What AreMobile Agents Good For Anyway?  André Vellino Institute for Information Technology, National Research Council, Ottawa Nortel Technology, Advanced Technology Centre, Ottawa  October, 1997  "Mobile agents are a solution in search of a problem" (John Ousterhout, Internet Computing Online, Agents Roundtable).  Abstract Since 1990 "Mobile Agents" have promised a new paradigm for computing and communications applications. Despite the failure of Sony's Magic Link "Personal Intelligent Communicator" and of General Magic's Telescript's technology for implementing mobile agents, the impression persists that agent mobility is a potentially valuable aspect of network computing, particularly mobile computing.  In this paper, I argue that agent mobility has value in a very restricted set of circumstances: where processors and associated resources are interchangeable commodities contained by a secure and restricted network environment; where bandwidth availability or quality is low; or where multi-processing is necessary. This means that despite the ubiquity of Java and the gradual appearance of Java-enabled devices and operating systems, agents that are mobile, multi-hop, light-weight, secure, reliable, persistent and intelligent, are not the likely to be the typical building blocks for future applications.  A Brief History of Agents It has happened before in the history of Artificial Intelligence. Entrepreneur-academics, seeking the favour and funding of corporations and government agencies bring an enticing idea to the fore, give it an attractive name and promise a forthcoming solution to heretofore unsolved problems. In the 70's it was the promise to conquer the tower of Babel with the automatic translation of natural languages; in the 80's it was "5-th Generation Computing" wherein all knowledge would be captured in logic and processed by special-purpose "logic-based knowledge-processing computers"; and in the 90's it is "Agents"--software that represents acts on the user's behalf in some way: to filter e-mail, to select relevant news-clipping services, to engage in electronic commerce transactions (e.g. stock-brokering), to monitor the Web for events-of-interest etc. In the interest of supposedly reducing our info-burden, for example, intelligent agents are presented to us as relentlessly slaving on our behalf, to both protect us from unnecessary info-noise and to mine the Web universe for precious info-nuggets.  This picture is even more alluring when agents are armed with "Autonomy" and "Intelligence". Such agents would not only act on our behalf, as determined by the user, but also have the ability to act independently of other agents and be able to execute plans to achieve their goals. For example, they might learn from other agents in an agent society, or adapt to new environments or even evolve. Add to this the ability to migrate from one processor to another in distributed, data-intensive, high-bandwidth network and you get mobile intelligent agents.  This vision of a virtual society of "Mobile Agents" acting on the users' behalf busily negotiating transactions (such as the lowest price long-distance carriers for phone calls) was the premise behind Sony's mobile agent appliance Magic Link. Dubbed the "Personal Intelligent Communicator" this device relied on an intelligent agent technology for implementing mobile agents (General Magic's Telescript [1]) and presented the result on a multi-function, portable PDA (personal digital assistant).  While the General Magic vision was believable and the technology worked, the product was a failure in the marketplace. There are many reasons for this, including the lack of openness in the commercial product. However, in the analysis I offer below, one of the reasons will be apparent: "intelligence", "autonomy" and "mobility" are antithetical categories.  The Problem In their paper [7] "Mobile Agents: Are They a Good Idea?", Chess et. al. assert that while there is nothing in mobile agents architectures that cannot be achieved with conventional client-server architectures and/or messaging systems. Yet they also conclude their analysis with the claim that while no particular aspect of mobile agent gives them a significant advantage over other technologies, "the aggregate advantage of mobile agents is overwhelmingly strong". The principal reason for their favourable overall assessment of mobile agents is that agent systems promise to provide all the individually small advantages at once whereas the conventional client/server distributed computing solutions can address each of these advantages only one at a time.  The application categories in which mobile agents are claimed to be advantageous [2, 3] are:  User mobility where there is (a) intermittent connectivity, (b) low bandwidth and (c) limited local storage;  Information retrieval in heterogeneous networks with local real-time interaction requirements;  Robust transaction with remote servers;  Large scale asynchronous transactions such as internet commerce.  Agents solve the problems associated with such applications by providing:  Reduced bandwidth consumption;  Asynchronous transaction capabilities;  Enhanced communications in heterogeneous environments;  Improved scalability and modularity of network applications.  Applications that involve negotiation (such as internet commerce), asynchronous transactions or remote information retrieval, especially in situations where connections have low bandwidth, high latency and are prone to failure (e.g. wireless connections) are ideal candidates for intelligent mobile agents. In such situations, a network-based, mobile agent that performs searches or transactions on the user's behalf, relieves the user from the necessity of maintaining a poor quality or low bandwidth connection. The armed with a query to satisfy and locations that need to be visited in order to satisfy the query, the user can let the mobile agent roam on her behalf and wait to be notified with the results. Of course, such capability can be (and is currently) offered as a server function in client/server systems (e.g. web robots that check WWW links of interest while you are sleeping). The particular advantage of software mobility lies in the proximity of the data to the agent and the relatively low reliance on network availability. Mobile agents thus offer an asynchronous, connection-limited alternative for engaging in transactions in the network.  