
<P>
<!-- Authors: Gianpaolo Cugola and Carlo Ghezzi and Gian Pietro Picco and
Giovanni Vigna -->
<LI><A NAME="cugola97:analyzing"></A>Gianpaolo Cugola,
Carlo Ghezzi, Gian Pietro Picco, and Giovanni Vigna.
<A HREF="http://www.polito.it/~picco/papers/ecoop96.ps.gz">Analyzing mobile
code languages</A>.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 93-110. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>The growing importance
of telecommunication networks has stimulated research on a new generation of
programming languages. Such languages view the network and its resources as a
global environment in which computations take place. In particular, they
support the notion of code mobility. To understand, discuss, evaluate, and
compare such languages, it is necessary to develop a new set of programming
language concepts and/or extend the concepts that are used to deal with
conventional languages. The purpose of this paper is to provide such
framework. This is done hand-in-hand with a survey of a number of existing
new languages.</BLOCKQUOTE>
<P>
<!-- Authors: Jonathan Dale and David C DeRoure -->
<LI><A NAME="dale97:mobile"></A>Jonathan Dale and
David C. DeRoure.
<A HREF="http://www.mmrg.ecs.soton.ac.uk/publications/archive/dale1997b/">A
mobile agent architecture for distributed information management</A>.
In <CITE>Proceedings of the International Workshop on the Virtual
Multicomputer</CITE>, March 1997.<BLOCKQUOTE>Large-scale networked
environments, such as the Internet, possess the characteristics of
distributed data, distributed access and distributed control; this gives the
user a powerful mechanism for building and integrating large repositories of
distributed information from diverse resources. However, few support tools
have been developed to allow the user to take advantage of the distributed
nature of their information. To help address this problem, we advocate the
integration of two technologies; distributed information management
principles to allow users to create, disseminate, discover and manage their
information, and mobile agent technology to provide the flexibility,
scalability and dynamism necessary to develop such distributed information
management applications. <P> We present four principles that we have
identified as being key to achieving distributed information management and
an architecture where mobile agents can move across distributed environments,
integrate with local resources and other mobile agents, and communicate their
results back to the user. We also describe a number of prototype distributed
information management agents that we have developed.</BLOCKQUOTE>
<P>
<!-- Authors: Jonathan Dale and David C DeRoure -->
<LI><A NAME="dale97:towards"></A>Jonathan Dale and
David C. DeRoure.
<A HREF="http://www.agents.ecs.soton.ac.uk/Voyager/papers/m97-1.htm">Towards a
framework for developing mobile agents for managing distributed information
resources</A>.
Technical Report 97-1, Department of Electronics and Computer Science,
University of Southampton, February 1997.<BLOCKQUOTE>Distributed information
management tools allow users to author, disseminate, discover and manage
information within large-scale networked environments, such as the Internet.
Agent technology provides the flexibility and scalability necessary to
develop such distributed information management applications. We present a
layered organisation that is shared by the specific applications that we
build. Within this organisation we describe an architecture where mobile
agents can move across distributed environments, integrate with local
resources and other mobile agents, and communicate their results back to the
user.</BLOCKQUOTE>
<P>
<!-- Authors: Jonathan Dale -->
<LI><A NAME="dale97:agent"></A>Jonathan Dale.
<A HREF="http://www.mmrg.ecs.soton.ac.uk/publications/archive/dale1997a/"><CITE>A Mobile Agent Architecture for Distributed Information
Management</CITE></A>.
PhD thesis, University of Southampton, September 1997.<BLOCKQUOTE>Large-scale
networked environments, such as the Internet, possess the characteristics of
distributed data, distributed access and distributed control; this gives the
user a powerful mechanism for building and integrating large repositories of
distributed information from diverse resource sets. However, few support
tools have been developed to allow the user to take advantage of the
distributed nature of their information. <P> Distributed information
management is the process by which users can create, disseminate, discover
and manage information that is spread across distributed resources.
Distributed open hypermedia systems have shown how distributed information,
such as documents and hypermedia links, can be managed and handled within an
environment that integrates smoothly between the user's desktop and the
network. However, such systems are now looking at addressing the problem of
interoperability across hypermedia systems, so that documents and links can
be shared between users on heterogeneous integrating technologies. <P> This
thesis proposes that the distributed information management provided by open
hypermedia systems needs to be extended so that it is more interoperable,
extensible and pervasive and that this can be achieved by integrating the
principles of open hypermedia with the technology of mobile agents. Mobile
agents present a new development mechanism for designing and building
distributed applications which are well suited to the dynamic environment of
large-scale networks. <P> This thesis describes the development of a mobile
agent architecture within which distributed information management tasks can
be built and executed. Mobile agents present an important abstraction
mechanism when designing distributed environments and also allow the user to
manage distributed information indirectly through their mobile agents. A
number of prototype agents are described that have been developed to
illustrate distributed information management tasks within the architecture
and to show how abstractionism and indirect management can be
achieved.</BLOCKQUOTE>
<P>
<!-- Authors: Drew Dean and Ed Felten and Dan Wallach -->
<LI><A NAME="dean96:java"></A>Drew Dean, Ed Felten, and
Dan Wallach.
<A HREF="http://www.cs.princeton.edu/sip/pub/secure96.html">Java security: From
HotJava to Netscape and beyond</A>.
In <CITE>Proceedings of the 1996 IEEE Symposium on Security and Privacy</CITE>,
Oakland, Cal., May 1996.<BLOCKQUOTE>The introduction of Java applets has
taken the WorldWide Web by storm. Information servers can customize the pre-
sentation of their content with server-supplied code which executes inside
the Web browser. We examine the Java language and both the HotJava and
Netscape browsers which support it, and find a significant number of flaws
which compromise their security. These flaws arise for several reasons,
including implementation errors, unintended interactions between browser
features, differences between the Java language and bytecode semantics, and
weaknesses in the design of the language and the bytecode format. On a deeper
level, these flaws arise because of weaknesses in the design methodology used
in creating Java and the browsers. In addition to the flaws, we discuss the
underlying tension between the openness desired by Web application writers
and the security needs of their users, and we suggest how both might be
accommodated.</BLOCKQUOTE>
<P>
<!-- Authors: Drew Dean -->
<LI><A NAME="dean97:security"></A>Drew Dean.
<A HREF="http://www.CS.Princeton.EDU/sip/pub/ccs4.html">The security of static
typing with dynamic linking</A>.
In <CITE>Proceedings of the Fourth ACM Conference on Computer and
Communications Security</CITE>, Zurich, Switzerland, April 1997.
sec.<BLOCKQUOTE>Dynamic linking is a requirement for portable executable
content. Executable content cannot know, ahead of time, where it is going to
be executed, nor know the proper operating system interface. This imposes a
requirement for dynamic linking. At the same time, we would like languages
supporting executable content to be statically typable, for increased
efficiency and security. Static typing and dynamic linking interact in a
security-relevant way. This interaction is the subject of this paper. One
solution is modeled in PVS, and formally proven to be safe.</BLOCKQUOTE>
<P>
<!-- Authors: Peter Domel -->
<LI><A NAME="domel97:interaction"></A>Peter Dömel.
Interaction of Java and Telescript agents.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 295-314. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>This chapter gives an
introduction into the two object-oriented programming environments Telescript
and Java which both allow to write mobile code. It illustrates some of the
more interesting features of these languages as platforms for mobile object
systems. Further emphasis lies on the cooperation of agents in these two
object-oriented worlds. Moreover, several descriptions of some higher-level
agents scenarios are given.</BLOCKQUOTE>
<P>
<!-- Authors: Dominic Duggan and Piotr Przybylski -->
<LI><A NAME="duggan96:type"></A>Dominic Duggan
and Piotr Przybylski.
<A HREF="http://cuiwww.unige.ch/~ecoopws/ws96/7.ps.gz">A type-based
implementation of a language with distributed scope</A>.
In <CITE>2nd ECOOP Workshop on Mobile Object Systems</CITE>, pages 52-59,
Linz, Austria, July 1996.<BLOCKQUOTE>The ML programming language has several
features that make it desirableas a language for distributed application
programming. It supportsfirst-class closures, which are useful for
distributed scope and mobileagents. Type inference removes much of the tedium
of lower-levelprogramming, without compromising reliability. Finally ML
provides apowerful type system, including type polymorphism. A dialect of
MLintended for distributed application programming is introduced.
Adistinguishing characteristic of this implementation is the use ofrun-time
type information, motivated by several constructs in thelanguage. This is
intended to motivate the use of run-time types in implementations of
polymorphic languages intended for distributed programming.</BLOCKQUOTE>
<P>
<!-- Authors: Dominic Duggan -->
<LI><A NAME="duggan97:type"></A>Dominic Duggan.
A type-based implementation of a language with distributed scope.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 277-294. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>Several languages have
been designed and implemented for programming mobile computations. This
chapter describes a mobile code language based on extending the popular ML
language. The language design, and its implementation, are distinguished by
the use of run-time type information for computation. This is intended to
motivate the use of run-time types in implementations of languages intended
for distributed programming and mobile computations, particularly languages
such as ML that provide type polymorphism.</BLOCKQUOTE>
<P>
<!-- Authors: Guy Edjlali and Anurag Acharya and Vipin Chaudhary -->
<LI><A NAME="edjlali98:history"></A>Guy Edjlali,
Anurag Acharya, and Vipin Chaudhary.
<A HREF="http://www.cs.ucsb.edu/~acha/publications/ccs98-submitted.html">History-based access control for mobile code</A>.
In <CITE>Proceedings of the Fifth ACM Conference on Computer and Communications
Security</CITE>, San Francisco, Ca., November 1998.<BLOCKQUOTE>In this paper,
we present a history-based access-control mechanism that is suitable for
mediating accesses from mobile code. The key idea behind history-based
access-control is to maintain a selective history of the access requests made
by individual programs and to use this history to improve the differentiation
between safe and potentially dangerous requests. What a program is allowed to
do depends on its own behavior and identity in addition to currently used
discriminators like the location it was loaded from or the identity of its
author/provider. History-based access-control has the potential to
significantly expand the set of programs that can be executed without
compromising security or ease of use. We describe the design and
implementation of Deeds, a history-based access-control mechanism for Java.
Access-control policies for Deeds are written in Java, and can be updated
while the programs whose accesses are being mediated are still
executing.</BLOCKQUOTE>
<P>
<!-- Authors: Joseph R Falcone -->
<LI><A NAME="falcone87:programmable"></A>Joseph R. Falcone.
A programmable interface language for heterogeneous distributed sytems.
<CITE>ACM Transactions on Computer Systems</CITE>, 5(4):330-351, July 1987.<P>
<!-- Authors: William M Farmer and Joshua D Guttman and Vipin Swarup -->
<LI><A NAME="farmer96:authentication"></A>William M.
Farmer, Joshua D. Guttman, and Vipin Swarup.
Security for mobile agents: Authentication and state appraisal.
In <CITE>Proceedings of the Fourth European Symposium on Research in Computer
Security</CITE>, pages 118-130, Rome, Italy, September 1996.
Springer-Verlag Lecture Notes in Computer Science No. 1146.<BLOCKQUOTE>Mobile
agents are processes which can autonomously migrate to new hosts. Despite its
many practical benefits, mobile agent technology results in significant new
security threats from malicious agents and hosts. The primary added
complication is that, as an agent traverses multiple hosts that are trusted
to different degrees, its state can change in ways that adversely impact its
functionality. In this paper, we discuss achievable security goals for mobile
agents, and we propose an architecture to achieve these goals. The
architecture models the trust relations between the principals of mobile
agent systems. A unique aspect of the architecture is a ``state appraisal''
mechanism that protects users and hosts from attacks via state modifications
and that provides users with flexible control over the authority of their
agents.</BLOCKQUOTE>
<P>
<!-- Authors: William M Farmer and Joshua D Guttman and Vipin Swarup -->
<LI><A NAME="farmer96:issues"></A>William M. Farmer,
Joshua D. Guttman, and Vipin Swarup.
<A HREF="http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper033/SWARUP96.PDF">Security for mobile agents: Issues and requirements</A>.
In <CITE>Proceedings of the 19th National Information Systems Security
Conference</CITE>, pages 591-597, Baltimore, Md., October 1996.<P>
<!-- Authors: Philip W L Fong and Robert D Cameron -->
<LI><A NAME="fong98:proof"></A>Philip W. L. Fong
and Robert D. Cameron.
<A HREF="http://www.cs.sfu.ca/~pwfong/personal/Pub/fse98.ps">Proof linking:
An architecture for modular verification of dynamically-linked mobile
code</A>.
In <CITE>Proceedings of the Sixth ACM SIGSOFT International Symposium on the
Foundations of Software Engineering</CITE>, pages 222-230, Orlando, Florida,
November 1998.<BLOCKQUOTE>Security flaws are routinely discovered in
commercial implementations of mobile code systems such as the Java Virtual
Machine (JVM). Typical architectures for such systems exhibit complex
interdependencies between the loader, the verifier, and the linker, making
them difficult to craft, validate, and maintain. This reveals a software
engineering challenge that is common to all mobile code systems in which a
static verification phase is introduced before dynamic linking. In such
systems, one has to articulate how loading, verification, and linking
interact with each other, and how the three processes should be organized to
address various security issues. <P> We propose a standard architecture for
crafting mobile code verifiers, based on the concept of proof linking. This
architecture modularizes the verification process and isolates the
dependencies among the loader, verifier, and linker. We also formalize the
process of proof linking and establish properties to which correct
implementations must conform. As an example, we instantiate our architecture
for the problem of Java bytecode verification and assess the correctness of
this instantiation. Finally, we briefly discuss alternative mobile code
verification architectures enabled by our modularization.</BLOCKQUOTE>
<P>
<!-- Authors: Philip W L Fong -->
<LI><A NAME="fong98:viewer"></A>Philip W. L. Fong.
<A HREF="http://www.cs.sfu.ca/~pwfong/personal/Pub/SFU-CMPT-TR-1998-19.ps">Viewer's discretion: Host security in mobile code systems</A>.
Technical Report SFU CMPT TR 1998-19, School of Computing Science, Simon Fraser
University, Burnaby, BC, November 1998.<BLOCKQUOTE>Mobile code computation
is a new paradigm for structuring distributed systems. Mobile programs
migrate from remote sites to a host, and interact with the resources and
facilities local to that host. This new mode of distributed computation
promises great opportunities for electronic commerce, mobile computing, and
information harvesting. There has been a general consensus that security is
the key to the success of mobile code computation. In this paper, we survey
the issues surrounding the protection of a host from potentially hostile
mobile programs. <P> Decades of research in operating systems has provided
significant experience and insight into the nature of system security. Before
we propose any new security model for mobile code systems, it is wise to
question why the existing protection mechanisms found in distributed
operating systems do not fully address the security needs of mobile code
systems. We propose three security challenges that are distinctive of the
mobile code phenomenon, namely, the establishment of anonymous trust
(establishing trust with programs from unfamiliar origin), layered protection
(establishing fine-grained protection boundaries among mutually-distrusting
parts of the same process), and implicit acquisition (coping with the
implicit nature of mobile program acquisition). <P> We also survey various
approaches to protection in existing mobile code systems. We classify
protection approaches into four categories: discretion, verification,
transformation, and arbitration. We evaluate each category by looking at how
well they address the security needs of mobile code computation.</BLOCKQUOTE>
<P>
<!-- Authors: Michael Franz -->
<LI><A NAME="franz97:adapative"></A>Michael Franz.
