Sign In

Communications of the ACM

Communications of the ACM

Technical Opinion: The Real Challenges of Mobile Agents

Mobile agents provide an innovative concept for creating distributed systems. Being mobile means the ability of a computational entity to move itself from one system to another in the same network. Acting and interacting with compatible objects in the temporary host system expresses the core idea behind mobile agents, that is, bringing the computation to the data rather than the data to the computation. The "Seven Good Reasons for Mobile Agents" [3] appear to be far- reaching: mobile agents reduce network load, overcome network latency, encapsulate protocols, work autonomously and asynchronously, and adapt dynamically. They are also robust and fault-tolerant to changing environments. Some of these benefits, however, are becoming less significant as the performance of hardware technology is increasingly improved and better able to cope with such problems as the bottleneck of bandwidth and network latency. The question is whether the technical promises of such a software concept are strong enough to provide sufficient momentum for building unknown application types? Where are the real challenges and what, in fact, is the raison d'être for mobile agents?

The list of arguments in favor of mobile agents can be countered by their dark side. Clearly, more light needs to be shed. Among the top technical challenges are [1]:

  • A need for highly secure agent execution environments,
  • Performance and functional limitations resulting from security,
  • Virus scanning and epidemic control mechanisms,
  • Transmission efficiency, for example, a courier agent in contrast to a simple SMTP mail object.

This list was introduced in 1995—eons in Internet time and before the advent of Java—but all the problems still exist. These challenges are conceptual, and no flawless technical solutions are in sight. They require considerable technical innovation, and some problems cannot be solved by technical means alone.

For example, the security problem of an agent execution environment has not been solved by the appearance of Java. The Java sandbox concept protects the server unilaterally against a malicious agent by preventing the agent from accessing sensitive system software. Conversely, there is nothing to prevent the server from trying to tamper with the agent. Imagine a scenario where the mobile agent carries sensitive information deep into the Internet and some unkind soul redirects it to a spoof environment. Being a finite state machine, all possible program paths of the computational entity can, in principle, be investigated by the attacker, which allows the relevant information to be accessed, even if it cannot be read. If the attacker does not find what it is looking for, it will start over and over again with a fresh memory dump of the very first time the agent entered the spoof environment. While this may be extremely resource consuming, success will depend primarily on the amount of effort an attacker is willing to put in. In this case, the residual risk restricts e-commerce applications, to name only one area of potential deployment.

Another security problem—virus scanning—is also unlikely to be solved by technical means alone. Viruses and agents are both mobile code acting autonomously on behalf of a possibly untrustworthy party, with benevolent or malicious intentions. It is difficult to judge which behavior prevails unless the code is analyzed or the actual activity becomes apparent and allows them to be classified into (useful) agents and (evil) viruses. With increasingly complex agents, anticipative code analysis may be impractical and classification of the application-related behavior may be difficult to interpret, just as in the noncomputer world where different perceptions or norms lead to different, sometimes contradictory, assessments.

"With one rather narrow exception, there is nothing that can be done with mobile agents that cannot also be done by other means" [1]. This argument shifts the focus from a pure technical discussion to a more application-oriented one. And there we find a fundamental premise, that is, there are no exclusive mobile agent-specific applications. As [4] points out: "We know of no other technology that, prima facie, is so seductive and promises so much, but on closer scrutiny (and, indeed, so far in practice) appears to deliver so little." They also state "... any field which can show off literally hundreds of experimental mobile agent development systems but with no clear applications that would not exist without mobile agents, must be in some crisis." This lack of applications is closely related to the purely technical, single agent-based approach to this exciting new technology. This is especially true for what is perhaps the most intriguing and manifold application arena for agent technology—e-commerce. Electronic agent marketplaces, such as we envision in our research project Avalanche [2], will consist of a multitude of hundreds, maybe even thousands, of dynamically moving and acting buyer and supplier agents. The rapid pace of the creation and disappearance of market opportunities for agents to tap will surpass anything comparable to what we know today. We have little knowledge of the properties and dynamics that arise from having such populations of agents at work.

Apart from technical and application facets, in the distributed, decentralized, borderless world of the Internet, the absence of a social and legal framework is clearly the biggest challenge for the controllable deployment of mobile agents. For example, due to the sheer number of entities involved and the technical constraints of the underlying communications networks, apparent problems like system stability and communication security can scarcely be solved by providing centralized control mechanisms. Technical aspects of security intertwine with application contexts and our conception of societal systems together with shared rules of social and business conduct. This information ecosystem view reveals even more challenges. How should we design appropriate social and legal frameworks for populations of interacting, autonomous, and mobile agents in order to achieve desirable, self-stabilizing, and yet flexible, behavior?

In our view, the technical aspects of mobile agents are not the only aspects requiring close attention. The real challenges lie in complementary concepts for the (self-)control of populations of mobile agents, such as multiagent systems, able to provide solutions for application areas characterized by inherently decentralized information. Coping with all of these challenges will provide the raison d'être and fulfill the promise of mobile agent technology.

Back to Top


1. Chess, D. M., Harrison, C. G., and Kershenbaum, A. Mobile agents: Are they a good idea? Research Report, IBM Research Division, T.J. Watson Research Center, Yorktown Heights, NY. Mar., 1995; www.research.

2. Eymann, T., Padovan, B., and Schoder, D. Simulating value chain coordination with artificial life agents. In Proceedings of the 3rd Intl. Conference on Multi-Agent Systems (ICMAS'98). IEEE CS Press, Los Alamitos, CA, 423–424.

3. Lange, B. L., and Oshima, M. Seven good reasons for mobile agents. Commun. ACM 43, 3 (Mar.1999), 88–99.

4. Nwana, H. S. and Ndumu, D. T. A perspective on software agents research. Knowledge Engin. Rev. 14, 2 (June 1999), 125–142.

Back to Top


Detlef Schoder ( is Visiting Scholar at University of California, Berkeley, and an assistant professor at University of Freiburg, Germany.

Torsten Eymann (eymann@iig.uni-freiburg,de) is a research assistant at University of Freiburg, Germany.

©2000 ACM  0002-0782/00/0600  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2000 ACM, Inc.


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: