Transcript Smartnet`99, Bangkok, Thailand Tutorial 5: Mobile Agents

Smartnet´99, Bangkok, Thailand
Mobile Agents and Active Networks
[email protected]
University of Stuttgart, Germany
Institute of Parallel and Distributed
High-Performance Systems (IPVR)
Content
Defining Terms:
Mobile Code
Mobile Agents
Active Networks
Mobile Agents
Active Networks
Conclusion
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
2
Defining Terms: Mobile Code
basic idea
allow to move code to remote sites and
execute transferred code there
problems arise from mobility, e.g.
heterogeneity of systems
security (as more parties are involved)
systems can be divided according to
initiator of code transfer
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
3
Defining Terms: Mobile Code (cont.)
code
server
client
pull code
client asks for code and execute it at client site
example: Java Applets
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
4
Defining Terms: Mobile Code (cont.)
code
code
server
client
pull code
client asks for code and execute it at client site
example: Java Applets
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
5
Defining Terms: Mobile Code (cont.)
code
server
code
client
pull code
client asks for code and execute it at client site
example: Java Applets
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
6
Defining Terms: Mobile Code (cont.)
code
node A
node B
push code (remote execution)
node sends code to another node to execute it
there
examples: REMOTE EVALUATION, Postscript
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
7
Defining Terms: Mobile Code (cont.)
code
node A
code
node B
push code (remote execution)
node sends code to another node to execute it
there
examples: REMOTE EVALUATION, Postscript
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
8
Defining Terms: Mobile Code (cont.)
code
migrate
node A
node B
autonomous code
code decides itself where to go and execute
example: mobile agents
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
9
Defining Terms: Mobile Code (cont.)
code
node A
node B
autonomous code
code decides itself where to go and execute
example: mobile agents
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
10
Defining Terms: Mobile Agents
Mobile Agents are program instances that
are able move within a network under
their own control
mobile agents consist of
code (therefore also mobile code entities)
but additionally
data state (i.e. variables)
execution state (e.g. stack)
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
11
Defining Terms: Mobile Agents (cont.)
mobile agents are also a programming
paradigm:
programmer employs a set of “software
robots”
robots (i.e. agents) wander around the
network and interact with other agents
in principle, using this paradigm does not
require a mobile agent realization
this aspect is rarely addressed
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
12
Defining Terms: Active Networks
in an Active Network, transporting
components (e.g. routers) can execute
arbitrary code
this code is provided in some systems
from special (“active”) packets injected by
users
active packets are (obviously) mobile code
entities
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
13
Defining Terms: Active Networks (cont.)
difference to mobile agents:
no state included
active packets are executed in components of OSI
layer 1 - 3 (mobile agents are typically applications,
i.e. layer 7 elements)
most radical view on active networks:
allow to execute active packets in any component of
the network
as consequence, OSI layering is dissolved
from this point of view, mobile agents can be build
upon active networks
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
14
Mobile Agents
Contents
Agents in General
What are Mobile Agents?
Why are Mobile Agents useful?
Platforms
Security
Applications
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
15
Mobile Agents in the Context of Agents in
General
Software Agents
Intelligent Agents
non-agent software
classical mobile agents
• dumb programs
Mobile
• migrate
Agents
classical int. agents
• use AI
mechanisms
• do no migrate
mobile int. agents
• combine two
approaches
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
a.k.a
agents,
autonomous
agents,
multi-agentsystems
16
What are Mobile Agents?
Mobile Agents:
able to autonomously
migrate between
places
able to communicate
to each other
some agents offer
services or interfaces
to legacy applications
Server
Laptop
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Desktop
Data
Base
User Application
System
Resources
Legacy Software
Place
Mobile Agent
Service Agent
Application
Agent Migration
Local Communication
Global Communication
Smartnet`99
17
What are Mobile Agents?
Places
allow to distinguish
locality from globality
are abstractions of
computer nodes
Server
Laptop
Desktop
Data
Base
User Application
System
Resources
Legacy Software
Place
Mobile Agent
Service Agent
Application
Agent Migration
Local Communication
Global Communication
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
18
Why are Mobile Agents useful?
“Traditional”
client-server
approach
processing
data
web server
index
search engine
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
19
Why are Mobile Agents useful?
“Traditional”
client-server
approach
processing
data
web server
index
search engine
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
20
Why are Mobile Agents useful?
“Traditional”
client-server
approach
html
docs
processing
data
web server
index
search engine
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
21
Why are Mobile Agents useful?
“Traditional”
client-server
approach
processing
data
web server
index
search engine
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
22
Why are Mobile Agents useful?
