Proof-of-Concept Application - Annual Report Year 1

In this document the Cat-COVITE Application for use in the CATNETS Project is introduced and motivated. Furthermore an introduction to the catallactic middleware and Web Services Agreement (WS-Agreement) concepts is given as a basis for the future work. Requirements for the application of Cat-COVITE with in catallactic systems are analysed. Finally the integration of the Cat-COVITE application and the catallactic middleware is described. --Grid Computing

A middleware framework for secure mobile grid services.

Wong, Sze Wing.Thesis submitted in: October 2007.Thesis (M.Phil.)--Chinese University of Hong Kong, 2008.Includes bibliographical references (leaves 176-180).Abstracts in English and Chinese.Abstract --- p.i論文摘要 --- p.iiiAcknowledgements --- p.ivChapter 1 --- Introduction --- p.1Chapter 1.1 --- Contributions of this thesis --- p.3Chapter 1.2 --- Thesis structure --- p.4Chapter 2 --- Background --- p.6Chapter 2.1 --- Web Services --- p.6Chapter 2.2 --- Grid Computing --- p.8Chapter 2.2.1 --- Open Grid Services Architecture (OGSA) --- p.9Chapter 2.2.2 --- Grid Services --- p.9Chapter 2.3 --- Globus Toolkit --- p.10Chapter 2.3.1 --- Components of Globus Toolkit 4 --- p.11Chapter 2.3.2 --- Grid Security Infrastructure (GSI) --- p.13Chapter 2.4 --- Mobile Agent --- p.13Chapter 2.4.1 --- Foundation for Intelligent Physical Agents (FIPA) --- p.14Chapter 2.5 --- Java Agent Development Framework (JADE) --- p.15Chapter 2.5.1 --- JADE-S --- p.17Chapter 3 --- Research Issues in Mobile Grid Services --- p.18Chapter 3.1 --- Mobile Grid Services --- p.18Chapter 3.2 --- Service Migration --- p.20Chapter 3.2.1 --- Using Mobile Agent with Weak Mobility --- p.20Chapter 3.2.2 --- Using Mobile Agent with Strong Mobility --- p.21Chapter 3.2.3 --- Using Snapshots --- p.22Chapter 3.2.4 --- Summary --- p.23Chapter 3.3 --- Service Sharing and Discovery --- p.24Chapter 3.3.1 --- Centralized Model --- p.24Chapter 3.3.2 --- Division into clusters --- p.25Chapter 3.3.3 --- Using Web Services Protocols --- p.26Chapter 3.3.4 --- Summary --- p.27Chapter 3.4 --- Security --- p.28Chapter 3.4.1 --- Resource control and accounting --- p.28Chapter 3.4.2 --- Using delegation document --- p.30Chapter 3.4.3 --- Summary --- p.31Chapter 4 --- Mobile Grid Service Framework --- p.32Chapter 4.1 --- Proposed Framework Overview --- p.32Chapter 4.1.1 --- Service Migration --- p.33Chapter 4.1.2 --- Service Sharing and Discovery --- p.34Chapter 4.1.3 --- Security --- p.34Chapter 4.2 --- Overall architecture --- p.35Chapter 4.3 --- Components of Mobile Grid Services --- p.36Chapter 4.3.1 --- Agent Manager --- p.37Chapter 4.3.2 --- Task Agent --- p.38Chapter 4.3.3 --- Monitor Agent --- p.39Chapter 4.4 --- Resource Information Service --- p.40Chapter 4.5 --- Scenario of Mobile Grid Service Execution --- p.41Chapter 5 --- MGSAPI --- p.43Chapter 5.1 --- API design --- p.43Chapter 5.2 --- API Implementation --- p.45Chapter 5.2.1 --- Overview --- p.45Chapter 5.2.2 --- Agent Manager Class --- p.46Chapter 5.2.3 --- Task Agent Templates --- p.52Chapter 5.2.4 --- Configurable Monitor Agent --- p.57Chapter 5.2.5 --- Resource Information Service --- p.61Chapter 5.2.6 --- Example Application --- p.66Chapter 6 --- Security Support for Mobile Grid Services --- p.68Chapter 6.1 --- Overview --- p.68Chapter 6.2 --- Authentication and Authorization --- p.70Chapter 6.3 --- Message Integrity and Confidentiality --- p.72Chapter 6.4 --- Permissions on Agents --- p.74Chapter 6.5 --- Security facilities in MGS API --- p.76Chapter 6.5.1 --- Major modifications for