Methodology of risk assessment in mobile agent system design

Current practices of software development use incomplete security models and result in implementations that leave security features either dangling in the midst of afterthoughts, or relegated to "future" upgrades or patches. Yet, security functions should be considered at the outset of any system design process. In Mobile Agent Systems, depending on their purpose, various paths may be taken to provide security based on the vulnerability of the features. Starting early to plan security and its implementation in such systems is particularly important because by design they operate in open environments with little central control. With widespread information sharing between potential system breakers ranging from amateur hackers to professional crackers, system security features are tested every day. As evident from frequent break-ins, security is often proven either inefficient or non-existent. Clearly, a pragmatic methodology of determining the system security requirements is needed. The purpose of this paper is two-folded. First, we catalog and classify numerous security techniques and practices for mobile agent systems. We also provide the definitions and describe implementations of security features relevant to mobile agent systems. Additionally, we measure their impact on agent system design and performance. The second purpose is to illustrate the discussed methodology in the context of DOORS, a mobile agent system developed by us for network performance data collection. We will discuss which security features are suitable for DOORS and how they impact the performance of the DOORS system.