Adaptive compression of syntax trees and iterative dynamic code optimization:
Two basic technologies for mobile object systems.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 263-276. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>We are designing and
implementing a flexible infrastructure for mobile-object systems. Two
fundamental innovations distinguish our architecture from other proposed
solutions. First, our representation of mobile code is based on adaptive
compression of syntax trees. Not only is this representation more than twice
as dense as Java byte-codes, but it also encodes semantic information on a
much higher level than linear abstract-machine representations such as p-code
or Java byte-codes. The extra structural information that is contained in our
mobile-code format is directly beneficial for advanced code optimizations.
<P> Second, our architecture achieves superior run-time performance by
integrating the activity of generating executable code into the operating
system itself. Rather than being an auxiliary function performed off-line by
a stand-alone compiler, code generation constitutes a central, indispensable
service in our system. Our integral code generator has two distinct modes of
operation: instantaneous load-time translation and continuous dynamic
re-optimization. <P> In contrast to just-in-time compilers that translate
individual procedures on a call-by-call basis, our system's integral
code-generator translates complete code-closures in a single burst during
loading. This has the apparent disadvantage that it introduces a minor delay
prior to the start of execution. As a consequence, to some extent we have to
favor compilation speed over code quality at load time. <P> But then, the
second operation mode of our embedded code generator soon corrects this
shortcoming. Central to our run-time architecture is a thread of activity
that continually optimizes all of the already executing software in the
background. Since this is strictly a re-compilation of already existing code,
and since it occurs completely in the background, speed is not critical, so
that aggressive, albeit slow, optimization techniques can be employed. Upon
completion, the previously executing version of the same code is supplanted
by the newly generated one and re-optimization starts over. By constructing
globally optimized code-images from mobile software components, our
architecture is able to reconcile dynamic composability with the run-time
efficiency of monolithic applications.</BLOCKQUOTE>
<P>
<!-- Authors: Munehiro Fukuda and Lubomir F Bic and Michael B Dillencourt and
Fehmina Merchant -->
<LI><A NAME="fukuda96:intra"></A>Munehiro Fukuda,
Lubomir F. Bic, Michael B. Dillencourt, and Fehmina Merchant.
<A HREF="http://www.ics.uci.edu/~bic/messengers/COORD.ps">Intra- and
inter-object coordination with sc messengers</A>.
In <CITE>Coordination Languages and Models</CITE>, pages 179-196, Cesena,
Italy, April 1996. Springer-Verlag.
Lectures Notes in Computer Science 1061.<BLOCKQUOTE>MESSENGERS is a paradigm
for the programming of distributed systems. It is based on the principles of
autonomous messages, called Messengers, which carry their own behavior in the
form of a program. This enables them to navigate freely in the underlying
computational network, communicate with one another, and invoke pre-compiled
node-resident functions. Coordination is facilitated at two distinct levels
of abstraction: first, Messengers coordinate the invocation and the exchange
of data among the various functions distributed throughout the network in
both time and space (intra-object coordination); second, Messengers, each
representing a high-level entity, can coordinate their behaviors among
themselves (inter-object coordination). These principles, where an
application is composed of autonomous, mobile entities whose behaviors may
change dynamically and which can coordinate their actions among themselves,
offer great flexibility in interacting with and manipulating the application
at run time, as well as improved performance. This is illustrated using two
concrete examples-a Toxicology simulation from medicine and a study of
collective fish behavior from biology.</BLOCKQUOTE>
<P>
<!-- Authors: Munehiro Fukuda and Lubomir F Bic and Michael B Dillencourt -->
<LI><A NAME="fukuda97:performance"></A>Munehiro
Fukuda, Lubomir F. Bic, and Michael B. Dillencourt.
<A HREF="http://www.ics.uci.edu/~bic/messengers/wwca97.ps">Performance of
the MESSENGERS autonomous-objects-based system</A>.
In <CITE>Proceedings of the First International Conference on Worldwide
Computing and Its Applications (WWCA97)</CITE>, Tsukuba, Japan, March 1997.
Springer-Verlag.
Lecture Notes in Computer Science 1274.<BLOCKQUOTE>MESSENGERS is a system for
general-purpose distributed computing based on the concept of autonomous
mobile objects, capable of navigating through a network and invoking
native-mode C functions in the nodes they visit. We present performance
measurements using three specific applications to illustrate the cost of
using this paradigm for developing and using distributed
applications.</BLOCKQUOTE>
<P>
<!-- Authors: Munehiro Fukuda and Lubomir F Bic and Michael B Dillencourt and
Fehima Merchant -->
<LI><A NAME="fukuda97:messages"></A>Munehiro Fukuda,
Lubomir F. Bic, Michael B. Dillencourt, and Fehima Merchant.
<A HREF="http://www.ics.uci.edu/~bic/messengers/ICDCS97.ps">Messages versus
messengers in distributed programming</A>.
In <CITE>Proceedings of the 17th International Conference on Distributed
Computing Systems</CITE>, Baltimore, Md., May 1997.<BLOCKQUOTE>Messengers are
autonomous objects, each capable of navigating through the underlying network
and performing various tasks at each node. Messengers applications are
written using navigational commands rather than the send/receive primitives
of conventional message-passing approaches. In this paper we contrast the two
programming styles. The navigational style generally results in a smaller
semantic gap between abstract algorithm descriptions and their actual
implementations, which makes programs easier to construct, understand, and
maintain. Other advantages of the navigational programming style include the
ability to compute in unknown or dynamically changing network
topologies.</BLOCKQUOTE>
<P>
<!-- Authors: Munehiro Fukuda and Lubomir F Bic and Michael B Dillencourt and
Fehmina Merchant -->
<LI><A NAME="fukuda97:hierarchical"></A>Munehiro
Fukuda, Lubomir F. Bic, Michael B. Dillencourt, and Fehmina Merchant.
<A HREF="http://www.ics.uci.edu/~bic/messengers/FTDCS97.ps">A hierarchical
mapping scheme for mobile agent systems</A>.
In <CITE>6th IEEE CS Workshop on Future Trends of Distributed Computing Systems
(FTDCS)</CITE>, Tunis, Tunisia, October 1997.<BLOCKQUOTE>MESSENGERS is a
system for general-purpose distributed computing based on the principles of
mobile agents. Its underlying infrastructure consists of a collection of
daemon processes, whose task it is to receive incoming agents, provide the
necessary environment for their execution, and send them on to their next
destinations as dictated by their behaviors. The structure of the daemon
processes and their mapping onto the physical network is the main subject of
this paper. Given the autonomous nature of each computation, the mapping
problem is very different from those implemented for systems of communicating
processes. At the same time, it offers new opportunities for solving the
problems of load balancing, dynamic resource utilization, and trade-offs
between computation granularity and communication overhead.</BLOCKQUOTE>
<P>
<!-- Authors: Munehiro Fukuda and Lubomir F Bic and Michael B Dillencourt -->
<LI><A NAME="fukuda98:global"></A>Munehiro Fukuda,
Lubomir F. Bic, and Michael B. Dillencourt.
<A HREF="http://www.ics.uci.edu/~bic/messengers/PDPTA.ps">Global virtual
time support for individual-based simulations</A>.
In <CITE>Proceedings of the International Conference on Parallel and
Distributed Processing Techniques and Applications (PDPTA'98)</CITE>, Las
Vegas, NV, July 1998.<BLOCKQUOTE>An individual-based simulation organizes the
application as a collection of autonomous entities. The behavior of the
system is simulated as interactions among such entities and hence the
application development focuses primarily on describing the entities'
behaviors. A natural implementation of individual-based modeling is to use
autonomous objects, i.e., mobile entities navigating autonomously through
their underlying computational network. This is further simplified if the
programming and execution environment supports global virtual time
management. MESSENGERS is a virtual-time computing environment for autonomous
objects, and therefore the present work is the first experiment in applying
the paradigm of autonomous objects to distributed individual-based
simulations. We discuss MESSENGERS' advantages for application development
from the software engineering point of view and compare its performance with
conventional message-passing executions.</BLOCKQUOTE>
<P>
<!-- Authors: Munehiro Fukuda and Lubomir F Bic and Michael B Dillencourt and
Fehmina Merchant -->
<LI><A NAME="fukuda98:distributed"></A>Munehiro
Fukuda, Lubomir F. Bic, Michael B. Dillencourt, and Fehmina Merchant.
<A HREF="http://www.ics.uci.edu/~bic/messengers/COORD-j.ps">Distributed
coordination with MESSENGERS</A>.
<CITE>Science of Computer Programming</CITE>, 31(2), 1998.
Special Issue on Coordination Models, Languages,
Applications.<BLOCKQUOTE>MESSENGERS is a paradigm for the programming of
distributed systems. It is based on the principles of autonomous messages,
called Messengers, which carry their own behavior in the form of a program.
This enables them to navigate freely in the underlying computational network,
communicate with one another, and invoke compiled node-resident C functions
in the nodes they visit. Hence a distributed application is viewed as a
collection of C functions whose invocation and interoperation is orchestrated
by Messengers. This provides for a clear separation between computations, as
expressed by the individual node functions, and coordination, which is the
order of function invocations and the transport of information among them as
prescribed by messengers. This separation allows each layer to be designed
and implemented separately. It also supports the reuse of the coordination
structures and the interactive and incremental development and use of
distributed applications.</BLOCKQUOTE>
<P>
<!-- Authors: Carlo Ghezzi and Giovanni Vigna -->
<LI><A NAME="ghezzi97:mobile"></A>Carlo Ghezzi and
Giovanni Vigna.
<A HREF="http://www.elet.polimi.it/~vigna/ma97.ps.gz">Mobile code paradigms
and technologies: A case study</A>.
In <CITE>Proceedings of the First International Workshop on Mobile
Agents</CITE>, Berlin, Germany, April 1997.<BLOCKQUOTE>The opportunities
offered by the Internet are encouraging research aimed at the creation of a
computational infrastructure that exploits the wide spread communication
infrastructure. The mobile computation paradigm is a proposal to build a
computational infrastructure that goes beyond the well-known client-server
paradigm and increases dynamicity and flexibility. Despite the promising
first steps, there is still confusion on the role of paradigms and technology
in the development on applications based on the mobile computation paradigm.
We present a case study in which we develop several versions of an
application using different paradigms and different technologies in order to
show when these concepts come into play and which are their
relationships.</BLOCKQUOTE>
<P>
<!-- Authors: Ian Goldberg and David Wagner and Randi Thomas and Eric A Brewer
-->
<LI><A NAME="goldberg96:secure"></A>Ian Goldberg,
David Wagner, Randi Thomas, and Eric A. Brewer.
<A HREF="http://www.cs.berkeley.edu/~daw/janus-usenix96.ps">A secure
environment for untrusted helper applications</A>.
In <CITE>Proceedings of the 6th Usenix Security Symposium</CITE>, San Jose,
Ca., July 1996.<BLOCKQUOTE>Many popular programs, such as Netscape, use
untrusted helper applications to process data from the network.
Unfortunately, the unauthenticated network data they interpret could well
have been created by an adversary, and the helper applications are usually
too complex to be bug-free. This raises significant security concerns.
Therefore, it is desirable to create a secure environment to contain
untrusted helper applications. We propose to reduce the risk of a security
breach by restricting the program's access to the operating system. In
particular, we intercept and filter dangerous system calls via the Solaris
process tracing facility. This enabled us to build a simple, clean, user-mode
implementation of a secure environment for untrusted helper applications. Our
implementation has negligible performance impact, and can protect
pre-existing applications.</BLOCKQUOTE>
<P>
<!-- Authors: James Gosling and Rosenthal David S H and Michelle J Arden -->
<LI><A NAME="gosling89:news"></A>James Gosling, David
S. H. Rosenthal, and Michelle J. Arden.
<CITE>The NeWS Book: An Introduction to the Network/extensible Window
System</CITE>.
Springer-Verlag, New York, 1989.<P>
<!-- Authors: James Gosling -->
<LI><A NAME="gosling86:sundew"></A>James Gosling.
Sundew: A distributed and extensible window system.
In <CITE>Proceedings of the 1986 Usenix Winter Technical Conference</CITE>,
pages 98-103, Denver, Colorado, 1986.<P>
<!-- Authors: Robert S Gray and George Cybenko and David Kotz and Daniela Rus
-->
<LI><A NAME="gray97:agent"></A>Robert S. Gray, George
Cybenko, David Kotz, and Daniela Rus.
<A HREF="http://www.cs.dartmouth.edu/~agent/papers/chapter.ps.Z">Agent
Tcl</A>.
In <A HREF="#cockayne97:itinerant">[Cockayne and Zypa, 1997]</A>.<P>
<!-- Authors: Robert S Gray and David Kotz and Saurab Nog and Daniela Rus and
George Cybenko -->
<LI><A NAME="gray97:mobile"></A>Robert S. Gray, David
Kotz, Saurab Nog, Daniela Rus, and George Cybenko.
<A HREF="http://www.cs.dartmouth.edu/reports/abstracts/TR96-285/">Mobile agents
for mobile computing</A>.
In <CITE>Proceedings of the Second Aizu International Symposium on Parallel
Algorithms/Architectures Synthesis</CITE>, Fukushima, Japan, March 1997.
Also available as Dartmouth College Departmennt of Computer Science Technical
Report TR96-285.<P>
<!-- Authors: Robert S Gray and George Cybenko and David Kotz and Daniela Rus
-->
<LI><A NAME="gray98:dagents"></A>Robert S. Gray, George
Cybenko, David Kotz, and Daniela Rus.
<A HREF="http://actcomm.dartmouth.edu/papers/gray:security-book.ps.Z">D'agents:
Security in a multiple-language, mobile-agent system</A>.
In <A HREF="#vigna98:mobile">[Vigna, 1998]</A>.
To appear.<BLOCKQUOTE>Mobile-agent systems must address three security issues:
protecting an individual machine, protecting a group of machines, and
protecting an agent. In this chapter, we discuss these three issues in the
context of D'Agents, a mobile-agent system whose agents can be written in
Tcl, Java and Scheme. (D'Agents was formerly known as Agent Tcl.) First we
discuss mechanisms existing in D'Agents for protecting an individual machine:
(1) cryptographic authentication of the agent's owner, (2) resource managers
that make policy decisions based on the owner's identity, and (3) secure
execution environments for each language that enforce the decisions of the
resource managers. Then we discuss our planned market-based approach for
protecting machine groups. Finally we consider several (partial) solutions
for protecting an agent from a malicious machine.</BLOCKQUOTE>
<P>
<!-- Authors: Robert S Gray -->
<LI><A NAME="gray95:agent"></A>Robert S. Gray.
