Another application for trusted computing

[AARG! Anonymous]

I thought of another interesting application for trusted computing
systems: mobile agents.  These are pieces of software which get
transferred from computer to computer, running on each system,
communicating with the local system and other visiting agents,
before migrating elsewhere.

This was a hot technology from a couple of years ago, but it never
really went anywhere (so to speak).  Part of the reason was that there
wasn't that much functionality for agents which couldn't be done better
in other ways.  But a big part of it was problems with security.

One issue was protecting the host from malicious agents, and much work
was done in that direction.  This was one of the early selling points
of Java, and other sandbox systems were developed as well.  Likewise the
E language is designed to solve this problem.

But the much harder problem was protecting the agent from malicious hosts.
Once an agent transferred into a host machine, it was essentially at
the mercy of that system.  The host could lie to the agent, and even
manipulate its memory and program, to make it do anything it desired.
Without the ability to maintain its own integrity, the agent was
relatively useless in many ecommerce applications.

Various techniques were suggested to partially address this, such as
splitting the agent functionality among multiple agents which would run
on different machines, or using cryptographic methods for computing
with encrypted instances and the like.  But these were inherently
so inefficient that any advantages mobile agents might have had were
eliminated compared to such things as web services.

Ideally you'd like your agent to truly be autonomous, with its own data,
its own code, all protected from the host and other agents.  It could even
carry a store of electronic cash which it could use to fund its activities
on the host machine.  It could remember its interactions on earlier
machines in an uncorruptable way.  And you'd like it to run efficiently,
without the enormous overheads of the cryptographic techniques.

Superficially such a capability seems impossible.  Agents can't have that
kind of autonomy.  But trusted computing can change this.  It can give
agents good protection as they move through the net.

Imagine that host computers run a special program, an Agent Virtual
Machine or AVM.  This program runs the agents in their object language,
and it respects each agent's code and data.  It does not corrupt the
agents, it does not manipulate or copy their memory without authorization
from the agent itself.  It allows the agents to act in the autonomous fashion
we would desire.

Without trusted computing, the problem of course is that there is no
way to be sure that a potential host is running a legitimate version of
the AVM.  It could have a hacked AVM that would allow it to steal cash
from the agents, change their memory, and worse.

This is where trusted computing can solve the problem.  It allows
agents to verify that a remote system is running a legitimate AVM before
transferring over.  Hacked AVMs will have a different hash and this will
be detected via the trusted computing mechanisms.  Knowing that the remote
machine is running a correct implementation of the AVM allows the agent
to move about without being molested.

In this way, trusted computing can solve one of the biggest problems
with effective use of mobile agents.  Trusted computing finally allows
mobile agent technology to work right.

This is just one of what I expect to be thousands of applications which
can take advantage of the trusted computing concept.  Once you have a
whole world of people trying to think creatively about how to use this
technology, rather than just a handful, there will be an explosion of
new applications which today we would never dream are possible.