Network management in untrusted Internet environments imposes a thorough security framework, that should be also flexible to accommodate the range of MESIS operators with different levels of authorized operations, from network administrators to simple users. While one administrator may use MESIS for installing and configuring a network node, one user may develop and deploy a customized protocol to tailor the behavior and to optimize the perfor-ance in specific application scenarios.

This motivates the MESIS model of trust, that defines who or what in the system is trusted, in what way, and to what extent. MESIS has been developed for an untrusted Internet environment, where the communication network is considered insecure and any node may host the execution of possibly malicious entities. In addition, a MESIS agent is an active entity that acts on behalf of a principal, i.e. the person/organization that has launched the agent execution and that is responsible for its operations. MESIS agents are authenticated by means of standard certificates, provided and administered through the integration with the a public key infrastructure; this integration permits agent authentication not only in case of single-hop migration, but also when considering multiple-hop mobility.

The actions that agents are authorized to perform depend on roles associated to agent principals. MESIS permits the dynamic definition and control of a range of roles, from full administrators to users. The MESIS security mechanisms support the model of trust and enforce security policies: authentication permits to identify the role associated with MESIS agents; authorization recognizes whether an operation is permitted on a resource; integrity guarantees that agents and data have not been maliciously modified during reallocation; secrecy permits to protect entities from any exposure to malicious intrusions.

In MESIS, security is provided with application level tools, taking advantage of available standard solutions and products (e.g. the IAIK cryptographic functionality and the Entrust Public Key Infrastructure). If the debate about at which level a system has to offer security is still open, the discussion concentrates on the issues of transparency, flexibility and performance. Independently of the abstraction level adopted, it is important to consider security as a property to be integrated at any system layer. Only this pervasive approach followed by MESIS design can achieve the full level of security, higher than the minimal one obtained by systems that add an a posteriori security strategy. The security infrastructure for mobile agents extends the traditional sandbox solution used to protect network nodes from the execution of untrusted code, because the sandbox approach limits too much the expressive power. With regard to implementation, MESIS agents use X.509 certificates for authentication, which ascertain the role of the agent principal before authorizing any interaction with resources. We are currently working on the integration of MESIS with a commercial Public Key Infrastructure (PKI), provided by Entrust, to automatically distribute keys, to manage certificates and to perform all related administrative tasks. The integrity check can employ either MD5 or SHA1. Secrecy is granted when needed by encrypting/decrypting communications with DES and SSL.