[SeMoA Logo Strip] [SeMoA Logo Strip] [SeMoA Logo Strip]
 About  -  Documentation  -  Download  -  Misc 

(1) Middleware related features

  • modular architecture
  • comparable to an operating system
  • consistent service concept
  • extensibility through creation of own services and service providers
  • pipeline principles in many parts of the system allow a simple extension of the security functionalities

  • command shell which is as powerful as a UNIX shell
  • scripting simplifies configuration
  • flexible configuration
  • remote login (SSH/Telnet)
  • services/modules are individually configurable
  • graphical user interfaces

Web interface
  • web servlet framework (compatible to Tomcat's servlet framework)

Web service framework
  • Transparent, fully automated support of webservices (agent as web service provider / as web service client)

(2) Mobile agent related features

  • guaranteed termination of all agent threads before transport
  • support of arbitrary transport protocols

Agent tracking and communication
  • secure and scalable solution for localization of mobile agents (ATLAS)
  • ATLAS-based location transparent communication between agents
  • support of arbitrary agent communication protocols, e.g. FIPA-ACL, KQML
  • SSL-protected communication
  • pipeline for content inspection and annotation of messages through server

  • Interoperability with other widely used and industry supported agent platforms, e.g. JADE
  • agents of foreign platforms can be executed
  • no restriction to a specific agent programming system
  • implementation for JADE agents, Aglets, Tracy agents
  • execution of arbitrary components (JavaBeans, OSGi bundles) instead of agents
  • support of recent Java versions

Programming model
  • Modeling of the agents' behavior through Hierarchical State Machines

(3) Security related features

  • protection against protocol interleaving attacks
  • prevention of simple (DoS) attacks on agent server
  • prevention of attacks on garbage collector
  • filtering of virulent code possible
  • detection of malicious agents

Flexible creation and specification of security policies
  • role-based security policies (RBAC, Role-Based Access Control)
  • fine granular rights management
  • support of boolean logic
  • large set of verifiable conditions - e.g. owner of an agent, last sender, agent's size, etc.
  • easy extension of user specific conditions possible
  • rights can be granted and revoked dynamically
  • LDAP-based certificate store

Secure Class Loading
  • hash value of classes as class identifier instead of class name
  • every agent gets its own class loader
  • byte code inspection of every class before loading
  • inspection filters are easily extendible

Strong sandboxing of executed components (agents)
  • no reference is passed outside of the agent's execution context
  • each agent gets an individual view of the system
  • individual thread group for each agent
  • controlled access to threads
  • filtering of shared threads, e.g. AWT threads

  • own independent ASN.1 implementation
  • cryptographic provider of TU Darmstadt (Prof. J. Buchmann)

Support of international and de facto standards
  • ITU-T X.680/ITU-T X.690 (ASN.1,DER/BER)
  • ITU-T X.509v3 (certificates, PKI)
  • PKCS (digital signatures, certificate requests, certificate, PKI)
  • JCA/JCE (Java cryptography architecture, Java cryptography extension, pluggable cryptographic service providers (CSPs), flexible algorithm support, use of third party CSPs possible)
  • ZIP/JAR as standard for storage of components
  • SSL/TLS: remote configuration, agent transport
  • LDAP: certificate management