“Traditional”
client-server
approach
web server
processing
data
index
html
docs
search engine
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
23
Why are Mobile Agents useful?
the traditional client-server approach
does not scale even for today´s WWW size
extensive network usage
bottlenecks:
network bandwidth
processing capacity of search engine
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
24
Why are Mobile Agents useful?
mobile agent
approach
html
docs
html
docs
html
docs
html
docs
html
docs
web server
index
search engine
html
docs
html
docs
html
docs
html
docs
html
docs
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
25
Why are Mobile Agents useful?
mobile agent
approach
html
docs
html
docs
html
docs
html
docs
html
docs
migration
index
search engine
web server
html
docs
html
docs
html
docs
html
docs
html
docs
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
26
Why are Mobile Agents useful?
mobile agent
approach
processing
data
html
docs
html
docs
html
docs
html
docs
html
docs
web server
index
search engine
html
docs
html
docs
html
docs
html
docs
html
docs
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
27
Why are Mobile Agents useful?
mobile agent
approach
html
docs
html
docs
html
docs
html
docs
html
docs
migration
index
search engine
web server
html
docs
html
docs
html
docs
html
docs
html
docs
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
28
Why are Mobile Agents useful?
mobile agent
approach
html
docs
html
docs
html
docs
html
docs
html
docs
migrations
web server
index
search engine
processing
data
html
docs
html
docs
html
docs
html
docs
html
docs
web server
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
29
Why are Mobile Agents useful?
mobile agent approach
processing takes place at data source
faster processing due to locality of program and
data
parallel processing
less network bandwidth usage
if index < document
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
30
Why are Mobile Agents useful?
another answer
because they are a good programming paradigm
for network applications
simpler and more powerful than using sockets or RPC
slightly more complicated than distributed oo systems
(you don´t need excuses for using paradigms)
even if you need only mobile code, a mobile agent
system can be the choice
there are not so many systems supporting push
code or autonomous code
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
31
Mobile Agent Platforms
platform A
platform A
whole agent system consists of single
platforms
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
32
Mobile Agent Platforms
platform A
platform A
platforms
realize places
sometimes a platform realizes several places
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
33
Mobile Agent Platforms
agent
1
agent
2
platform A
agent
3
Server
Laptop
platform A
platforms
execute agents
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
34
Mobile Agent Platforms
agent
1
agent
2
platform A
agent
3
agent
1
Server
Laptop
platform A
Desktop
platforms
offer functionality, at least:
migration of agents
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
35
Mobile Agent Platforms
agent
1
agent
2
platform A
agent
3
Server
Laptop
platform A
Desktop
platforms
offer functionality, at least:
communication between agents and others
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
36
Mobile Agent Platforms: Communication
communication means:
RPC (or RMI)
messages
tuple spaces
etc.
address of target agent
<name of platform> + <local id>
address of communication element (e.g. tuple)
global usable name (name service is needed)
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
37
Mobile Agent Platforms: Migration
migration: transport of the program
instance to the next platform
two possible realizations:
strong migration
all data is sent to next platform automatically
program continues at next statement
weak migration
only code & variables are sent to next platform
program restarts at given method
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
38
Mobile Agent Platforms: Other Functionality
control mechanisms like
locating agents
termination & orphan detection
sending & retracting agents
mediating services provided by agents
transactional support
security
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
39
Security in Mobile-Agent-Systems
Why Security is Important
we want open mobile agent systems, i.e.
everybody can insert mobile agents
everybody can operate a host
everybody can offer services
target application: electronic commerce
as soon as money is involved, guarantees have to
be given
Security is a key factor
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
40
Security in Mobile-Agent-Systems
Challenges
Agent
A: Protection of the host
from agents
similar problem as
with mobile code
 similar solutions
(e.g.sandboxes)
different types of
agents
authorization
techniques
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Agent
Agent
Agent
A
B
Host
Host
traditional security
Third Parties (network attackers)
Smartnet`99
41
Security in Mobile-Agent-Systems
B: Protection of agents from
hosts
Agent
• agents may carry valuable
goods like electronic money
or keys
• foreign hosts may attack
the agent
• problem: host executes
agent, i.e.
Agent
Agent
Agent
A
B
Host
Host
traditional security
Third Parties (network attackers)
– has to read code
– has to read data
• partial approaches exist
• but no complete solution
yet!
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
42
Application Areas for Mobile Agents
information retrieval
updating conventional search engines
dynamic search of intranet sources
change notification
mobile computing
migrate-and-disconnect style of operation
active email
mobile agents as messengers
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
43
Application Areas for Mobile Agents
active documents
protecting and displaying content
distributing computations
to a set of different computers
allowing code to be shipped
electronic commerce
price comparison
buy agents
complex operations
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
44
Application Areas for Mobile Agents
network management
active networks
see next part of tutorial
etc.
set of application is not restricted
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
45
Mobile Agents: Advantages
less complex failure model
asynchronous execution
parallel execution
automatic moving & installing code
replacement of passive by active elements
less communication
less latency between single interactions
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
46
Mobile Agents: Disadvantages
mobile agents may be too fast to control
no direct control possible
security is not completely solved
currently, no widespread system available
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
47
Mobile Agents: Conclusion
mobile Agents are mobile program instances
usage can be advantageous under certain
conditions
today, 64 mobile agent systems are known,
most of them cannot interoperate
usage for intranet applications is feasible
usage in open environments requires more
security and a widespread system
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
48
Active Networks
Content
Why Active Networks?