<A HREF="http://www.cs.dartmouth.edu/~agent/papers/cikm95.ps.Z">Agent Tcl:
A transportable agent system</A>.
In <CITE>Proceedings of the CIKM Workshop on Intelligent Information
Agents</CITE>, Baltimore, Md., December 1995.<P>
<!-- Authors: Robert S Gray -->
<LI><A NAME="gray95:agent-manual"></A>Robert S. Gray.
<A HREF="ftp://cs.dartmouth.edu/pub/agents/doc.1.1.ps.gz"><CITE>Agent Tcl:
Alpha Release 1.1</CITE></A>.
Department of Computer Science, Dartmouth College, December
1995.<BLOCKQUOTE>Agent Tcl is a transportable agent system. The agents are
written in an extended version of the Tool Command Lanuage (Tcl). Each agent
can suspend its execution at an arbitrary point, transport to another machine
and resume execution on the new machine. This migration is accomplished with
the agent jump command. agent jump captures the current state of the Tcl
script and transfers this state to the destination machine. The state is
restored on the new machine and the Tcl script continues its execution from
the command immediately after the agent jump. In addition to migration,
agents can send messages to each other and can establish direct connections.
A direct connection is more efficient than message passing for bulk data
transfer. Finally, agents can use the Tk toolkit to create graphical user
interfaces on their current machine. Agent Tcl is implemented as two
components. The first component is an extended Tcl interpreter. The second
component is a server which runs on each machine. The server accepts incoming
agents, messages and connection requests and keeps track of the agents that
are running on its machine. An alpha release of Agent Tcl is available for
public use. This documentation describes how to obtain and compile the source
code, how to run the server and how to write transportable
agents.</BLOCKQUOTE>
<P>
<!-- Authors: Robert S Gray -->
<LI><A NAME="gray96">Robert</A> S. Gray.
<A HREF="http://www.cs.dartmouth.edu/~agent/papers/tcl96.ps.Z">Agent Tcl:
A flexible and secure mobile agent system</A>.
In <CITE>Proceedings of the Fourth Annual Tcl/Tk Workshop</CITE>, pages 9-23,
Monterey, Cal., July 1996.<BLOCKQUOTE>An information agent manages all or a
portion of a user's information space. The electronic resources in this space
are often distributed across a network and can contain tremendous quantities
of data. Mobile agents provide efficient access to such resources and are a
powerful tool for implementing information agents. A mobile agent is an
autonomous program that can migrate from machine to machine in a
heterogeneous network. By migrating to the location of a resource, the agent
can access the resource efficiently even if network conditions are poor or
the resource has a low-level interface. Telescript is the best-known
mobile-agent system. Telescript, however, requires the programmer to learn
and work with a complex object-oriented language and a complex security
model. Agent Tcl, on the other hand, is a simple, flexible, and secure system
that is based on the Tcl scripting language and the Safe Tcl extension. In
this paper we describe the architecture of Agent Tcl and its current
implementation.</BLOCKQUOTE>
<P>
<!-- Authors: Robert S Gray -->
<LI><A NAME="gray97:security"></A>Robert S. Gray.
Agent Tcl: A flexible and secure mobile-agent system.
<CITE>Dr. Dobbs Journal</CITE>, 22(3):18-27, March 1997.<P>
<!-- Authors: Robert S Gray -->
<LI><A NAME="gray:thesis"></A>Robert S. Gray.
<A HREF="http://actcomm.dartmouth.edu/papers/gray:thesis.ps.Z"><CITE>Agent
Tcl: A flexible and secure mobile-agent system</CITE></A>.
PhD thesis, Dept. of Computer Science, Dartmouth College, June 1997.
Available as Dartmouth Computer Science Technical Report TR98-327.<P>
<!-- Authors: Robert S Gray -->
<LI><A NAME="gray98:tcl"></A>Robert S. Gray.
<A HREF="ftp://ftp.cs.dartmouth.edu/TR/TR98-327.ps.Z">Agent tcl: A flexible and
secure mobile-agent system</A>.
Technical Report PCS-TR98-327, Dartmouth College, Computer Science, Hanover,
NH, January 1998.
Ph.D. Thesis, June 1997.<BLOCKQUOTE>A mobile agent is an autonomous program
that can migrate under its own control from machine to machine in a
heterogeneous network. In other words, the program can suspend its execution
at an arbitrary point, transport itself to another machine, and then resume
execution from the point of suspension. Mobile agents have the potential to
provide a <EM>single, general framework</EM> in which a wide range of
distributed applications can be implemented efficiently and easily. Several
challenges must be faced, however, most notably reducing migration overhead,
protecting a machine from malicious agents (and an agent from malicious
machines), and insulating the agent against network and machine failures.
Agent Tcl is a mobile-agent system under development at Dartmouth College
that has evolved from a Tcl-only system into a multiple-language system that
currently supports Tcl, Java, and Scheme. In this thesis, we examine the
motivation behind mobile agents, describe the base Agent Tcl system and its
security mechanisms for protecting a machine against malicious agents, and
analyze the system's current performance. Finally, we discuss the security,
fault-tolerance and performance enhancements that will be necessary for Agent
Tcl and mobile agents in general to realize their full
potential.</BLOCKQUOTE>
<P>
<!-- Authors: Robert Grimm and Brian N Bershad -->
<LI><A NAME="grimm97:access"></A>Robert Grimm and
Brian N. Bershad.
<A HREF="http://www.cs.washington.edu/homes/rgrimm/papers/tr97-11-01.ps">Access
control in extensible systems</A>.
Technical report, Department of Computer Science, University of Washington,
March 1997.<BLOCKQUOTE>The recent trend towards dynamically extensible
systems holds the promise of more powerful and flexible systems. At the same
time, the impact of extensibility on overall system security and,
specifically, access control is still ill understood, and protection
mechanisms in these extensible systems are rudimentary at best. In this
paper, we identify the structure of extensible systems as it relates to
system security, and present an access control mechanism that is
user-friendly and complete. The mechanism, by using ideas first introduced by
the security community, offers mandatory access control which can be used to
enforce a given security policy. Additional discretionary access control
allows users to express their own fine-grained access constraints. <P> We
introduce a new access mode, called the extend access mode, in addition to
the familiar execute access mode, to reflect how extensions interact.
Furthermore, in a departure from work in the security community, we treat
both extensions and threads of control as subjects, i.e., as active entities,
in order to correctly capture their interaction in an extensible system. We
present the design of the access control mechanism and define a formal model.
We describe an implementation of the access control mechanism in the SPIN
extensible operating system, which allows us to evaluate its performance and
to explore optimizations that reduce the overhead of access control. The
measured end-to-end overhead of access control in our system is less than
2%.</BLOCKQUOTE>
<P>
<!-- Authors: Robert Grimm and Brian N Bershad -->
<LI><A NAME="grimm97:security"></A>Robert Grimm
and Brian N. Bershad.
<A HREF="http://www.cs.washington.edu/homes/rgrimm/papers/hotos97.ps">Security
for extensible systems</A>.
In <CITE>Proceedings of the 6th Workshop on Hot Topics in Operating Sytems
(HotOS-VI)</CITE>, Cape Cod, Mass., May 1997.<P>
<!-- Authors: Robert Grimm and Brian N Bershad -->
<LI><A NAME="grimm98:providing"></A>Robert Grimm
and Brian N. Bershad.
<A HREF="http://www.cs.washington.edu/homes/rgrimm/papers/tr98-02-02.ps">Providing policy-neutral and transparent access control in extensible systems</A>.
Technical Report UW-CSE-98-02-02, University of Washington, Department of
Computer Science and Engineering, February 1998.<P>
<!-- Authors: David Hall and Jean Bacon and John Bates -->
<LI><A NAME="hall96:flexible"></A>David Hall, Jean
Bacon, and John Bates.
<A HREF="http://mosquitonet.stanford.edu/sigops96/papers/halls.ps">Flexible
distributed programming using mobile code</A>.
In <CITE>Proceedings of the Seventh ACM SIGOPS European Workshop</CITE>,
Connemara, Ireland, September 1996.<BLOCKQUOTE>We have designed and
implemented a mobile code system. It has been integrated with an existing
distributed programming environment that includes a Remote Procedure Call
(RPC) system, object interface definition language, a trader, an event system
and continuous media streams. This bespoke platform for distributed
programming has allowed us to experiment with mobile code and propose new
facilities.</BLOCKQUOTE>
<P>
<!-- Authors: David Halls -->
<LI><A NAME="halls97:applying"></A>David Halls.
<A HREF="http://www.cl.cam.ac.uk/users/dah28/thesis/thesis.html"><CITE>Applying
Mobile Code to Distributed Systems</CITE></A>.
PhD thesis, Computer Laboratory, University of Cambridge, June
1997.<BLOCKQUOTE>Use of mobile code can make distributed systems and the
abstractions they provide more flexible to build and use. <P> Richer
functionality can be given to the interaction between processes by allowing
code to be sent between them. More convenient, application-level operations
can be made over a network. By making higher order language features
transmissible, distributed components can be tightly bound together when they
communicate. At the same time, familiar distributed systems can be built
using mobile code. <P> Mobile code can make distributed systems adaptable to
application needs. Rather than fixing the interface to a resource and the
pattern of interaction with it, a minimal interface can be defined and code
implementing higher-level interfaces placed alongside it as and when
required. These higher-level interfaces can be application-specific, allowing
for interaction patterns that were unknown at the time the resource was made
available. Sending code close to a resource can also reduce network usage
because the point of interaction with it moves. <P> The combination of
document markup supporting hypertext and a language supporting state-saving
allows for stateful client-server sessions with stateless servers and
lightweight clients. Putting dormant mobile code in documents provides an
alternative to holding knowledge of application functionality on a server
machine or running arbitrary code on a client machine. <P> Mobile code helps
to support user mobility. Personalised environments that support state-saving
can follow a user between computers. Heterogeneous state-saving allows a
user's programs to be relocated between computers. By using a mobile code
system with language support for state-saving, applications can direct
arbitrary component migration without priming program servers with specific
support. <P> In summary, this dissertation supports the thesis that mobile
code can be used to enhance distributed systems.</BLOCKQUOTE>
<P>
<!-- Authors: Kenneth E Harker -->
<LI><A NAME="harker95:tias"></A>Kenneth E. Harker.
<A HREF="http://www.cs.dartmouth.edu/reports/abstracts/TR95-258/">TIAS: A
transportable intelligent agent system</A>.
Technical Report TR95-258, Department of Computer Science, Dartmouth College,
Hanover, N.H., 1995.
Also submitted as senior thesis.<BLOCKQUOTE>In recent years, there has been an
explosive growth in the amount of information available to our society. In
particular, the amount of information available on-line through vast networks
like the global Internet has been growing at a staggering rate. This growth
rate has by far exceeded the rate of growth in network speeds, as has the
number of individuals and organizations seeking access to this information.
There is thus a motivation to find abstract methods of manipulating this
on-line data in ways that both serve the needs of end users efficiently and
use network resources intelligently. In lieu of a traditional client-server
model of information processing, which is both inflexible and potentially
very inefficient, a Transportable Intelligent Agent system has the potential
to achieve a more efficient and flexible network system. An intelligent agent
is a program that models the information space for a user, and allows the
user to specify how the information is to be processed. A transportable agent
can suspend its execution, transport itself to a new location on a network,
and resume execution at the new location. This is a particularly attractive
model for both wireless and dialup networks where a user might not be able to
maintain a permanent network connection, as well as for situations where the
amount of information to be processed is large relative to the network
bandwidth. Preliminary work in the field has shown that such agent systems
are possible and deserve further study. This thesis describes a prototype
transportable intelligent agent system that extends work already done in the
field. Agents are written in a modified version of the Tcl programming
language and transported using TCP/IP connections. Several simple examples
demonstrate the properties of the system.</BLOCKQUOTE>
<P>
<!-- Authors: Colin G Harrison and David M Chess and Aaron Kershenbaum -->
<LI><A NAME="harrison95:mobile"></A>Colin G.
Harrison, David M. Chess, and Aaron Kershenbaum.
<A HREF="http://www.research.ibm.com/massdist/mobag.ps">Mobile agents: Are they
a good idea?</A>, March 1995.<BLOCKQUOTE>Mobile agents are programs,
typically written in a script language, which may be dispatched from a client
computer and transported to a remote server com- puter for execution. Several
authors have suggested that mobile agents offer an important new method of
performing transactions and information retrieval in networks. Other writers
have pointed out, however, that mobile agent introduce severe concerns for
security. We consider the advantages offered by mobile agents and assess them
against alternate methods of achieving the same function. We conclude that,
while the individual advantages of agents do not represent an overwhelming
motivation for their adoption, the creation of a pervasive agent framework
facilitates a very large number of network services and
applications.</BLOCKQUOTE>
<P>
<!-- Authors: Hermann Hartig and Lars Reuther -->
<LI><A NAME="hartig97:encapsulating"></A>Hermann Härtig and Lars Reuther.
Encapsulating mobile objects.
In <CITE>Proceedings of the 17th International Conference on Distributed
Computing Systems</CITE>, Baltimore, Md., May 1997.<P>
<!-- Authors: John Hartman and Udi Manber and Larry Peterson and Tood
Proebsting -->
<LI><A NAME="hartman96:liquid"></A>John Hartman, Udi
Manber, Larry Peterson, and Tood Proebsting.
<A HREF="ftp://ftp.cs.arizona.edu/xkernel/Papers/tr96-11.ps">Liquid software: A
new paradigm for networked systems</A>.
Technical Report 96-11, Department of Computer Science, University of Arizona,
Tucson, AZ, June 1996.<BLOCKQUOTE>This paper introduces the idea of
dynamically moving functionality in a network--between clients and servers,
and between hosts at the edge of the network and nodes inside the network. At
the heart of moving functionality is the ability to support mobile
code--code that is not tied to any single machine, but instead can easily
move from one machine to another. Mobile code has been studied mostly for
application-level code. This paper explores its use for all facets of the
network, and in a much more general way. Issues of efficiency, interface
design, security, and resource allocation, among others, are addressed. We
use the term liquid software to describe the complete
picture--liquidsoftware is an entire infrastructure for dynamically moving
functionality throughout a network. We expect liquid software to enble new
paradigms, such as active networks that allow users and applications to
customize the network by interjecting code into it.</BLOCKQUOTE>
<P>
<!-- Authors: Melissa Hirschl -->
<LI><A NAME="hirschl96:agdb"></A>Melissa Hirschl.
<A HREF="http://www.cs.dartmouth.edu/reports/abstracts/TR97-306/">AGDB: A
debugger for Agent Tcl</A>.
