(1) Middleware related features

• modular architecture
• comparable to an operating system
• consistent service concept
• extensibility through creation of own services and service providers
• pipeline principles in many parts of the system allow a simple extension of the security functionalities

• command shell which is as powerful as a UNIX shell
• scripting simplifies configuration
• flexible configuration
• remote login (SSH/Telnet)
• services/modules are individually configurable
• graphical user interfaces

• web servlet framework (compatible to Tomcat's servlet framework)

• Transparent, fully automated support of webservices (agent as web service provider / as web service client)

(2) Mobile agent related features

• guaranteed termination of all agent threads before transport
• support of arbitrary transport protocols
• SSL/TLS

• secure and scalable solution for localization of mobile agents (ATLAS)
• ATLAS-based location transparent communication between agents
• support of arbitrary agent communication protocols, e.g. FIPA-ACL, KQML
• SSL-protected communication
• pipeline for content inspection and annotation of messages through server

• Interoperability with other widely used and industry supported agent platforms, e.g. JADE
• agents of foreign platforms can be executed
• no restriction to a specific agent programming system
• implementation for JADE agents, Aglets, Tracy agents
• execution of arbitrary components (JavaBeans, OSGi bundles) instead of agents
• support of recent Java versions

• Modeling of the agents' behavior through Hierarchical State Machines

(3) Security related features

• protection against protocol interleaving attacks
• prevention of simple (DoS) attacks on agent server
• prevention of attacks on garbage collector
• filtering of virulent code possible
• detection of malicious agents

• role-based security policies (RBAC, Role-Based Access Control)
• fine granular rights management
• support of boolean logic
• large set of verifiable conditions - e.g. owner of an agent, last sender, agent's size, etc.
• easy extension of user specific conditions possible
• rights can be granted and revoked dynamically
• LDAP-based certificate store

• hash value of classes as class identifier instead of class name
• every agent gets its own class loader
• byte code inspection of every class before loading
• inspection filters are easily extendible

• no reference is passed outside of the agent's execution context
• each agent gets an individual view of the system
• individual thread group for each agent
• controlled access to threads
• filtering of shared threads, e.g. AWT threads

• own independent ASN.1 implementation
• cryptographic provider of TU Darmstadt (Prof. J. Buchmann)

• ITU-T X.680/ITU-T X.690 (ASN.1,DER/BER)
• ITU-T X.509v3 (certificates, PKI)
• PKCS (digital signatures, certificate requests, certificate, PKI)
• JCA/JCE (Java cryptography architecture, Java cryptography extension, pluggable cryptographic service providers (CSPs), flexible algorithm support, use of third party CSPs possible)
• ZIP/JAR as standard for storage of components
• SSL/TLS: remote configuration, agent transport
• LDAP: certificate management