next up previous
Next:  Analysis of threats Up:  Architecture Models Previous:  Entities Organization

 Interaction and Components Model

  Relations represent information or data exchange between two participants. Therefore, a relation can be regarded as an information channel. Moreover, three kinds of relations exist in this model: there are traditional communication relations, i.e. two entities have a relation because they exchange messages of any kind. In addition, using agent systems there are two relevant local relations: execution relations, e.g. a manager executes an agent system that executes mobile agents, and calling relations, e.g. a mobile agent calls interface functions of a mobile agent system or vice versa. As mobile agents are part of the management system it is necessary to examine these relations. Each entity as well as each possible relation between two entities is vulnerable to attacks.

Figure: Interaction and components model

These three kinds of relations are the only ways of interaction between entities. The interaction model reflects these kinds of relations from the organization model. Thus, the interaction model consists of three major parts: communication, execution and calling. Figure [*] shows all kinds of relations focusing on the major components in implementations involving agent systems. In this figure dashed, horizontal arrows are communication relations. Following the idea of the OSI basic reference model [#!iso7498!#] higher layers use services of lower layers to communicate. Vertical arrows show execution relations. One layer executes the layer above, e.g. the host system runs the agent system that, again, runs mobile agents. Dashed lines between two layers indicate calling relations. As the figure suggests, access to layers below the one beneath should be indirect, e.g. the agent system should guard access of agents to the host system.

Communication relations can be considered as transport of messages, e.g. through a network. On the one hand, both parties run in different environments without direct interference, i.e. no side has direct access to memory or other local resources at the other end. Any action may only happen upon receipt of a message but still under full control of the receiver. On the other hand, the transport media itself or at least the data transmitted requires protection. A network may be complex with several components between both ends, spanning a longer distance.

Adding agent systems to management systems, there are also relations that are different to communcation and need closer attention. With an agent system executing an agent there is an execution relation between both. As both run on a single machine even direct manipulation of either one might be possible. The agent system provides the environment as part of the execution relation. Therefore, an agent system may easily spy out data carried by the agent, manipulate the execution trace or even deny execution.

Once the agent comes to life it has a calling relation with the agent system as it usually needs various services of the agent system to fulfil its task, e.g. access to base system libraries or network services. However, all interaction must happen in a controlled manner to protect the agent system and the environment. An agent might try to gain unauthorized access to the agent system or host system

Looking closer at entities we find a basic structure as indicated in figure [*] (in a simplified way). A host system is any kind of computer or device that takes part in the management system. Main requirements are the abilities to provide network communication and to run further program code. Besides, a host system can have a fully-fledged operating system, but it may be as well a simple network device.

The agent system adapts the host system to meet the needs of mobile agents. In respect to the management system it can be considered as infrastructure. It usually uses a virtual machine to provide a common, homogeneous execution platform. Therefore, it hides heterogeneous details of the host system, tries to protect it and fills shortages. Moreover, the agent system offers additional, important services to agents, e.g. naming, location, communication services. Depending on the type of host system an agent system may use underlying mechanisms, e.g. encryption or authorization services, key management or access control.

Mobile agents are actually part of the management application. They use the agent system for their execution and for services they need. As they cannot live without an agent system they also highly depend on protection to be provided by the agent system. Actually, agents are at the mercy of the agent system as it seems almost impossible to protect agents against malicious agent systems [#!hohl97!#]. Therefore, the management application must take this into consideration, e.g. it must not send an agent with sensitive data or task to an agent system not fully trusted.

next up previous
Next:  Analysis of threats Up:  Architecture Models Previous:  Entities Organization
Copyright Munich Network Management Team