Technical Report TR97-306, Department of Computer Science, Dartmouth College,
Hanover, N.H., 1996.<BLOCKQUOTE>The Agent Tcl language is an extension of
Tcl/Tk that supports distributed programming in the form of transportable
agents. AGDB is a debugger for the Agent Tcl language. AGDB mixes of
traditional and distributed debugging facilities. Traditional debugging
features include breakpoints (line-specific, conditional, and once-only),
watch conditions and variables, and interrupts. Distributed-debugging
features address issues inherent in distributed programming such as migration
and communication. These capabilities make debugging distributed programs
difficult because they add complexities like race conditions to the set of
problems a program can encounter. This paper discusses how AGDB uses
distributed debugging features to debug agents.</BLOCKQUOTE>
<P>
<!-- Authors: Ophir Holder and Isreal Ben Shaul -->
<LI><A NAME="holder97:reflective"></A>Ophir
Holder and Isreal Ben-Shaul.
A reflective model for mobile software objects.
In <CITE>Proceedings of the 17th International Conference on Distributed
Computing Systems</CITE>, pages 339-346, Baltimore, Md., May 1997.<P>
<!-- Authors: Leon Hurst and Padraig Cunningham and Fergal Sommers -->
<LI><A NAME="hurst97:mobile"></A>Leon Hurst,
Pádraig Cunningham, and Fergal Sommers.
<A HREF="http://www.cs.tcd.ie/~lahurst/currentwork/papers/ma97/index.html">Mobile agents --- smart messages</A>.
In <CITE>Proceedings of the 1st International Workshop on Mobile Agents</CITE>,
Berlin, Germany, April 1997.
(to appear).<BLOCKQUOTE>Wireless communication with Mobile Computing devices is
known to be problematic. It is very different in character from conventional
communication over wired networks. Since many distributed applications make
assumptions about network characteristics, they may not be used in a hostile
mobile environment. <P> We are proposing a new kind of messaging system
which incorporates adaptive behaviour into the messages themselves. We call
these 'Smart Messages', and implement them using Mobile Agents. They are
transported between machines via Agent Airports. The metaphor we use is of a
message being delivered by a courier (Mobile Agent), through Agent Airports,
on a potentially unresolved route. The 'intelligence' is in the messages
(couriers in our metaphor) themselves rather than in the network. <P> The
approach taken expands on the self-routing capabilities of current Mobile
Agent systems such as Aglets or Telescript. We aim to provide structured
support for handling the particular problems associated with wireless
communications. These include very limited, variable and asymmetric
bandwidth, frequent and prolonged disconnections, geographical mobility and
high usage costs. We argue that this offers an efficient, adaptable and
robust solution to many of the problems associated with this hostile
communications environment.</BLOCKQUOTE>
<P>
<!-- Authors: Jeremy Hylton and van Rossum Guido -->
<LI><A NAME="hylton96:using"></A>Jeremy Hylton
and Guido van Rossum.
<A HREF="http://the-tech.mit.edu/~jeremy/finland-submit.ps">Using the
knowbot operating environment in a wide-area network</A>.
In <CITE>3rd ECOOP Workshop on Mobile Object Systems</CITE>,
Jyvälskylä, Finland, June 1997.<BLOCKQUOTE>Mobile agents can optimize
their communication patterns to reduce bandwidth and latency and can adapt to
changes in network service. We report on use of the Knowbot Operating
Environment to support mobile agents in a wide-area network. Experiments with
an application that monitors Web pages for changes show that a mobile program
can outperform its stationary counterpart. The performance benefits are
obtained by moving clients within the network to reduce the costs of
wide-area network connections.</BLOCKQUOTE>
<P>
<!-- Authors: Jeremy Hylton and Ken Manheimer and Drake Jr Fred L and Barry
Warsaw and Roger Masse and van Rossum Guido -->
<LI><A NAME="hylton96:knowbot"></A>Jeremy Hylton, Ken
Manheimer, Fred L. Drake, Jr., Barry Warsaw, Roger Masse, and Guido van
Rossum.
<A HREF="http://www.cnri.reston.va.us/home/koe/iwooos.html">Knowbot
programming: System support for mobile agents</A>.
In <CITE>Proceedings of the Fifth International Workshop on Object Orientation
in Operating Systems</CITE>, pages 8-13, Seattle, Wash., October
1996.<BLOCKQUOTE>Knowbot ® Programs are mobile agents intended for use in
widely distributed systems like the Internet. We describe our experiences
implementing security, process migration, and inter-process communication in
a prototype system implemented using the object-oriented programming language
Python. This infrastructure supports applications that are composed of
multiple, autonomous agents that can migrate to use network resources more
efficiently.</BLOCKQUOTE>
<P>
<!-- Authors: Cristian Ionitoiu -->
<LI><A NAME="ionitiu96:designing"></A>Cristian Ionitoiu.
<A HREF="http://cuiwww.unige.ch/~ecoopws/ws96/6.ps.gz">Designing agents for
archie and ftp sessions in Obliq</A>.
In <CITE>2nd ECOOP Workshop on Mobile Object Systems</CITE>, pages 49-51,
Linz, Austria, July 1996.<BLOCKQUOTE>This extended abstract presents a
solution based on mobile agents forarchie/ftp sessions on Internet. Due to
the increased rate ofinteractivity, which imposes relatively long connection
periods,required by these services, their use is not appropriate for mobile
stations. This solution provides mobile user access to these services while
keeping a low rate of the connections.</BLOCKQUOTE>
<P>
<!-- Authors: Trent Jaeger and Aviel D Rubin and Atul Prakash -->
<LI><A NAME="jaeger96:building"></A>Trent Jaeger,
Aviel D. Rubin, and Atul Prakash.
<A HREF="http://www.eecs.umich.edu/~jaegert/usenix96.ps">Building systems
that flexibly control downloaded executable content</A>.
In <CITE>Proceedings of the 6th Usenix Security Symposium</CITE>, pages
131-148, San Jose, Ca., July 1996.<BLOCKQUOTE>Downloading executable
content, which enables principals to run programs from remote sites, is a key
technology in a number of emerging applications, including collaborative
systems, electronic commerce, and web information services. However, the use
of downloaded executable content also presents serious security problems
because it enables remote principals to execute programs on behalf of the
downloading principal. Unless downloaded executable content is properly
controlled, a malicious remote principal may obtain unauthorized access to
the downloading principal's resources. Current solutions either attempt to
strictly limit the capabilities of downloaded content or require complete
trust in the remote principal, so applications which require intermediate
amounts of sharing, such as collaborative applications, cannot be constructed
over insecure networks. In this paper, we describe an architecture that
flexibly controls the access rights of downloaded content by: (1)
authenticating content sources; (2) determining content access rights based
on its source and the application that it is implementing; and (3) enforcing
these access rights over a wide variety of objects and for the entire
computation, even if external software is used. We describe the architecture
in the context of an infrastructure for supporting collaborative
applications.</BLOCKQUOTE>
<P>
<!-- Authors: Trent Jaeger and Aviel D Rubin and Atul Prakash -->
<LI><A NAME="jaeger96:system"></A>Trent Jaeger,
Aviel D. Rubin, and Atul Prakash.
A system architecture for flexible control of downloaded executable content.
In <CITE>Proceedings of the Fifth International Workshop on Object Orientation
in Operating Systems</CITE>, pages 14-18, Seattle, Wa., October 1996.<P>
<!-- Authors: Dag Johansen and van Renesse Robbert and Fred B Schneider -->
<LI><A NAME="johansen94">Dag</A> Johansen, Robbert
van Renesse, and Fred B. Schneider.
<A HREF="http://cs-tr.cs.cornell.edu/TR/CORNELLCS:TR94-1468">Operating system
support for mobile agents</A>.
In <CITE>Proceedings of the 5th IEEE Workshop on Hot Topics in Operating
Systems</CITE>, pages 42-45, Orcas Island, Wash., May 1994.
Also available as Technical Report TR94-1468, Department of Computer Science,
Cornell University.<BLOCKQUOTE>An ``agent'' is a process that may migrate
through a computer network in order to satisfy requests made by its clients.
Agents implement a computational metaphor that is analogous to how most
people conduct business in their daily lives: visit a place, use a service
(perhaps after some negotiation), and then move on. Thus, for the computer
illiterate, agents are an attractive way to describe network-wide
computations. Agents are also useful abstractions for programmers who must
implement distributed applications. This is because in the agent metaphor,
the processor or ``place'' the computation is performed is not hidden from
the programmer, but the communications channels are. Most current research on
agents has focused on language design and application issues. The TACOMA
project (Tromso And COrnell Moving Agents) has, instead, focused on operating
system support for agents and how agents can be used to solve problems
traditionally addressed by operating systems. We have implemented prototype
systems to support agents using UNIX and using Tcl/Tk on top of Horus. This
paper outlines insights and questions based on that experience. We discuss
abstractions needed by an operating system to support agents, and discuss
some problems that arise in connection with electronic commerce involving
agents.</BLOCKQUOTE>
<P>
<!-- Authors: Dag Johansen and van Renesse Robbert and Fred B Schneider -->
<LI><A NAME="johansen95:introduction"></A>Dag
Johansen, Robbert van Renesse, and Fred B. Schneider.
<A HREF="http://www.cs.uit.no/Lokalt/Rapporter/Reports/9523.html">An
introduction to the TACOMA distributed system</A>.
Technical Report 95-23, Department of Computer Science, University of Tromsø,
Tromsø, Norway, June 1995.<BLOCKQUOTE>This report briefly introduces TACOMA
Version 1.0. This distributed system supports agents, computations that can
roam the internet. The report presents the TACOMA project, the computational
model, how to get started, and the basic TACOMA abstractions.</BLOCKQUOTE>
<P>
<!-- Authors: Dag Johansen and van Renesse Robbert and Fred B Schneider -->
<LI><A NAME="johansen96:supporting"></A>Dag
Johansen, Robbert van Renesse, and Fred B. Schneider.
<A HREF="http://www.cs.uit.no/DOS/Tacoma/tacoma.webpages/SIGOPS.tac-www.ps">Supporting broad internet access to TACOMA</A>.
In <CITE>Proceedings of the Seventh ACM SIGOPS European Workshop</CITE>, pages
55-58, Connemara, Ireland, September 1996.<P>
<!-- Authors: Dag Johansen and Kjetil Jacobsen and Nils P Sudmann and Kaare J
Lauvset and Kenneth P Birman and Werner Vogels -->
<LI><A NAME="johansen97:using"></A>Dag Johansen,
Kjetil Jacobsen, Nils P. Sudmann, Kaare J. Lauvset, Kenneth P. Birman, and
Werner Vogels.
<A HREF="http://cs-tr.cs.cornell.edu/TR/CORNELLCS:TR97-1655">Using software
design patterns to build distributed environmental monitoring
applications</A>.
Technical Report TR97-1655, Cornell University, Department of Computer Science,
Ithaca, NY, December 1997.<P>
<!-- Authors: Dag Johansen and Nils P Sudmann and van Renesse Robbert -->
<LI><A NAME="johansen97:performance"></A>Dag
Johansen, Nils P. Sudmann, and Robbert van Renesse.
<A HREF="http://www.cs.uit.no/DOS/Tacoma/tacoma.webpages/ECOOP.tacoma.ps">Performance issues in TACOMA</A>.
In <CITE>3rd ECOOP Workshop on Mobile Object Systems</CITE>,
Jyvälskylä, Finland, June 1997.<P>
<!-- Authors: Wouter Joosen and Frank Matthis and van Oeyen Johan and Bert
Robben -->
<LI><A NAME="joosen96:flexible"></A>Wouter Joosen,
Frank Matthis, Johan van Oeyen, and Bert Robben.
On flexible support for mobile objects.
In <CITE>Proceedings of the Fifth International Workshop on Object Orientation
in Operating Systems</CITE>, pages 3-7, Seattle, Wa., October 1996.<P>
<!-- Authors: Anthony D Joseph and Alan F deLespinasse and Joshua A Tauber and
David K Gifford and M Frans Kaashoek -->
<LI><A NAME="joseph95">Anthony</A> D. Joseph, Alan F.
deLespinasse, Joshua A. Tauber, David K. Gifford, and M. Frans Kaashoek.
<A HREF="http://www.pdos.lcs.mit.edu/papers/rover-sosp95.ps.gz">Rover: A
toolkit for mobile information access</A>.
In <CITE>Proceedings of the 15th ACM Symposium on Operating Systems
Principles</CITE>, pages 156-171, Copper Mountain, Co., December
1995.<BLOCKQUOTE>The Rover toolkit combines relocatable dynamic objects
andqueued remote procedure calls to provide unique services for ``roving''
mobile applications. A relocatable dynamic object is an object with a
well-defined interface that can be dynamically loaded into a client computer
from a server computer (or vice versa) to reduce client-server communication
requirements. Queuedremote procedurecall is a communication system that
permits applications to continue to makenon-blockingremote procedure call
requests even whena host is disconnected, with requests and responses being
exchangedupon network reconnection. The challenges of mobile environments
include intermittent connectivity, limited bandwidth, and channel-use
optimization. Experimental results from a Rover-based mail reader, calendar
program, and two non-blocking versions of World-Wide Web browsers show that
Rover's services are a good match to these challenges. The Rover toolkit also
offers advantages for workstation applications by providing a uniform
distributed object architecture for code shipping, object caching, and
asynchronous object invocation.</BLOCKQUOTE>
<P>
<!-- Authors: Eric Jul and Henry Levy and Norman Hutchinson and Andrew Black
-->
<LI><A NAME="jul88">Eric</A> Jul, Henry Levy, Norman
Hutchinson, and Andrew Black.
<A HREF="ftp://ftp.diku.dk/pub/diku/dists/emerald/papers.tar.Z">Fine-grained
mobility in the Emerald system</A>.
<CITE>ACM Transactions on Computer Systems</CITE>, 6(1):109-133, February
1988.<BLOCKQUOTE>Emerald is an object-based language and system designed for
the construction of distributed programs. An explicit goal of Emerald is
support for object mobility; objects in Emerald can freely move within the
system to take advantage of distribution and dynamically changing
environments. We say that Emerald has <EM>fine-grained</EM> mobility because
Emerald objects can be small data objects as well as process objects.
Fine-grained mobility allows us to apply mobility in new ways but presents
implementation problems as well. This paper discusses the benefits of
fine-grained mobility, the Emerald language and run-time mechanisms that
support mobility, and techniques for implementing mobility that do not
degrade the performance of local operations. Performance measurements of the
current implementation are included.</BLOCKQUOTE>
<P>
<!-- Authors: Robert E Kahn and Vinton G Cerf -->
<LI><A NAME="kahn88">Robert</A> E. Kahn and Vinton G.
Cerf.
The Digital Library Project, volume I: The world of Knowbots.
Unpublished manuscript, Corporation for National Research Initiatives, Reston,
Va., March 1988.<P>
<!-- Authors: Gnter Karjoth and Danny B Lange and Mitsuru Oshima -->
<LI><A NAME="karjoth97:security"></A>Günter Karjoth,
Danny B. Lange, and Mitsuru Oshima.
A security model for agents.
