To protect mobile agents from attacks by their execution environments, or hosts, one class of protection mechanisms uses 'reference states' to detect modification attacks. Reference states are agent states that have been produced by non-attacking, or reference hosts. This paper presents a new protocol using reference states by modifying an existing approach, called 'traces'. In contrast to the original approach, this new protocol offers a model, where the execution on one host is checked unconditionally and immediately on the next host, regardless of whether this host is trusted or untrusted. This modification preserves the qualitative advantages like asynchronous execution, but also introduces two new problems: input to the execution session on one host cannot be held secret to a second host, and collaboration attacks of two consecutive hosts are possible. The overhead needed for the protocol roughly doubles the cost of the mobile agent execution
