Agent Execution Engine:
Running foreign code on a host introduces numerous new requirements
on a runtime environment. The most obvious ones are the portability
and security of mobile code execution. A common solution for these
requirements is executing mobile agents in a dedicated environment.
In this case, mobile agents do not run directly on the host, but in
an interpreter in an agency. The interpreter-based agent execution
engine is probably the most appropriate approach when considering
the requirements of portability and security. Since mobile agents
are programmed in a scripting language, they can be executed within
their interpreters, which are embedded in different platforms, and
are not dependent on the host operating systems. Furthermore, the
host protection can be achieved because an interpreter can completely
control the access of interpreted programs - mobile agents to the
host systems.
Mobile-C uses an embeddable C/C++ interpreter -- Ch as the agent execution engine as shown in the following figure. Each mobile agent runs inside a seperate Ch. The host protection from malicious mobile agents includes the control of system function call and data access of mobile agents. The interpreter restricts mobile agents by invoking only allowed functions and accessing their own address space in the interpreter space. The agency memory space exists outside the interpreter space. The interface between interpreter space and agency space is achieved by Embedded Ch The security of Ch is ensured through following mechanisms. First, from the language point of view, Ch is designed to be type-safe and secure. Pointers and dynamic memory allocation are powerful features of C/C++. However, inexperienced developers might feel difficult to use them. Inappropriate handling of pointers and memory allocation/deallocation may cause a program crash. Ch provides a built-in string type with automatic memory management to resolve this problem. It also automatically checks the range of strings and arrays to avoid memory corruption. In addition, safe Ch is introduced as a restricted shell to run remote code obtained from the open network. Like a Java virtual machine for executing Java applets, safe Ch uses a sandbox security model to provide security protection. Safe Ch disables C pointers and limits the system function calls and resource access for remote untrusted code. Unlike Java, Ch can execute C/C++ code directly without intermediate bytecode for fast network transfer. |
Integration Engineering Laboratory | UCD MTU Sandia |