<CITE>IEEE Internet Computing</CITE>, 1(4), July/August 1997.<BLOCKQUOTE>Mobile
agents offer a new paradigm for distributed computation, but their potential
benefits must be weighed against the very real security threats they pose.
These threats originate not just in malicious agents but in malicious hosts
as well. <P> In this article, we present our security model for the IBM
Aglets Workbench, a Java-based environment for building mobile agent
applications. We detail both the security model and the corresponding
security architecture that represents a framework for the inclusion of
security services in future releases of the AWB. This work therefore
represents an additional step toward the comprehensive security model
required for widespread commercial adoption of mobile agent systems to
occur.</BLOCKQUOTE>
<P>
<!-- Authors: Kazuhiko Kato and Kunihiko Toumura and Katsuya Matsubara and
Susumu Aikawa and Jun Yoshida and Kenji Kono and Kenjiro Taura and Tatsurou
Sekiguchi -->
<LI><A NAME="kato96:protected"></A>Kazuhiko Kato,
Kunihiko Toumura, Katsuya Matsubara, Susumu Aikawa, Jun Yoshida, Kenji Kono,
Kenjiro Taura, and Tatsurou Sekiguchi.
<A HREF="http://cuiwww.unige.ch/~ecoopws/ws96/2.ps.gz">Protected and secure
mobile object computing in PLANET</A>.
In <CITE>2nd ECOOP Workshop on Mobile Object Systems</CITE>, Linz, Austria,
July 1996.<BLOCKQUOTE>Worldwide networks such as the Internet are becoming
very popular, so distributed computing environments for such networks are in
high demand. We think the design of such an environment should be based on a
mobile-object computing model and are therefore designing a mobile-object
system called Planet. One of the most significant issues in designing mobile
object systems for world-wide networks is to provide the control needed to
assure the protection and security of mobile objects and of computing
resources. In this paper we describe our approach to this issue.</BLOCKQUOTE>
<P>
<!-- Authors: Kazuhiko Kato -->
<LI><A NAME="kato97:safe"></A>Kazuhiko Kato.
Safe and secure execution mechanisms for mobile objects.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 157-176. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<P>
<!-- Authors: Joseph Kiniry and Daniel Zimmerman -->
<LI><A NAME="kiniry97:handson"></A>Joseph
Kiniry and Daniel Zimmerman.
A hands-on look at java mobile agents.
<CITE>IEEE Internet Computing</CITE>, 1(4), July/August
1997.<BLOCKQUOTE>Several companies riding the current wave of popularity of
Java want to let you play in the mobile agent sandbox. Each claims that
mobile agent technologies are going to change the way we live and work, and
each wants to be the company that provides the breakthrough system we all end
up using. What do these agent systems actually do and, more importantly, what
distinguishes one agent system from another? <P> To help answer these
questions, we downloaded three of the leading commercial systems-IBMs Aglets,
General Magics Odyssey, and ObjectSpaces Voyager-and looked at issues such as
ease of installation, feature set, documentation, and cost. We also discuss
new capabilities of Java 1.1 that show promise as simple yet powerful means
to create mobile agent systems. We conclude with a brief look at the ways in
which mobile agents are currently being used and the limitations of todays
technologies.</BLOCKQUOTE>
<P>
<!-- Authors: Frederick C Knabe -->
<LI><A NAME="knabe95:language"></A>Frederick C. Knabe.
<A HREF="ftp://reports.adm.cs.cmu.edu/usr0/anon/1995/CMU-CS-95-223.ps.Z"><CITE>Language Support for Mobile Agents</CITE></A>.
PhD thesis, Carnegie Mellon University, Paittsburgh, Pa., December 1995.
Also available as Carngie Mellon School of Computer Science Technical Report
CMU-CS-95-223 and European Computer Industry Centre Technical Report
ECRC-95-36.<BLOCKQUOTE>Mobile agents are code-containing objects that may be
transmitted between communicating participants in a distributed system. As
opposed to systems that only allow the exchange of nonexecutable data,
systems incorporating mobile agents can achieve significant gains in
performance and functionality. <P> A programming language for mobile agents
must be able to express their construction, transmission, receipt, and
subsequent execution. Its implementation must handle architectural
heterogeneity between communicating machines and provide sufficient
performance for applications based on agents. In addition to these essential
properties, an agent language may support desirable properties such as
high-level abstractions for code manipulation and the ability to access
resources on remote execution sites. <P> We designed and implemented an
agent programming language that satisfies the essential properties and a
number of desirable ones. A key feature of our language is the use of strong
static typing for remote resource access. Agents may be linked dynamically to
resources on remote sites, and this linking is always guaranteed to be type
safe. We provide this guarantee without requiring that all components of an
agent-based system be compiled together. <P> Our language also includes
several features to improve the performance of mobile agents. Before an agent
is transmitted, it is trimmed of values that are expected to be available on
the recipient, thus shrinking transmissions. Agents may be interpreted or
compiled depending on the application and the relative performance
trade-offs. When compilation is used, it is done lazily: Each component of an
agent is only compiled as it is needed. Furthermore, machine-specific
representations for an agent can be transmitted with machine-independent
ones, opening the possibility for recipients to skip compilation or
interpretation altogether. <P> To evaluate our language and to explore the
potential of mobile agents, we developed a programming framework for agents.
Several applications were implemented by other programmers within this
framework using our language. Their work served to validate our design and
our choice of agent language properties. We also analyzed the performance of
our language on these applications and several synthetic benchmarks. The
analysis shows that the features we incorporated into the implementation
significantly improve performance.</BLOCKQUOTE>
<P>
<!-- Authors: Frederick C Knabe -->
<LI><A NAME="knabe96:overview"></A>Frederick C. Knabe.
<A HREF="http://matecumbe.ing.puc.cl/~knabe/lomaps96.ps.gz">An overview of
mobile agent programming</A>.
In <CITE>Proceedings of the 5th LOMAPS Workshop on Analysis and Verification of
Multiple-Agent Languages</CITE>, Stockholm, Sweden, June
1996.<BLOCKQUOTE>Mobile agents are code-containing objects that may be
transmitted between communicating participants in a distributed system.
Compared to systems that only allow the exchange of nonexecutable data, those
incorporating mobile agents can achieve significant gains in performance and
functionality. <P> Languages with first-class functions provide a good
starting point for agent programming, as they make it easy to express the
construction, transmission, receipt, and subsequent execution of agents.
However, for developing real agent-based systems, a language implementation
must handle architectural heterogeneity between communicating machines and
provide sufficient performance for applications based on agents. In addition,
agents need to be able to access resources on remote execution sites yet
remain in a framework that provides sufficient security. <P> In this paper
we consider the uses of mobile agents and how a distributed functional
language can be extended to support them. We review other agent languages and
present several observations on how further work in this area may
proceed.</BLOCKQUOTE>
<P>
<!-- Authors: Frederick Knabe -->
<LI><A NAME="knabe97:performance"></A>Frederick Knabe.
<A HREF="http://matecumbe.ing.puc.cl/~knabe/performance97.ps.gz">Performance-oriented implementation strategies for a mobile agent language</A>.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 229-244. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>The use of larger and
more complex mobile agents in distributed applications has created a need for
agent programming systems that deliver better performance. The implementation
of Extended Facile, a mobile agent language, uses several strategies to boost
performance. We review four main techniques: allowing agents to use different
transmissible representations, optimistically transmitting machine code with
agents, stripping agents of data and code that can be found at their
recipients before transmitting them, and performing agent compilation lazily.
Quantitative measurements show that these methods can boost absolute and
relative performance.</BLOCKQUOTE>
<P>
<!-- Authors: Keith Kotay and David Kotz -->
<LI><A NAME="kotay96:transportable"></A>Keith Kotay
and David Kotz.
<A HREF="http://www.cs.dartmouth.edu/~dfk/papers/kotay:agents.html">Transportable agents</A>.
In <CITE>Proceedings of the CIKM Workshop on Intelligent Information
Agents</CITE>, Gaithersburg, Md., December 1994.<BLOCKQUOTE>As network
information resources grow in size, it is often most efficient to process
queries and updates at the site where the data is located. This processing
can be accomplished by using a traditional client-server network interface,
which constrains the client to the set of queries supported by the server, or
requires the server to send all data to the client for processing. The former
is inflexible; the latter is inefficient. Transportable agents, which support
the movement of the client computation to the location of the remote
resource, have the potential to be more flexible and more efficient.
Transportable agents are capable of suspending their execution, transporting
themselves to another host on a network, and resuming execution from the
point at which they were suspended. Transportable agents consume fewer
network resources and can support systems that do not have permanent network
connections, such as mobile computers and personal digital assistants. We
describe a prototype transportable-agent implementation that facilitates
research in this area. Agents are written in a script language that supports
agent relocation, and the language is processed at each host by an agent
interpreter. Electronic mail is the current transport mechanism and we plan
to explore others. We present a technical-report searching agent as a
demonstration of the capabilities of our prototype
implementation.</BLOCKQUOTE>
<P>
<!-- Authors: Dietmar Kottmann and Christian Sommer -->
<LI><A NAME="kottmann96:stublets"></A>Dietmar
Kottmann and Christian Sommer.
<A HREF="http://www.di.uminho.pt/~rco/wmr96/sommer.ps.gz">Stublets: A notion
for mobility-aware application adaption</A>.
In <CITE>ECOOP'96 Workshop on Mobility and Replication</CITE>, Linz, Austria,
July 1996.<P>
<!-- Authors: David Kotz and Robert S Gray and Daniela Rus -->
<LI><A NAME="kotz96:mobile"></A>David Kotz, Robert S.
Gray, and Daniela Rus.
<A HREF="http://www.cs.dartmouth.edu/~dfk/papers/kotz:agents.html">Mobile
agents support worldwide applications</A>.
In <CITE>Proceedings of the Seventh ACM SIGOPS European Workshop</CITE>, pages
41-48, Connemara, Ireland, September 1996.<BLOCKQUOTE>Worldwide applications
exist in an environment that is inherently distributed, dynamic,
heterogeneous, insecure, unreliable, and unpredictable. In particular, the
latency and bandwidth of network connections varies tremendously from place
to place and time to time, particularly when considering wireless networks,
mobile devices, and satellite connections. Applications in this environment
must be able to adapt to different and changing conditions. We believe that
transportable autonomous agents provide an excellent mechanism for the
construction of such applications. We describe our prototype
transportable-agent system and several applications.</BLOCKQUOTE>
<P>
<!-- Authors: David Kotz and Robert Gray and Saurab Nog and Daniela Rus and
Sumit Chawla and George Cybenko -->
<LI><A NAME="kotz97:agent"></A>David Kotz, Robert Gray,
Saurab Nog, Daniela Rus, Sumit Chawla, and George Cybenko.
<A HREF="http://computer.org/internet/ic1997/w4058abs.htm">Agent TCL:
Targeting the needs of mobile computers</A>.
<CITE>IEEE Internet Computing</CITE>, 1(4):58-67, July/August
1997.<BLOCKQUOTE>Mobile computers have become increasingly popular as users
discover the benefits of having their electronic work available at all times.
However, because network conditions vary from connection to connection, using
Internet resources from a mobile platform is a major challenge. Mobile agents
are one solution. A mobile agent is an autonomous program that can move from
machine to machine in a heterogeneous network under its own control. It can
suspend its execution at any point, transport itself to a new machine, and
resume execution on the new machine from the point at which it left off. On
each machine, it interacts with service agents and other resources to
accomplish its task, returning to its home site with a final result when that
task is finished. <P> Agent Tcl is a mobile-agent system whose agents can be
written in Tcl, Java, and Scheme. Agent Tcl has extensive navigation and
communication services, security mechanisms, and debugging and tracking
tools. In this article we focus on Agent Tcls architecture and security
mechanisms, its RPC system, and its docking system, which lets an agent move
transparently among mobile computers, regardless of when they are connected
to the network.</BLOCKQUOTE>
<P>
<!-- Authors: David Kotz and Robert Gray and Saurab Nog and Daniela Rus and
Sumit Chawla and George Cybenko -->
<LI><A NAME="kotz98:mobile"></A>David Kotz, Robert Gray,
Saurab Nog, Daniela Rus, Sumit Chawla, and George Cybenko.
Mobile agents for mobile computing.
In <CITE>Mobility, Mobile Agents, and Process Migration-An Edited
Collection</CITE>. Addison Wesley, 1998.
To appear.<P>
<!-- Authors: Danny B Lange and Mitsuru Ishima -->
<LI><A NAME="lange98:programming"></A>Danny B.
Lange and Mitsuru Ishima.
<CITE>Program and Deploying Java Mobile Agents with Aglets</CITE>.
Addison-Wesley, 1998.<P>
<!-- Authors: Weiyi Li and David G Messerschmitt -->
<LI><A NAME="li96:mobile"></A>Weiyi Li and
David G. Messerschmitt.
<A HREF="http://ptolemy.eecs.berkeley.edu/~messer/PAPERS/96/ResAlloc1/">Mobile agent-based network signaling for resource negotiations</A>.
In <CITE>Workshop on Resource Allocation Problems in Multimedia Systems, IEEE
Real-Time Systems Symposium</CITE>, Washington, DC, December 1996.<P>
<!-- Authors: Gary McGraw and Edward M Felten -->
<LI><A NAME="mcgraw96:java"></A>Gary McGraw and
Edward M. Felten.
<CITE>Java Security: Hostile Applets, Holes, & Antidote</CITE>.
John Wiley and Sons, New York, 1996.<P>
<!-- Authors: Yaron Minsky and van Renesse Robbert and Fred B Schneider and
Scott D Stoller -->
<LI><A NAME="minsky96:cryptographic"></A>Yaron Minsky,
Robbert van Renesse, Fred B. Schneider, and Scott D. Stoller.
<A HREF="http://www.cs.uit.no/DOS/Tacoma/tacoma.webpages/SIGOPS.ft-agents.ps">Cryptographic support for fault-tolerant distributed computing</A>.
In <CITE>Proceedings of the Seventh ACM SIGOPS European Workshop</CITE>, pages
109-114, Connemara, Ireland, September 1996.<P>
<!-- Authors: Mira da Silva Miguel and Malcolm Atkinson -->
<LI><A NAME="dasilva96:combining"></A>Miguel Mira da Silva and Malcolm Atkinson.
<A HREF="http://www.dcs.gla.ac.uk/~mms/publications-abstracts.html#ECOOP96">Combining mobile agents with persistent systems: Opportunities and
challenges</A>.
In <CITE>2nd ECOOP Workshop on Mobile Object Systems</CITE>, pages 36-40,
Linz, Austria, July 1996.<BLOCKQUOTE>In the last three years we have been
working with persistence anddistribution, in particular migration of
higher-level objects (such asprocedures) between autonomous persistent
programs. In this paper weintroduce persistence and the suitability of
Napier88, the persistentsystem we have used for our experiments, as an agent
language. We thenpresent a few examples of opportunities and many more
challenges thatexist in the combination of persistence with
agents.</BLOCKQUOTE>
<P>
<!-- Authors: Mira da Silva Miguel -->
<LI><A NAME="dasilva97:mobility"></A>Miguel Mira da
Silva.