MGS components --- p.77Chapter 6.5.2 --- MGS Security Libraries --- p.79Chapter 6.5.3 --- MGS Security Configuration --- p.81Chapter 7 --- Agent Protection for Mobile Grid Services --- p.83Chapter 7.1 --- Overview --- p.83Chapter 7.2 --- Major modifications --- p.86Chapter 7.2.1 --- Exempting checking for executions on home host --- p.86Chapter 7.2.2 --- New definition of stage --- p.87Chapter 7.2.3 --- Extra operations in Task Agent and Agent Manager --- p.88Chapter 7.2.4 --- Handling of attack --- p.88Chapter 7.3 --- Implementation details --- p.91Chapter 7.3.1 --- Agent Manager --- p.91Chapter 7.3.2 --- Task Agent --- p.97Chapter 7.3.3 --- Monitor Agent --- p.101Chapter 7.3.4 --- Checker --- p.102Chapter 7.4 --- Discussions --- p.108Chapter 7.4.1 --- Against modification of code and data --- p.108Chapter 7.4.2 --- Against masquerade --- p.108Chapter 7.4.3 --- Against fake information in trace --- p.109Chapter 7.4.4 --- Against escape from re-execution --- p.109Chapter 7.4.5 --- Against collaboration of different hosts --- p.109Chapter 7.4.6 --- Detection of malicious host --- p.110Chapter 7.4.7 --- Weaknesses --- p.110Chapter 8 --- Performance Evaluation --- p.111Chapter 8.1 --- Experimental Setup --- p.111Chapter 8.2 --- MGS Performance --- p.117Chapter 8.2.1 --- Experiment details --- p.112Chapter 8.2.2 --- Experiment results --- p.113Chapter 8.2.3 --- Discussions --- p.116Chapter 8.3 --- MGS Overheads --- p.117Chapter 8.3.1 --- Experiment details --- p.117Chapter 8.3.2 --- Experiment results --- p.119Chapter 8.3.3 --- Discussions --- p.123Chapter 8.4 --- Agent Protection Overheads --- p.124Chapter 8.4.1 --- Experiment details --- p.124Chapter 8.4.2 --- Experiment results --- p.125Chapter 8.4.3 --- Discussions --- p.128Chapter 9 --- Conclusion and Future Works --- p.130Appendix A Administrator Guide for MGS API --- p.132Chapter A.l --- Installation of MGS API --- p.132Chapter A.1.1 --- Installation of pre-requisites --- p.132Chapter A.1.2 --- Installation of MGS API library --- p.135Chapter A.2 --- Setup of MGS platform --- p.135Chapter A.2.1 --- Setup of JADE platform --- p.135Chapter A.2.2 --- Setup of Globus containers --- p.136Appendix B Developer Guide for MGS API --- p.137Chapter B.1 --- Steps of developing a Mobile Grid Service --- p.137Chapter B.1.1 --- Design Mobile Grid Service --- p.137Chapter B.1.2 --- Define WSDL --- p.138Chapter B.1.3 --- Implement the service --- p.138Chapter B.1.4 --- Configure deployment in WSDD --- p.138Chapter B.1.5 --- Compile and deploy the service --- p.139Chapter B.2 --- Mobile Grid Service Implementation --- p.140Chapter B.2.1 --- Implement Task Agent --- p.140Chapter B.2.2 --- Implement Monitor Agent (optional) --- p.143Chapter B.2.3 --- Implement Agent Manager --- p.144Chapter B.3 --- Convert tool --- p.146Chapter B.4 --- Service configuration --- p.147Chapter B.4.1 --- TaskSetting object --- p.147Chapter B.4.2 --- MonitorSetting object --- p.147Chapter B.4.3 --- MGS Configuration file --- p.148Chapter B.4.4 --- Configuration for Resource Information Service --- p.149Chapter B.4.5 --- Globus-side security configuration of the service --- p.151Chapter B.5 --- MGS Configuration Helper --- p.151Chapter B.5.1 --- “Main Container´ح Panel --- p.152Chapter B.5.2 --- “Container´ح Panel --- p.154Chapter B.5.3 --- “Service´ح Panel --- p.156Chapter B.6 --- Interface details --- p.158Chapter B.6.1 --- Package mgs.manager --- p.158Chapter B.6.2 --- Package mgs.monitor --- p.165Chapter B.6.3 --- Package mgs.task --- p.167Chapter B.6.4 --- Package mgs.ftsFramework --- p.174Bibliography --- p.176Publications --- p.18

