Eavesdropping of messages can enable the attacker to gain information paving the way for further attacks or to steal confidential data. This is a passive attack and very hard to detect.
A management system based on MAs, implementing the MbD-paradigm, must delegate management functions or management tasks to MAs. MAs must also be able to delegate functionality and rights to other subjects. Additionally, a group of MAs must handle a management task in cooperation. For this purpose it is essential to delegate rights or permissions to other subjects. MbD and the delegation of rights make a new kind of attack possible: the theft of rights or delegation misuse. Rights can be stolen during execution or during transmission of an MA.
Any subject must be liable for its sensible and critical actions. It is necessary to identify the user which is responsible for the message or action. For example, it must be impossible to launch an MA doing malicious actions and, afterwards, repudiate everything. This relation attack is called repudiation. Another attack in this regard is the unauthorized replication of MAs. A malicious MA, AS or manager may replicate MAs. Besides, an intruder in a relation may duplicate an MA or message during transmission.
If the attacker can actively manipulate the information channel he can do alterations to messages. In this case, he may change the functionality or data of a migrating agent. The AS is a mediator between MAs and hosting systems. In addition, it provides a runtime environment for MAs. Therefore, a malicious AS can read, alter or delete data of an local MA (alteration of code and data).
An attacker can do a denial-of-service attack against communication relations, an AS or a hosting system, e.g. a hostile MA overloads the attacked resource and thus it is impossible for other legitimate subjects to use the resource. This scenario is even more complicated if the denial-of-service attack is not done by a single MA but by a distributed group of malicious MAs.
Another attack is resource misuse. As an MA implements management functionality and must therefore have administrator rights. The MA can abuse communication resources, resources of the underlying host system or of the AS.
Despite of these general attacks there is one which only affects the calling relation. The attacker can try to circumvent the dedicated calling interfaces to directly access other methods not intended to be used. Also the communication relation is security sensitive. An attacker may store a message or an MA and send it once more at a later time to a destination. This is called replay attack. Moreover, an attacker can also redirect agents and messages or delay them.
The last kind of relation attack is that against execution relations. As an MA can only live with the aid of an agent system it is even feasible for a hostile agent system to manipulate the execution trace of an MA. For example, the AS can manipulate the runtime stack of the MA, prevent execution of a certain function or force execution of additional functionality. Another possible attack is to prevent execution of MAs (denial-of-execution). As an AS has to execute the MA and thus has complete control of the agent, these attacks are almost impossible to prevent. For this reason, we either assume a relationship of trust between delegator/MA and AS or we demand to take this into consideration before migration. On the other hand, a malicious MA can attack the AS, the underlying hosting system or other MAs in various ways (e.g. denial-of-service, resource misuse).