What are Active Networks?
Architectures
Applications
Conclusion
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
49
Why Active Networks?
problems of traditional networks:
difficult to integrate new technologies (e.g.
IPv6)
poor performance due to redundant operations
at several protocol layers
difficulty of accomodating new services in the
network
emerging need of computations within the
network
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
50
What are Active Networks?
solution: active networks
idea: network infrastructure components
(e.g. routers) can execute arbitrary code
targeted at lower OSI layers
allow applications to install and use the
software they need in the network
allow computations to be placed anywhere
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
51
Active Network Architectures
architectures can be distinguished according to how activity is achieved
“Active Packets” architectures
code is transported in special (“active”) packets
“Active Nodes” architectures
code is placed in nodes
packets carry only code identifiers & parameters
“Active Nodes and Packets” architectures
combine both approaches
allow users to choose between approaches
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
52
Active Packet Architectures
Smart Packets (BBN Technologies)
program has to be self-contained
program has to fit into a single packet (1Kb)
 allows only for very small programs
smart packets are sent to end host or to each
router along a path
supported languages: Spanner (assembly like),
Sprocket (C like), compiles to Spanner
functionality is limited to network management
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
53
Active Packet Architectures (cont.)
Active IP Option (MIT)
code is extension to the IP option field
various languages are supported
nodes can be queried about offered languages
“capsules” may leave data behind in node
supported functionality:
routing, copying, merging, generating packets
network conditions examination, node state change
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
54
Active Packet Architectures (cont.)
M0 (University of Zürich & UCB)
active packets may be complex programs in M0
M0 elements:
concurrent messenger threads
shared memory area
simple synchronisation mechanism (thread queues)
channels to neighbouring nodes
node resources “cost” money
M0 messengers are almost mobile agents
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
55
Active Node Architectures
Active Network Architecture (Georgia Tech)
active nodes offer a set of functions
user can specify list of function ids and
parameters for their packets in the header
DAN (Washington Univ. & ETH Zurich)
packets can specify function ids and param.
nodes load functions from special code servers
and cache them
functions are digitally signed
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
56
Active Node Architectures
ANTS (MIT)
functions are automatically deployed at routers
and end systems when packets arrive that
specify these functions
functions are requested from upstream
neighbouring nodes
packets are processed when all code arrived
access to shared logical resources (e.g. routing
table) in functions has to be authorised
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
57
Active Nodes and Packets Architectures
SwitchWare (University of Pennsylvania)
layered architecture
lowest level: secure active IP routers
active extensions can be loaded in routers
low dynamics of loading
“heavyweight” verification method can be used off-line
usage of encryption, authentication, program
verification
provide interface for active packets
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
58
Active Nodes and Packets Architectures
active packets
written in functional languages (e.g. Caml, PLAN)
carry lightweight programs
programs invoke active extensions
cannot leave state behind at nodes
less requirements for testing and verification
programmer is able to choose between
flexibility + dynamics (active packets) and
speed + security (active extensions)
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
59
Applications for Active Networks
Mobile IP routing
QoS management
Network Management
Congestion Control
Reliable Multicast
Caching
etc.
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
60
Active Networks: Conclusion
active networks allow to process code in the
network infrastructure like routers
not every active network system allows
users to insert code using active packets
major concerns:
performance
security (or at least safety)
from a radical point of view, active networks
unify network and application layer
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
61
Conclusion
Mobile Code allows to move code to
remote sites and execute transferred code
there
Mobile Agents are mobile code entities
additionally transport of data and execution
state
migration within a network under their own
control
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
62
Conclusion (cont.)
in an Active Network, transporting
components (e.g. routers) can execute
arbitrary code, originating e.g. from
mobile code entities, called active packets
mobile agents and active networks allow
new applications
more efficient usage of resources and
to cope with larger networks
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
63
Conclusion (cont.)
but:
widespread installation required in order to
be useful
currently no such installation exists
systems do not interoperate
most systems have reached only prototype
level
security is not yet solved for all application
scenarios
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
64
Mobile Agents: Resources
The Mobile Agent List
http://mole.informatik.uni-stuttgart.de/mal/mal.html
Mobile Agent Security Bibliography
http://mole.informatik.uni-stuttgart.de/security.html
UMBC AgentWeb
http://www.cs.umbc.edu/agents/
Mobility Mailing List
http://mobility.lboro.ac.uk/
Agents Mailing List
http://www.cs.umbc.edu/agentslist/
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
65
Active Networks: Resources
Active Networks Page at ICSI
http://www.icsi.berkeley.edu/~difatta/an_links.html
DARPA Active Networks Page
http://sds.lcs.mit.edu/darpa-activenet/
Active Networks Research in Europe
http://www.docs.uu.se/~tschudin/research/an-europe.html
University of Stuttgart, Germany
Institute of Parallel and Distributed High-Performance Systems (IPVR)
Fritz Hohl
Smartnet`99
66