Protection of a mobile agent with a reference clone

Many areas such as electronic commerce, network management and information retrieval can benefit from the application of mobile agents technologies. The exploitation of mobile agents offers several advantages such as reduction of network latency, asynchronous execution, fault-tolerant behavior. However, a wider use of mobile agents is currently limited by the lack of a comprehensive security framework that can address the security concerns, especially the protection of mobile agents from malicious hosts. This paper presents a protocol that protects a mobile agent against attacks from malicious hosts, for electronic commerce applications. We used the reference execution concept by executing, in parallel to the mobile agent execution, its clone on trusted servers. This protocol protects a mobile agent from its code, its execution flow, its data and its itinerary modifications. Moreover, these attacks are detected almost in real time, the malicious hosts are identified and the protocol continues its execution transparently to the user.