This much is not in dispute. What is being questioned, though, are the assumptions:  that the intelligence should reside in mobile software; and  that the advantages of mobile software cannot be obtained without suffering the security and OA&M problems inherent in open distributed networks.  In what follows, I will argue that while there are advantages to mobile software, there is also a tension between the requirement of "intelligence" (esp. "autonomy") on the one hand and mobility, efficiency and security on the other. I will also suggest that the security issues with mobile agents are best addressed by securing the networks within which mobile agents roam and that it is unrealistic to assume that execution environments for agents need not be managed and controlled. Instead the services that a society of mobile agents provide can be available within secure and managed servers within the network.  Network Designs There are two extremes in designs for computing networks, and a plethora of hybrid architectures in between. At one end of the scale there is the mainframe client/server model in which all the computing resources are centrally located on the network and all peripherals are "dumb" I/O devices. At the other end of the spectrum is the peer-peer model wherein each network device is a peer with every other. Between these extremes it is possible to design any number of hybrid networks in which computing is distributed in different ways: multi-layered client/servers, distributed servers and thin clients, peer-peer mediated by server proxies, etc.  What characterizes all the client/server models is the reliance on message-passing protocols as an interface between computing devices that define the communication, management and application layers in the network. The rigidity of messaging protocols has the primary advantage of great control and predictability. The states of computing elements in a network, if they are determined by a limited protocol, can usually be modeled by a comprehensible finite state machine. Thus it is always possible in principle to address questions of security and control, since such systems are relatively well understood, even if, sometimes, complex.  On the other hand, protocol-driven systems are inflexible and don't lend themselves well to changing environments. Network based applications need to be designed with all their functional components pre-defined and any incremental addition to the functionality of the applications requires upgrades and software maintenance throughout the entire network. While it may be possible to replace one component that has one communications interface to a service with another component that has the same interface, (a new version of a database query interface, for example), it may be difficult to completely change the servers' interface without at the same time changing the communications interfaces of all the clients. The advantage of mobile agents on the other hand is to relegate the need for protocols to the transport and addressing layers and to leave the application layer entirely up to the agent (this is, of course, not quite true since the protocol syncrhonization problem occurs in much the same way with societies communicating agents as it does with client/server systems).  Intelligence Without embarking on a philosophical treatise on what counts as intelligence, I will assume that whatever anyone means by the phrase "intelligent agent", the net result is that some non-trivial amount of computation will be required to execute the intelligence. Whether the intelligence involves searching some solution space or computing some probability or pattern matching of some sort, an intelligent agent will have to do something more than a grep or a search in a lookup table.  For many researchers, "intelligence" requires a "representation" of the world, a model of what it "knows". A jaundiced view of "knowledge representation" characterizes it merely as a data-structure, albeit of a slightly more complex kind. Be that as it may, it remains that knowledge representation schemes can be quite elaborate and heavy-weight and any intelligent agent system would have to deal with it in some way. Furthermore, any inter-agent communication protocol, like KQML, for instance, builds in assumptions about the kinds of actions (performatives) that an agent ought to be able to perform as well as the kinds of things that it can and need to communicate with other agents.  In short, the incorporation of intelligence in software consumes significant quantities of computing resources, both in memory and in CPU. This can pose problems for a peer-peer agent-system. First of all, it assumes a certain degree of computing homogeneity in the network: every agent must have an execution environment that offers a minimum quantity of computing resources sufficient for all agents to execute.  But if agents are arbitrary software entities then there are no a priori bounds to the computational resources that they might require. Therefore, the Agent Execution Environment (AEE), the software block that controls the admission, routing and execution of agents for an agent host, must contain the rudiments of an operating system (e.g. memory protection) to protect itself from agents that require excessive resources and the ability to notify the author of the agent, or at least its originator that the AEE does not permit such processing to take place. In other words, either every agent that is created on a network is guaranteed not to exceed any one AEE's resource capabilities or each agent has to know what resources it requires and to negotiate the consumption of such resources with each AEE it encounters on its travels. Such a model was, in fact, implemented in General Magic's Telescript.  Independently of the question of resource consumption, there is the question of quality and trust. If intelligent agents are going to act on the user's behalf, they need to be understood and trusted by users as being quality agents that behave predictably. The state of the art in Artificial Intelligence is not yet that advanced:  For intelligent agents, I think that AI is the gating technology. The agents need to be able to make decisions that are complex and subtle, and we need to be able to trust them enough that we don't have to check up on them constantly. It appears to me that the AI technology for this is advancing very slowly, if at all, so for the foreseeable future we'll probably have to live with intelligent agents that aren't really very intelligent.  (John Ousterhout, Internet Computing Online, Agents Roundtable, July-August 1997)  Security For agent mobility architectures to work at all, one of the key issues is security. There are a number difficult security problems associated with agent mobility, and it not clear that any of these problems will ever be solved in the general case. For example, it is not clear how to implement admission control into an AEE in order to prevent evil agents from overloading a server. Similarly, the question of how to protect the mobile agent from untrusted AEEs remains largely unsolved.  The security issues surrounding mobile agents have been examined in a number of papers ([6], [9], [10], [11]) and different solutions have been proposed, depending on the model of agent mobility. The Java-based implementations of AEEs, for example, rely on cryptographic signatures available in Java itself to authenticate and certify methods and classes. Other models for agent environments, such as the now defunct Telescript model, also provide for the capability of negotiating financial and resource consumption transactions, such as those that may be needed for hosting the mobile agent.  These security questions demand good answers, but they ought not to prevent the development of useful mobile software. One solution is simply to introduce the requirements that (a) the introduction of new AEEs into a network be registered and authenticated and (b) that the only mobile agents entitled to roam in a network of authenticated and registered servers are those that are originate from that network. The suggestion, in other words, is to encapsulate the network of AEEs and to restrict the creation of agents to a class of service-dependant functions that are known to be safe.  In such a controled environment, "client" agents (for example, agents that request information services from a network of AEEs) would have well-specified interfaces to the network services and the network-centric mobile software would report back to the client in predetermined ways. Such a scheme would obviate the problems associated with completely untrusted and arbitrary agents or servers.  Standardization and Ubiquity of AEEs The market acceptance of any technology relies on either de facto or de jure standards. HTTP is ubiquitous because it is a simple protocol whose implementations were made available free and which ran on every computer that had an IP address and an internet connection. Similarly, the ubiquity of Java VMs is due in large part to their incorporation in all major WWW browsers. What is the equivalent route for the ubiquity of mobile agents?  One answer is to standardize by decree. The other is to create applications that are so useful that no one would want to do without them, thus establishing a de facto standard. I think there are problems with both suggestions.  De Jure standardization, such as that being attempted by FIPA are fraught with complications. The goal is laudable enough: to standardize aspects of agent communications so as to permit interoperability between agents from different vendors. But in many respects this is putting the cart before the horse: there aren't any agent applications that need to inter-operate and for which standards are required. The approach taken by a consortium of agent system developers such as The Agent Society is more realistic. Starting from existing agent execution environments supplied by vendors, their standardization efforts are focused on developing common reference models; models that all agent frameworks share in common.  Conclusions The tension between the requirements of a distributed execution environment for mobile agents and the requirements for intelligence and autonomy cannot be resolved in a peer-peer mobile agent environment. Even though the advantages listed above for mobile agents are real, they are best implemented not by mobile agents but by mobile software that is confined to executing a limited set of services provided by sandboxed execution environments whose intelligence and mobility services are offered by centralized and controlled servers.  This way of organizing mobile code solves several of the more vexing security problems posed by agent mobility, offers many of the advantages touted for mobile agents and promises greater control, reliability and diagnostic capabilities than the model of mobile agents.  The need for mobile agent software is not apparent anywhere in the literature except in a world populated by a "society of agents" that can negotiate with one another. This is still science-fiction, and, in my opinion, will remain that way, as much for technical reasons as for human and social ones.  References [1] James E. White "Telescript technology: Mobile Agents" in Software Agents (Jeffrey Bradshaw, ed.) MIT Press 1996.  [2] Robert S. Gray, David Kotz, Saurab Nog, Daniela Rus, George Cybenko. Mobile agents for mobile computing. In Proceedings of the Second Aizu International Symposium on Parallel Algorithms/Architectures Synthesis, Fukushima, Japan, March 1997.  [3] Liljeberg Heikki Helin, Markku Kojo, Kimmo Raatikainen "Enhanced Services for World-Wide Web in Mobile WAN Environment" Report C-1996-28.  [4] Richard Fikes, Robert Engelmore, Adam Farquhar, Wanda Pratt "Network-Based Information Brokers" Proceedings of AAAI Spring Symposium, 1995.  [5] Kautz H., Milewski A. and Selman B. (1995). "Agent Amplified Communication" Proceedings of AAAI Conference, 1996.  [6] David Chess, Benjamin Grossof, Colin Harrison, David Levine, Colin Parris "Itinerant Agents for Mobile Computing" IEEE Personal Communications Magazine, October 1995.  [7] David Chess, Colin Harrison, Aaron Kershenbaum "Mobile Agents: Are They a Good Idea?" IBM Research Report RC 19887, 1995.  [8] John Ousterhout, IEEE Internet Online, Agents Roundtable, July-August 1997  [9] J.J. Ordille, When agents roam, who can you trust? First Conference on Emerging Technologies and Applications in Communications, Portland, OR (May 1996).  [10] William M. Farmer, Joshua D. Guttman, and Vipin Swarup. Security for mobile agents: Issues and requirements. In Proceedings of the 19th National Information Systems Security Conference, pages 591-597, Baltimore, Md., October 1996.  [11] Stephen Marsh and Youssef Masrour. "Agent Augmented Community-Information--The ACORN Architecture" Proceedings of CASCON '97.  Useful URLs UMBC Agent Web   Mobile Code Bibliography  Internet Computing, Special Issue on Agents, July/August 1997, Vol.1 No. 4  Foundation for Intelligent Physical AgentsFIPA  The Agent Society