Mobility and persistence.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 157-176. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>In the last three years
we have been working with persistence and distribution, in particular
migration of higher-level objects between autonomous persistent programs. In
this chapter we introduce persistence and then present a few examples of
opportunities and many more challenges that exist in the combination of
persistence and mobility.</BLOCKQUOTE>
<P>
<!-- Authors: George C Necula and Peter Lee -->
<LI><A NAME="necula96:proof"></A>George C. Necula
and Peter Lee.
<A HREF="http://www.cs.cmu.edu/afs/cs/usr/necula/papers/tr165.ps">Proof-carrying code</A>.
Technical Report CMU-CS-96-165, School of Computer Science, Carnegie Mellon
University, Pittsburgh, Pa., November 1996.<BLOCKQUOTE>This report describes
Proof-Carrying Code, a software mechanism that allows a host system to
determine with certainty that it is safe to execute a program supplied by an
untrusted source. For this to be possible, the untrusted code supplier must
provide with the code a safety proof that attests to the code's safety
properties. The code consumer can easily and quickly validate the proof
without using cryptography and without consulting any external agents. In
order to gain preliminary experience with proof-carrying code, we have
performed a series of case studies. In one case study, we write safe
assembly-language network packet filters. These filters can be executed with
no run-time overhead, beyond a one-time cost of 1 to 3 milliseconds for
validating the attached proofs. The net result is that our packet filters are
formally guaranteed to be safe and are faster than packet filters created
using Berkeley Packet Filters, Software Fault Isolation, or safe languages
such as Modula-3. In another case study we show how proof-carrying code can
be used to develop safe assembly-language extensions of the a simplified
version of the TIL run-time system for Standard ML.</BLOCKQUOTE>
<P>
<!-- Authors: George C Necula and Peter Lee -->
<LI><A NAME="necula96:safe"></A>George C. Necula and
Peter Lee.
<A HREF="http://www.cs.cmu.edu/afs/cs.cmu.edu/user/necula/www/osdi96.ps.gz">Safe kernel extensions without run-time checking</A>.
In <CITE>Proceedings of the Second Symposium on Operating System Design and
Implementation</CITE>, Seattle, Wa., October 1996.<BLOCKQUOTE>This paper
describes a mechanism by which an operating system kernel can determine with
certainty that it is safe to execute a binary supplied by an untrusted
source. The kernel first defines a safety policy and makes it public. Then,
using this policy, an application can provide binaries in a special form
called proof-carrying code, or simply PCC. Each binary contains, in addition
to the native code, a formal proof that the code obeys the safety policy. The
kernel can easily validate the proof without using cryptography and without
consulting any external trusted entities. If the validation succeeds, the
code is guaranteed to respect the safety policy without relying on run-time
checks. <P> The main practical difficulty of is in generating the safety
proofs. In order to gain some preliminary experience with this, we have
written several network packet filters in hand-tuned DEC Alpha assembly
language, and then generated binaries for them using a special prototype
assembler. The binaries can be executed with no run-time overhead, beyond a
one-time cost of 1 to 3 milliseconds for validating the enclosed proofs. The
net result is that our packet filters are formally guaranteed to be safe and
are faster than packet filters created using Berkeley Packet Filters,
Software Fault Isolation, or safe languages such as Modula-3.</BLOCKQUOTE>
<P>
<!-- Authors: George C Necula and Peter Lee -->
<LI><A NAME="necula97:safe"></A>George C. Necula and
Peter Lee.
<A HREF="http://www.cs.cmu.edu/afs/cs.cmu.edu/user/necula/www/lncs98.ps.gz">Safe, untrusted agents using proof-carrying code</A>.
Submitted for an LNCS Special Volume on Mobile Agent Security., October
1997.<BLOCKQUOTE>This paper is intended to be both a comprehensive
implementation guide for a Proof-Carrying Code system and a case study for
using PCC in a mobile agent environment. Specifically, the paper describes
the use of PCC for enforcing memory safety, access control and resource usage
bounds for untrusted agents that access a database.</BLOCKQUOTE>
<P>
<!-- Authors: George C Necula -->
<LI><A NAME="necula97:proof"></A>George C. Necula.
<A HREF="http://www.cs.cmu.edu/afs/cs.cmu.edu/user/necula/www/popl97.ps.gz">Proof-carrying code</A>.
In <CITE>Proceedings of the 24th ACM Symposium on Principles of Programming
Languages</CITE>, Paris, France, January 1997.<BLOCKQUOTE>This paper
describes proof-carrying code (PCC), a mechanism by which a host system can
determine with certainty that it is safe to execute a program supplied
(possibly in binary form) by an untrusted source. For this to be possible,
the untrusted code producer must supply with the code a safety proof that
attests to the code's adherence to a previously defined safety policy. The
host can then easily and quickly validate the proof without using
cryptography and without consulting any external agents. <P> In order to
gain preliminary experience with PCC, we have performed several case studies.
We show in this paper how proof-carrying code might be used to develop safe
assembly-language extensions of ML programs. In the context of this case
study, we present and prove the adequacy of concrete representations for the
safety policy, the safety proofs, and the proof validation. Fi- nally, we
briefly discuss how we use proof-carrying code to develop network packet
filters that are faster than similar filters developed using other techniques
and are formally guaranteed to be safe with respect to a given operating
system safety policy.</BLOCKQUOTE>
<P>
<!-- Authors: Saurab Nog and Sumit Chawla and David Kotz -->
<LI><A NAME="nog96:rpc"></A>Saurab Nog, Sumit Chawla, and
David Kotz.
<A HREF="http://www.cs.dartmouth.edu/reports/abstracts/TR96-280/">An RPC
mechanism for transportable agents</A>.
Technical Report TR96-280, Department of Computer Science, Dartmouth College,
Hanover, N.H., 1996.<P>
<!-- Authors: Akihiko Ohsuga and Yasuo Nagai and Yutaka Irie and Masanori
Hattori and Shinichi Honiden -->
<LI><A NAME="oshuga97:plangent"></A>Akihiko Ohsuga,
Yasuo Nagai, Yutaka Irie, Masanori Hattori, and Shinichi Honiden.
Plangent: An approach to making mobile agents intelligent.
<CITE>IEEE Internet Computing</CITE>, 1(4), July/August
1997.<BLOCKQUOTE>Network environments allow computer users to employ
distributed information and services to complete a task. However, gathering
information and using services distributed in networks requires knowing
exactly what kinds of information and services are required for a task, where
they are, and how they can be obtained or utilized. Tracking down the answers
to these questions can be difficult, time-consuming tasks. Mobile agent
technology is expected to free users from these tasks. Instead of the user
searching, ïntelligent mobile agents will comprehend the users
requirements, search network nodes autonomously for appropriate information
and services, and return with the answers. <P> We developed a model based on
the ability of agents to make flexible plans. The Plangent system enables
mobile agents to make a plan based on user input and adopt it accordingly to
information gathered from the network. In this article, we describe how we
combined planning functions with mobile agent facilities, and show how the
agents behave intelligently in an example application of personal travel
assistance.</BLOCKQUOTE>
<P>
<!-- Authors: Craig Partridge -->
<LI><A NAME="partridge92:late"></A>Craig Partridge.
<CITE>Late-Binding RPC: A Paradigm for Distributed Computation in a Gigabit
Environment</CITE>.
PhD thesis, Harvard University, Cambridge, Ma., March
1992.<BLOCKQUOTE>Computers and data networks continue to get faster. However
computers and networks are geting faster in different ways. This difference
is best illustrated by an example. Consider the problem of making a car
faster. A 100-times improvement in speed would imply cars with cruising
speeds of about 600 miles per hour. Computers are getting faster like cars
get faster; they perform more instructions per second. Now imagine giving the
car more storage space, while keeping its maximum speed constant. A 100-times
improvement yeilds a ca that can hold 100-tomes more luggage, but stilll only
goes 60 miles per hour. Networks are getting faster like larger cars, they
send more bitss per packet because the speed of limit limits how fast a
packet can get from one place to another. This thesis examines the
implcations of this difference for the future of distributed computing. The
thesis identifies four major implication: itemize The performance difference
is permanent.. The speed of light is constant and there is no hope of
reducing the network delay. The time spent waiting for data to cross the
network will soon become the largest part of most programs' run-time. A
single exchange of packets will take far more time than executing all the
application's instructions. Due to their differing latencies, LANs and WANs
will probably continue to exhibit different performance characteristics for
some time to come. Popular distributed computing paradigms such as RPC do not
appear to scale well to an environment in which network delays are long.
itemize The thesis also presents a novel paradigm for distributed computation
call late-binding in which applications send arbitrary pieces of code to
arbitrary remote systems for evaluation. It is argued that this paradigm can
give optimal performance in the number of network transits required to
complete a computation. A model of distributed computation is developed and
used to show that optimizing network transits will usually be the determining
factor for the performance of distributed applications. Finally, it is shown
that implementing late-binding is feasible.</BLOCKQUOTE>
<P>
<!-- Authors: Holger Peine and Torsten Stolpmann -->
<LI><A NAME="peine-97-architecture"></A>Holger
Peine and Torsten Stolpmann.
<A HREF="http://www.uni-kl.de/AG-Nehmer/Ara/Doc/architecture.ps.gz">The
architecture of the Ara platform for mobile agents</A>.
In <CITE>Proceedings of the First International Workshop on Mobile
Agents</CITE>, Berlin, Germany, April 1997.<BLOCKQUOTE>We describe a platform
for the portable and secure execution of mobile agents written in various
interpreted languages on top of a common run-time core. Agents may migrate at
any point in their execution, fully preserving their state, and may exchange
messages with other agents. One system may contain many virtual places, each
establishing a domain of logically related services under a common security
policy governing all agents at this place. Agents are equipped with
allowances limiting their resource accesses, both globally per agent lifetime
and locally per place. We discuss aspects of this architecture and report
about ongoing work.</BLOCKQUOTE>
<P>
<!-- Authors: Holger Peine -->
<LI><A NAME="peine-97-introduction"></A>Holger Peine.
<A HREF="http://www.uni-kl.de/AG-Nehmer/Ara/Doc/intro-prog.ps.gz">An
introduction to mobile agent programming and the Ara system</A>.
Technical Report ZRI-Report 1/97, Department of Computer Science, University of
Kaiserslautern, Germany, 1997.<BLOCKQUOTE>A good starting point for people
new to Ara and possibly mobile agent programming in general. This assumes
very little prerequisite knowledge, so expert readers might want to only skim
through its initial sections. The report introduces mobile agents and the Ara
system, regards potential applications, and proceeds to a fairly complete,
but nonformal description of the Ara API, subsequently demonstrated on a
larger example of a WWW searching agent. The report closes with some
discussion of the Ara implementation and selected aspects of mobile agents in
general.</BLOCKQUOTE>
<P>
<!-- Authors: Stephane Perret and Andrzej Duda -->
<LI><A NAME="perret96:desig"></A>Stephane Perret
and Andrzej Duda.
<A HREF="ftp://fidji.imag.fr/pub/perret/icpads96.ps.gz">Design and
implementation of MAP: A system for mobile assistant programming</A>.
In <CITE>Proceedings of the IEEE International Conference of Parallel and
Distributed Systems</CITE>, Tokyo, Japan, June 1996.<P>
<!-- Authors: Stephane Perret and Andrzej Duda -->
<LI><A NAME="perret96:map"></A>Stephane Perret and
Andrzej Duda.
<A HREF="ftp://fidji.imag.fr/pub/perret/icc96.ps.gz">MAP: Mobile assisatn
programming for large scale communication networks</A>.
In <CITE>Proceedings of the IEEE International Conference on
Communications</CITE>, Dallas, Tex., June 1996.<P>
<!-- Authors: Stephane Perret and Andrzej Duda -->
<LI><A NAME="perret96:mobile"></A>Stephane Perret
and Andrzej Duda.
<A HREF="ftp://fidji.imag.fr/pub/perret/www96/Overview.html">Mobile assistant
programming for efficient information access on the WWW</A>.
In <CITE>Proceedings of the 5th International World-Wide Web Conference</CITE>,
Paris, France, May 1996.<P>
<!-- Authors: Gian Pietro Picco and Gruia Catalin Roman and Peter J McCann -->
<LI><A NAME="picco97:expressing"></A>Gian Pietro Picco,
Gruia-Catalin Roman, and Peter J. McCann.
<A HREF="http://www.polito.it/~picco/papers/esec97.ps.gz">Expressing code
mobility in mobile UNITY</A>.
Technical Report WUCS-97-02, Washington University, St. Louis, Mo., January
1997.<BLOCKQUOTE>Advancements in network technology have led to the emergence
of new computing paradigms that challenge established programming practices
by employing weak forms of consistency and dynamic forms of binding. Code
mobility, for instance, allows for invocation-time binding between a code
fragment and the location where it executes. Similarly, mobile computing
allows hosts (and the software they execute) to alter their physical
location. Despite apparent similarities, the two paradigms are distinct in
their treatment of location and movement. This paper seeks to uncover a
common foundation for the two paradigms by exploring the manner in which
stereotypical forms of code mobility can be expressed in a programming
notation developed for mobile computing. Several solutions to a distributed
simulation problem are used to illustrate the modeling strategy for programs
that employ code mobility.</BLOCKQUOTE>
<P>
<!-- Authors: Mudumbai Ranganathan and Anurag Acharya and Joel Saltz -->
<LI><A NAME="ranganathan96:distributed"></A>Mudumbai Ranganathan, Anurag Acharya, and Joel Saltz.
<A HREF="http://www.cs.umd.edu/~acha/papers/iwoos96-submitted.html">Distributed resource monitors for mobile objects</A>.
In <CITE>Proceedings of the Fifth International Workshop on Object Orientation
in Operating Systems</CITE>, pages 19-23, Seattle, Wa., October 1996.<P>
<!-- Authors: Mudumbai Ranganathan and Anurag Acharya and Shamik Sharma and
Joel Saltz -->
<LI><A NAME="ranganathan97:network"></A>Mudumbai
Ranganathan, Anurag Acharya, Shamik Sharma, and Joel Saltz.
<A HREF="http://www.cs.umd.edu/~acha/papers/usenix97.ps.Z">Network-aware
mobile programs</A>.
In <CITE>Proceedings of the USENIX 1997 Annual Technical Conference</CITE>,
Anaheim, Cal., January 1997.
Version available as University of Maryland Department of Computer Science
Technical Report CS-TR-3659.<BLOCKQUOTE>In this paper, we investigate
network-aware mobile programs, programs that can use mobility as a tool to
adapt to variations in network characteristics. We present infrastructural
support for mobility and network monitoring and show how adaptalk, a
Java-based mobile Internet chat application can take advantage of this
support to dynamically place the chat server so as to minimize response time.
Our conclusion was that on-line network monitoring and adaptive placement of
shared data-structures can significantly improve performance of distributed
applications on the Internet.</BLOCKQUOTE>
<P>
<!-- Authors: M Ranganathan and Anurag Acharya and Joel Saltz -->
<LI><A NAME="ranganathan98:adapting"></A>M. Ranganathan, Anurag Acharya, and Joel Saltz.
<A HREF="http://www.cs.ucsb.edu/~acha/publications/icdcs98-submitted.html">Adapting to bandwidth variations in wide-area data combination</A>.
In <CITE>Proceedings of the 18th International Conference on Distributed
Computing Systems</CITE>, Amsterdam, The Netherlands, May 1998.
Also available as UCSB TRCS97-26.<BLOCKQUOTE>Efficient data combination over
wide-area networks is hard as wide-area networks have large variations in
available network bandwidth. In this paper, we examine the utility of
changing the location of combination operators as a technique to adapt to
variations in wide-area network bandwidth. We try to answer the following
questions. First, does relocation of operators provide a significant
performance improvement? Second, is on-line relocation useful or does a
one-time positioning at start-up time provide most if not all the benefits?
If on-line relocation is useful, how frequently should it be done and is
global knowledge of network performance required or can local knowledge and
local relocation of operators sufficient? Fourth, does the effectiveness of
operator relocation depend on the ordering of the combination operations.
That is, are certain ways of ordering more amenable to adaptation than
others? Finally, how do the results change as the number of data sources
changes?</BLOCKQUOTE>
<P>
<!-- Authors: M Ranganathan and Laurent Andrey and Anurag Acharya and Virginie
Schaal -->
<LI><A NAME="ranganthan98:mobile"></A>M. Ranganathan, Laurent Andrey, Anurag Acharya, and Virginie
Schaal.
<A HREF="http://www.cs.ucsb.edu/TRs/TRCS98-11.html">Mobile streams</A>.
Technical Report TRCS98-11, Computer Science Department, University of
California, Santa Barbara, April 1998.<BLOCKQUOTE>A large class of
distributed testing, control and collaborative applications are reactive or
event driven in nature. Such applications can be structured as a set of
handlers that react to events and that in turn can trigger other events. We
have developed an application building toolkit that facilitates development
of such applications. Our system is based on the concept of Mobile Streams.
Applications developed in our system are dynamically extensible and
re-configurable and our system provides the application designer a means to
specify resource-control policy-modules that can control how the system can
be extended and reconfigured. We describe our system model and compare our
design to the design of other similar systems. We also describe three
applications that have built using our implementation of Mobile
Streams.</BLOCKQUOTE>
<P>
<!-- Authors: Jeff Rulifson -->
<LI><A NAME="rulifson69:del"></A>Jeff Rulifson.
DEL, June 1969.
Internet Engineering Task Force, RFC 5.<BLOCKQUOTE>The Decode-Encode Language
(DEL) is a machine independent language tailored to two specific computer
network tasks: accepting input codes from interactive consoles, giving
immediate feedback, and packing the resulting information into message
packets for network transmissin. and accepting message packets from another
computer, unpacking them, building trees of display information, and sending
other information to the user at his interactive station.</BLOCKQUOTE>
<P>
<!-- Authors: Daniela Rus and Robert S Gray and David Kotz -->
<LI><A NAME="rus97:transportable"></A>Daniela Rus,
Robert S. Gray, and David Kotz.
<A HREF="ftp://ftp.cs.dartmouth.edu/pub/kotz/papers/rus:autonomous2.ps.Z">Transportable information agents</A>.
In <CITE>International Conference on Autonomous Agents</CITE>, pages 228-236,
February 1997.<BLOCKQUOTE>Transportable agents are autonomous programs. They
can move through a heterogeneous network of computers under their own
control, migrating from host to host. They can sense the state of the
network, monitor software conditions, and interact with other agents or
resources. The network-sensing tools allow our agents to adapt to the network
configuration and to navigate under the control of reactive plans. In this
paper we describe the design and implementation of the navigation system that
gives our agents autonomy. We also discuss the intelligent and adaptive
behavior of autonomous agents in distributed information-gathering
tasks.</BLOCKQUOTE>
<P>
<!-- Authors: Daniela Rus and Robert S Gray and David Kotz -->
<LI><A NAME="rus97:transportable-information"></A>Daniela Rus, Robert S. Gray, and David Kotz.
Transportable information agents.
<CITE>Journal of Intelligent Information Systems</CITE>, 9:215-238,
1997.<BLOCKQUOTE>Transportable agents are autonomous programs. They can move
through a heterogeneous network of computers under their own control,
migrating from host to host. They can sense the state of the network, monitor
software conditions, and interact with other agents or resources. The
network-sensing tools allow our agents to adapt to the network configuration
and to navigate under the control of reactive plans. In this paper we
describe the design and implementation of the navigation system that gives
our agents autonomy. We also discuss the intelligent and adaptive behavior of
autonomous agents in distributed information-gathering tasks.</BLOCKQUOTE>
<P>
<!-- Authors: Fred B Schneider -->
<LI><A NAME="schneider97:towards"></A>Fred B. Schneider.
<A HREF="http://cs-tr.cs.cornell.edu:80/Dienst/Repository/2.0/Body/ncstrl.cornell%2fTR97-1636/postscript">Towards fault-tolerant and secure agentry</A>.
In <CITE>Proceedings 11th International Workshop on Distributed
Algorithms</CITE>, Saarbucken, Germany, September 1997.
Also published as Cornell Univ., Computer Science Dept. technical report
TR94-1568.<P>
<!-- Authors: James W Stamos and David K Gifford -->
<LI><A NAME="stamos90:implementing"></A>James W.
Stamos and David K. Gifford.
Implementing remote evaluation.
<CITE>IEEE Transactions on Software Engineering</CITE>, 16(7):710-722, july
1990.<P>
<!-- Authors: James W Stamos and David K Gifford -->
<LI><A NAME="stamos90:remote"></A>James W.
Stamos and David K. Gifford.
Remote evaluation.
<CITE>ACM Transactions on Programming Languages and Systems</CITE>,
12(4):537-565, October 1990.<P>
<!-- Authors: James W Stamos -->
<LI><A NAME="stamos86:remote"></A>James W. Stamos.
<A HREF="ftp://cstr-ftp.lcs.mit.edu/pub/cstr-ftp/publications/LCS-TR/0300-0399/LCS-TR-354"><CITE>Remote Evaluation</CITE></A>.
PhD thesis, Massachusetts Institute of Technology, Cambridge, Ma., January
1986.
Also available as MIT Laboratory for Computer Science Technical Report
MIT/LCS/TR-354.<BLOCKQUOTE>A new technique for computer-to-computer
communication is presented that can increase the generality and performance
of distributed systems. This technique, called Remote Evaluation, lets one
computer send another computer a request in the form of a program. A computer
that receives such a request executes the program in the request and returns
the results to the sending computer. parRemote evaluation provides a new
degree of flexibility in the design of distributed systems. In present
distributed systems that use Remote Procedure Calls, server computers are
designed to offer a fixed set of services. In a system that uses remote
evaluation, server computers are more properly viewed as programmable soft
abstractions. One consequence of this flexibility is that remote evaluation
can reduce the amount of communication that is required to accomplish a given
task. <P> Our thesis is that it is possible to design a remote evaluation
system that permits the processing of a program to be distributed among
remote computers without changing the program's semantics. In support of this
thesis our proposal for remote evaluation uses the same argument passing
semantics for local and remote procedure invocations (call by sharing); it
provides atomic transactions to mask computer and communication failures; and
it provides a static checking framework that identifies procedures that can
not be relocated from computer to computer. <P> We discuss both the
semantics of remote evaluation and our experience with a prototype
implementation. The idea of a remote data type is introduced to let one
computer name objects at a remote computer. A detailed discussion of the
compile-time and run-time support necessary for remote evaluation is
provided, along with a detailed sample application.</BLOCKQUOTE>
<P>
<!-- Authors: Bjarne Steensbaard and Eric Jul -->
<LI><A NAME="steensbaard95:object"></A>Bjarne
Steensbaard and Eric Jul.
<A HREF="ftp://ftp.research.microsoft.com/users/rusa/sosp95.ps">Object and
native code thread mobility among heterogeneous computers</A>.
In <CITE>Proceedings of the 15th ACM Symposium on Operating Systems
Principles</CITE>, pages 68-78, Copper Moutain, Co., December
1995.<BLOCKQUOTE>We present a technique for moving objects and threads among
heterogeneous computers at the native code level. To enable mobility of
threads running native code, we convert thread states among machine-dependent
and machine-independent formats. We introduce the concept of bus stops, which
are machine-independent representations of program points as represented by
program counter values. The concept of bus stops can be used also for other
purposes, e.g., to aid inspecting and debugging optimized code, garbage
collection etc. We also discuss techniques for thread mobility among
processors executing differently optimized codes. <P> We demonstrate the
viability of our ideas by providing a prototype implementation of object and
thread mobility among heterogeneous computers. The prototype uses the Emerald
distributed programming language without modification; we have merely
extended the Emerald runtime system and the code generator of the Emerald
compiler. Our extensions allow object and thread mobility among VAX, Sun-3,
HP9000/300, and Sun SPARC workstations. The excellent intra-node performance
of the original homogeneous Emerald is retained: migrated threads run at
native code speed before and after migration; the same speed as on
homogeneous Emerald and close to C code performance. Our implementation of
mobility has not been optimized: thread mobility and trans-architecture
invocations take about 60% longer than in the homogeneous implementation.
<P> We believe this is the first implementation of full object and thread
mobility among heterogeneous computers with threads executing native
code.</BLOCKQUOTE>
<P>
<!-- Authors: Torsten Stolpmann -->
<LI><A NAME="stolpmann96:execution"></A>Torsten Stolpmann.
<A HREF="http://www.newcastle.research.ec.org/cabernet/research/radicals/1996/papers/mobilecode-stolpmann.html">Execution environments for mobile code -- a
cornerstone for adaptable distributed systems</A>.
In <CITE>Position paper for 3rd CaberNet Radicals Workshop</CITE>, Connemara,
Ireland, May 1996.<P>
<!-- Authors: Steve Stone and Mike Zyda and Don Brutzman and John Falby -->
<LI><A NAME="stone96:mobile"></A>Steve Stone, Mike
Zyda, Don Brutzman, and John Falby.
<A HREF="http://www-npsnet.cs.nps.navy.mil/npsnet/publications/Mobile.Agents.and.Smart.Networks.for.Distributed.Simulations.pdf">Mobile agents and smart
networks for distributed simulation</A>.
In <CITE>Proceedings of the 14th Distributed Simulations Conference</CITE>,
Orlando, Fl., March 1996.<BLOCKQUOTE>As the use of Distributed Interactive
Simulations has grown, the need to support a large number of players in the
environment has become apparent. DIS has not been able to support a large
number of entities because of its high network bandwidth requirements and the
large computational loads it places on host computers. A combination of an
agent based architecture and smart networks provides a promi sing solution to
these problems when implementing large-scale distributed simulations. An
agent system using the remote programming paradigm, transporting the
necessary parameters and the necessary code for remote execution [WHITE95],
could reduce the network bandwidth requirements and large computational loads
associated with a large distributed simulation. This reduction would occur by
eliminating unnecessary PDU traffic through the use of mobile agents that
represent the originating entity. These agents would travel to, and reside
on, the host computer of other entities and provide the necessary state
information for stationary entities without using network resources. Smart
Networks could be used to create a flexible area of interest manager,
allowing entities to specify their area of interest and the information that
they require from within that area [HARR95a]. This approach allows an entity
to get all of the information it requires to represent its view of the
simulated world while eliminating unnecessary information
processing.</BLOCKQUOTE>
<P>
<!-- Authors: Markus Straer and Joachim Baumann and Fritz Hohl -->
<LI><A NAME="strasser96:mole"></A>Markus Straßer,
Joachim Baumann, and Fritz Hohl.
<A HREF="http://www.informatik.uni-stuttgart.de/ipvr/vs/Publications/1996-strasser-01.ps.gz">Mole -- a Java based mobile agent system</A>.
In <CITE>2nd ECOOP Workshop on Mobile Object Systems</CITE>, pages 28-35,
Linz, Austria, July 1996.<BLOCKQUOTE>Mobile agents are active, autonomous
objects, which are able to movebetween locations in a so-called agent system,
a distributed abstractionlayer providing security of the underlying systems
on one hand and theconcepts and mechanisms for mobility and communication on
the otherhand. In this paper, the mobility, the communication concepts and
thearchitecture of Mole, an agent system developed at the University of
Stuttgart, are presented.</BLOCKQUOTE>
<P>
<!-- Authors: Joseph Tardo and Luis Valenta -->
<LI><A NAME="tardo96:mobile"></A>Joseph Tardo and
Luis Valenta.
<A HREF="http://www.genmagic.com/Telescript/security.html">Mobile agent
security and Telescript</A>.
In <CITE>Proceedings of IEEE COMPCON '96</CITE>, February 1996.<P>
<!-- Authors: David L Tennenhouse and David J Wetherall -->
<LI><A NAME="tennenhouse96:towards"></A>David L. Tennenhouse and David J. Wetherall.
<A HREF="ftp://ftp.tns.lcs.mit.edu/pub/papers/ccr96.ps.gz">Towards an active
network architecture</A>.
<CITE>Computer Communication Review</CITE>, 26(2), April
1996.<BLOCKQUOTE>Active networks allow their users to inject customized
programs into the nodes of the network. An extreme case, in which we are most
interested, replaces packets with `capsules' -- program fragments that are
executed at each network router/switch they traverse. <P> Active
architectures permit a massive increase in the sophistication of the
computation that is performed within the network. They will enable new
applications, especially those based on application-specific multicast,
information fusion, and other services that leverage network-based
computation and storage. Furthermore, they will accelerate the pace of
innovation by decoupling network services from the underlying hardware and
allowing new services to be loaded into the infrastructure on demand. <P> In
this paper, we describe our vision of an active network architecture, outline
our approach to its design, and survey the technologies that can be brought
to bear on its implementation. We propose that the research community mount a
joint effort to develop and deploy a wide area ActiveNet.</BLOCKQUOTE>
<P>
<!-- Authors: David L Tennenhouse and Jonathan M Smith and W David Sincoskie
and David J Wetherall and Gary J Minden -->
<LI><A NAME="tennenouse97:survey"></A>David L.
Tennenhouse, Jonathan M. Smith, W. David Sincoskie, David J. Wetherall, and
Gary J. Minden.
<A HREF="http://www.tns.lcs.mit.edu/publications/ieeecomms97.html">A survey of
active network research</A>.