Design and implementation of a multi-agent opportunistic grid computing platform

Opportunistic Grid Computing involves joining idle computing resources in enterprises into a converged high performance commodity infrastructure. The research described in this dissertation investigates the viability of public resource computing in offering a plethora of possibilities through seamless access to shared compute and storage resources. The research proposes and conceptualizes the Multi-Agent Opportunistic Grid (MAOG) solution in an Information and Communication Technologies for Development (ICT4D) initiative to address some limitations prevalent in traditional distributed system implementations. Proof-of-concept software components based on JADE (Java Agent Development Framework) validated Multi-Agent Systems (MAS) as an important tool for provisioning of Opportunistic Grid Computing platforms. Exploration of agent technologies within the research context identified two key components which improve access to extended computer capabilities. The first component is a Mobile Agent (MA) compute component in which a group of agents interact to pool shared processor cycles. The compute component integrates dynamic resource identification and allocation strategies by incorporating the Contract Net Protocol (CNP) and rule based reasoning concepts. The second service is a MAS based storage component realized through disk mirroring and Google file-system’s chunking with atomic append storage techniques. This research provides a candidate Opportunistic Grid Computing platform design and implementation through the use of MAS. Experiments conducted validated the design and implementation of the compute and storage services. From results, support for processing user applications; resource identification and allocation; and rule based reasoning validated the MA compute component. A MAS based file-system that implements chunking optimizations was considered to be optimum based on evaluations. The findings from the undertaken experiments also validated the functional adequacy of the implementation, and show the suitability of MAS for provisioning of robust, autonomous, and intelligent platforms. The context of this research, ICT4D, provides a solution to optimizing and increasing the utilization of computing resources that are usually idle in these contexts

Dynamic deployment of web services on the internet or grid

PhD ThesisThis thesis focuses on the area of dynamic Web Service deployment for grid and Internet applications. It presents a new Dynamic Service Oriented Architecture (DynaSOAr) that enables the deployment of Web Services at run-time in response to consumer requests. The service-oriented approach to grid and Internet computing is centred on two parties: the service provider and the service consumer. This thesis investigates the introduction of mobility into this service-oriented approach allowing for better use of resources and improved quality of service. To this end, it examines the role of the service provider and makes the case for a clear separation of its concerns into two distinct roles: that of a Web Service Provider, whose responsibility is to receive and direct consumer requests and supply service implementations, and a Host Provider, whose role is to deploy services and process consumers' requests on available resources. This separation of concerns breaks the implicit bond between a published Web Service endpoint (network address) and the resource upon which the service is deployed. It also allows the architecture to respond dynamically to changes in service demand and the quality of service requirements. Clearly defined interfaces for each role are presented, which form the infrastructure of DynaSOAr. The approach taken is wholly based on Web Services. The dynamic deployment of service code between separate roles, potentially running in different administrative domains, raises a number of security issues which are addressed. A DynaSOAr service invocation involves three parties: the requesting Consumer, a Web Service Provider and a Host Provider; this tripartite relationship requires a security model that allows the concerns of each party to be enforced for a given invocation. This thesis, therefore, presents a Tripartite Security Model and an architecture that allows the representation, propagation and enforcement of three separate sets of constraints. A prototype implementation of DynaSOAr is used to evaluate the claims made, and the results show that a significant benefit in terms of round-trip execution time for data-intensive applications is achieved. Additional benefits in terms of parallel deployments to satisfy multiple concurrent requests are also shown

Proceedings of the 2nd International Workshop on Security in Mobile Multiagent Systems

This report contains the Proceedings of the Second Workshop on Security on Security of Mobile Multiagent Systems (SEMAS2002). The Workshop was held in Montreal, Canada as a satellite event to the 5th International Conference on Autonomous Agents in 2001. The far reaching influence of the Internet has resulted in an increased interest in agent technologies, which are poised to play a key role in the implementation of successful Internet and WWW-based applications in the future. While there is still considerable hype concerning agent technologies, there is also an increasing awareness of the problems involved. In particular, that these applications will not be successful unless security issues can be adequately handled. Although there is a large body of work on cryptographic techniques that provide basic building-blocks to solve specific security problems, relatively little work has been done in investigating security in the multiagent system context. Related problems are secure communication between agents, implementation of trust models/authentication procedures or even reflections of agents on security mechanisms. The introduction of mobile software agents significantly increases the risks involved in Internet and WWW-based applications. For example, if we allow agents to enter our hosts or private networks, we must offer the agents a platform so that they can execute correctly but at the same time ensure that they will not have deleterious effects on our hosts or any other agents / processes in our network. If we send out mobile agents, we should also be able to provide guarantees about specific aspects of their behaviour, i.e., we are not only interested in whether the agents carry out-out their intended task correctly. They must defend themselves against attacks initiated by other agents, and survive in potentially malicious environments. Agent technologies can also be used to support network security. For example in the context of intrusion detection, intelligent guardian agents may be used to analyse the behaviour of agents on a firewall or intelligent monitoring agents can be used to analyse the behaviour of agents migrating through a network. Part of the inspiration for such multi-agent systems comes from primitive animal behaviour, such as that of guardian ants protecting their hill or from biological immune systems

Architecture for Provenance Systems

This document covers the logical and process architectures of provenance systems. The logical architecture identifies key roles and their interactions, whereas the process architecture discusses distribution and security. A fundamental aspect of our presentation is its technology-independent nature, which makes it reusable: the principles that are exposed in this document may be applied to different technologies