<CITE>IEEE Communications</CITE>, 35(1):80-86, January 1997.<BLOCKQUOTE>Active
networks are a novel approach to network architecture in which the switches
of the network perform customized computations on the messages flowing
through them. This approach is motivated by both lead user applications,
which perform user-driven computation at nodes within the network today, and
the emergence of mobile code technologies that make dynamic network service
innovation attainable. In this article, the authors discuss two approaches to
the realization of active networks and provide a snapshot of the current
research issues and activities.</BLOCKQUOTE>
<P>
<!-- Authors: Bent Thomsen and Lone Leth and Sanjiva Prasad and Tsung Min Kuo
and Andre Kramer and Fritz C Knabe and and Alessandro Giacalone -->
<LI><A NAME="thomsen93:facile"></A>Bent Thomsen, Lone
Leth, Sanjiva Prasad, Tsung-Min Kuo, Andre Kramer, Fritz C. Knabe, , and
Alessandro Giacalone.
<A HREF="ftp://ftp.ecrc.de/pub/ECRC_tech_reports/reports/ECRC-93-20.ps.Z">Facile antigua release programming guide</A>.
Technical Report ECRC-93-20, European Computer Industry Research Centre,
Munich, Germany, December 1993.<BLOCKQUOTE>Facile is an experimental
concurrent functional programming language intended to support applications
that require a combination of physical distribution and complex computation.
This report gives an introduction to programming with Facile. Examples are
based on the Facile Antigua release, which makes distributed programming over
a network possible.</BLOCKQUOTE>
<P>
<!-- Authors: Denis Tschritzis -->
<LI><A NAME="tsichritzis97:commentary"></A>Denis
Tschritzis.
Commentary on ``Objectworld''.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 23-24. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<P>
<!-- Authors: Denis Tschritzis -->
<LI><A NAME="tsichritzis97:objectworld"></A>Denis
Tschritzis.
Objectworld.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 7-22. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>An environment is
outlined in which programming objects collect and disseminate information,
using analogies from the animal world. Objects have their own rules of
behaviour. They coordinate their activities by participating in events.
Objects get born, move around, communicate and receive information and,
eventually, die.</BLOCKQUOTE>
<P>
<!-- Authors: Christian Tschudin -->
<LI><A NAME="tschudin97:instruction"></A>Christian
Tschudin.
Instruction-based communications.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 67-92. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>This papers explores a
mode of communication that is based on instruction rather than
interpretation. Starting from Shannon's (interpretative) communication model,
I link instruction-based communications to mobile code (messengers), to
``signs'' as they are defined in semiotics, and to the virus theme commonly
found in cell biology, computer science and literature. Virus-codes are
conjectured to be more powerful that the equivalence codes studied by
Shannon.</BLOCKQUOTE>
<P>
<!-- Authors: Christian Tschudin -->
<LI><A NAME="tschudin97:messenger"></A>Christian Tschudin.
The messenger environment M0 -- a condensed description.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 149-156. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>Implementation
techniques for distributed applications can be positioned in a spectrum that
ranges from data-exchange to code-exchange. Date-exchange means that the
logic (i.e., code) of a distributed application is statically installed and
that coordination is done by exchanging messages with predefined meanings.
Code-exchange, on the other hand, means that coordination is achieved by
sending around code fragments which alter the data that is bound to the
network's hosts. Actual systems usually pick and combine several techniques
that are positioned at different places in this spectrum. Sun's JAVA and the
corresponding code-on-demand approach, for example, would be closer to the
data-exchange viewpoint, while Stamos' and Gifford's Remote Evaluation is
more in the line of mobile code because the initiator has more instructional
capabilities. Mobile software agent systems are quite close to pure
code-exchange, although they often mix-in classical data-exchange techniques
(data streams between agents, or mailboxes). The aim of the mobile code
environment M (m-zero) is to be as faithful as possible to the code-exchange
point of view.</BLOCKQUOTE>
<P>
<!-- Authors: Giovanni Vigna -->
<LI><A NAME="vigna97:protecting"></A>Giovanni Vigna.
<A HREF="http://www.elet.polimi.it/people/vigna/mos97.ps.gz">Protecting mobile
agents through tracing</A>.
In <CITE>3rd ECOOP Workshop on Mobile Object Systems</CITE>,
Jyvälskylä, Finland, June 1997.<BLOCKQUOTE>Mobile code systems
provide a flexible and powerful platform to build distributed applications in
an Internet scale, but they rise strong requirements from the security point
of view. Security issues include au thentication of the different remote
parties involved and protection of the execution environments from malicious
agents. Nonetheless, the most diffcult task is to protect roaming agents from
execution environments. This paper presents a new mechanism based on
execution tracing and cryptography that allows an agent owner to determine if
some site in the route followed by the agent tried to tamper with the agent
state or code.</BLOCKQUOTE>
<P>
<!-- Authors: Giovanni Vigna -->
<LI><A NAME="vigna98:mobile"></A>Giovanni Vigna, editor.
<CITE>Mobile Agents Security</CITE>.
Lecture Notes in Computer Science. Springer-Verlag, 1998.
To appear.<P>
<!-- Authors: Jan Vitek and Christian Tschudin -->
<LI><A NAME="vitek97:mobile"></A>Jan Vitek and
Christian Tschudin, editors.
<A HREF="http://cuiwww.unige.ch/~ecoopws/tpi"><CITE>Mobile Oject Systems:
Towards the Programmable Internet</CITE></A>.
Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<BLOCKQUOTE>This book presents a
collection of papers dealing with different aspects of mobile computations.
Mobile computations are computations that are not bound to single locations,
but may move at will to best use the computer network's resources. In this
view, the network becomes a single, vast, programmable environment. Among
computer scientists, many feel that this approach will have a profound effect
on the way we design and implement distributed applications, and they agree
that we are witnessing a paradigm change. However, this new and exciting
paradigm requires advances, both theoretical and applied, in fields such as
programming languages (where we need a sound semantic foundation and
efficient implementations), operating systems and software safety and
security. Some of the first steps towards a programmable Internet are
documented here.</BLOCKQUOTE>
<P>
<!-- Authors: Jan Vitek and Manuel Serrano and Dimitri Thanos -->
<LI><A NAME="vitek97:security"></A>Jan Vitek, Manuel
Serrano, and Dimitri Thanos.
Security and communication in mobile object systems.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 177-200. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<P>
<!-- Authors: Jan Vitek -->
<LI><A NAME="vitek96:secure"></A>Jan Vitek.
<A HREF="http://cuiwww.unige.ch/~ecoopws/ws96/5.ps.gz">Secure object
spaces</A>.
In <CITE>2nd ECOOP Workshop on Mobile Object Systems</CITE>, pages 41-48,
Linz, Austria, July 1996.<BLOCKQUOTE>Mobile software agents are computational
entities acting on the behalfof a user which may move from computer to
computer over a heterogeneousnetwork, draw on local resources, and interact
with other agents. This extended abstract discusses agent communication and
its implications for security.</BLOCKQUOTE>
<P>
<!-- Authors: Dennis Volpano and Geoffrey Smith and Cynthia Irvine -->
<LI><A NAME="volpano96:sound"></A>Dennis Volpano,
Geoffrey Smith, and Cynthia Irvine.
<A HREF="http://www.cs.nps.navy.mil/research/languages/papers/atsc/jcs.ps.Z">A
sound type system for secure flow analysis</A>.
<CITE>Journal of Computer Security</CITE>, 4(3):167-187, December
1996.<BLOCKQUOTE>Ensuring secure information flow within programs in the
context of multiple sensitivity levels has been widely studied. Especially
noteworthy is Denning's work in secure flow analysis and the lattice model
[6][7]. Until now, however, the soundness of Denning's analysis has not been
established satisfactorily. We formulate Denning's approach as a type system
and present a notion of soundness for the system that can be viewed as a form
of noninterference. Soundness is established by proving, with respect to a
standard programming language semantics, that all well-typed programs have
this noninterference property.</BLOCKQUOTE>
<P>
<!-- Authors: Dennis Volpano -->
<LI><A NAME="volpano96:provably"></A>Dennis Volpano.
<A HREF="http://www.cs.nps.navy.mil/research/languages/papers/atsc/sdcr.ps">Provably-secure programming languages for remote evaluation</A>.
<CITE>ACM Computing Surveys</CITE>, 28A, December 1996.
Participation statement for ACM Workshop on Strategic Directions in Computing
Research.<P>
<!-- Authors: Robert Wahbe and Steven Lucco and Thomas E Anderson and Susan L
Graham -->
<LI><A NAME="wahbe93:efficient"></A>Robert Wahbe,
Steven Lucco, Thomas E. Anderson, and Susan L. Graham.
<A HREF="http://http.cs.berkeley.edu/~tea/sfi.ps">Efficient software-based
fault isolation</A>.
In <CITE>Proceedings of the 14th ACM Symposium on Operating Systems
Principles</CITE>, pages 203-216, 1993.<BLOCKQUOTE>One way to provide fault
isolation among cooperating software modules is to place each in its own
address space. However, for tightly-coupled modules, this solution incurs
prohibitive context switch overhead. In this paper, we present a software
approach to implementing fault isolation within a single address space. Our
approach has two parts. First, we load the code and data for a distrusted
module into its own fault domain, a logically separate portion of the
application's address space. Second, we modify the object code of a
distrusted module to prevent it from writing or jumping to an address outside
its fault domain. Both these software operations are portable and programming
language independent. <P> Our approach poses a tradeoff relative to hardware
fault isolation: substantially faster communication between fault domains, at
a cost of slightly increased execution time for distrusted modules. We
demonstrate that for frequently communicating modules, implementing fault
isolation in software rather than hardware can substantially improve
end-to-end application performance.</BLOCKQUOTE>
<P>
<!-- Authors: Jim Waldo and Ann Wollrath and Sam Kendall -->
<LI><A NAME="waldo97:afterword"></A>Jim Waldo, Ann
Wollrath, and Sam Kendall.
Afterword.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 65-66. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222.<P>
<!-- Authors: Jim Waldo and Geoff Wyant and Ann Wollrath and Sam Kendall -->
<LI><A NAME="waldo97:note"></A>Jim Waldo, Geoff Wyant,
Ann Wollrath, and Sam Kendall.
<A HREF="http://www.sunlabs.com/smli/technical-reports/1994/smli_tr-94-29.ps">A
note on distributed computing</A>.
In <CITE>Mobile Object Systems: Towards the Programmable Internet</CITE>,
pages 49-64. Springer-Verlag, April 1997.
Lecture Notes in Computer Science No. 1222. Also published as Sun Microsystems
Laborators Technical Report TR-94-29.<BLOCKQUOTE>Much of the current work in
distributed, object-oriented systems is based on the assumption that objects
form a single ontological class. This class consists of all entities that can
be fully described by the specification of the set of interfaces supported by
the object and the semantics of the operations in those interfaces. The class
includes objects that share a single address space, objects that are in
separate address spaces on the same machine, and objects that are in separate
address spaces on different machines (with, perhaps, different
architectures). On the view that all objects are essentially the same kind of
entity, these differences in relative location are merely an aspect of the
implementation of the object. Indeed, the location of an object may change
over time, as an object migrates from one machine to another or the
implementation of the object changes. <P> It is the thesis of this note that
this unified view of objects is mistaken. There are fundamental differences
between the interactions of distributed objects and the interactions of
non-distributed objects. Further, work in distributed object-oriented systems
that is based on a model that ignores or denies these differences is doomed
to failure, and could easily lead to an industry-wide rejection of the notion
of distributed object-based systems.</BLOCKQUOTE>
<P>
<!-- Authors: Dan S Wallach and Dirk Balfanz and Drew Dean and Edward W Felten
-->
<LI><A NAME="wallach97:extensible"></A>Dan S.
Wallach, Dirk Balfanz, Drew Dean, and Edward W. Felten.
<A HREF="http://www.CS.Princeton.EDU/sip/pub/extensible.html">Extensible
security architectures for java</A>.
Technical Report 546-97, Department of Computer Science, Princeton University,
April 1997.<BLOCKQUOTE>Mobile code technologies such as Java, JavaScript, and
ActiveX generally limit all programs to a single security policy. However,
software-based protection can allow for more flexible security models, with
potentially significant performance improvements over traditional
hardware-based solutions. We describe and analyze three implementation
strategies for interposing flexible security policies in software-based
security systems. Implementations exist for all three strategies: several
vendors have adapted capabilities to Java, Netscape Communicator extended
Java's stack introspection, and we built a type-hiding system as an add-on to
Microsoft Internet Explorer.</BLOCKQUOTE>
<P>
<!-- Authors: David J Wetherall and David L Tennenhouse -->
<LI><A NAME="wetherall96:active"></A>David J. Wetherall and David L. Tennenhouse.
<A HREF="http://www.tns.lcs.mit.edu/publications/sigops96ws.html">The ACTIVE
IP option</A>.
In <CITE>Proceedings of the Seventh ACM SIGOPS European Workshop</CITE>,
Connemara, Ireland, September 1996.<BLOCKQUOTE>In this paper, we discuss our
work on an active network architecture in which passive packets are replaced
with active capsules -- encapsulated program fragments that are executed at
each switch they traverse. This approach allows application-specific
processing to be injected into the network. The accessibility of computation
and storage ``within'' the network provides a substrate that can be tailored
to build global applications, including those that invoke customized
multicast and merge processing. <P> We describe an extension to the IP
options mechanism that supports the embedding of program fragments in
datagrams and the evaluation of these fragments as they traverse the
Internet. The ACTIVE option provides a generic approach to the extension of
the IP network service.</BLOCKQUOTE>
<P>
<!-- Authors: David J Wetherall -->
<LI><A NAME="wetherall96:safety"></A>David J. Wetherall.
<A HREF="http://www.tns.lcs.mit.edu/~djw/area.html">Safety mechanisms for
mobile code</A>.
Area Examination Paper, November 1995.<P>
<!-- Authors: James E White -->
<LI><A NAME="white96:telescript"></A>James E. White.
<A HREF="http://www.genmagic.com/agents/Whitepaper/whitepaper.html">Telescript
technology: Mobile agents</A>.
In <A HREF="#bradshaw96:software">[Bradshaw, 1996]</A>.
Also available as General Magic White Paper.<P>
<!-- Authors: D Eric White -->
<LI><A NAME="white98:thesis"></A>D. Eric White.
A comparison of mobile agent migration mechanisms.
Senior Honors Thesis, Dartmouth College, June 1998.<BLOCKQUOTE>Choosing a model
for agent migration is a key decision in the design of a Java mobile agent
system. Two major models have been proposed for implementing mobile agent
migration: one which captures the entire execution state of a running agent,
and one which captures only object state. In this paper we compare the two
models from the perspective of both the system programmer and the application
programmer, in the context of Agent Java, a part of the D'Agents system
developed at Dartmouth College. From the system programmer's perspective, we
consider such issues as difficulty and complexity of implementation, while
from the application programmer's perspective we examine the level of
convenience, naturalness and functionality each method provides. Ideally, we
would also like to compare the two methods in terms of performance, but time
constraints and technical difficulties have prevented us from obtaining
accurate results. Nevertheless, we present the results we were able to
gather.</BLOCKQUOTE>
<P>
</UL>
<!-- END BIBLIOGRAPHY mobile -->
<HR>
Copyright © 1997 Corporation for National Research Initiatives
</BODY></HTML>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!