![[*]](http://www.nm.informatik.uni-muenchen.de/common/icons/latex2html-97.1/cross_ref_motif.gif){kind=icon}
shows all kinds of relations focusing on the major components in
implementations involving agent systems. In this figure dashed,
horizontal arrows are communication relations. Following the idea of
the OSI basic reference model [#!iso7498!#] higher layers use
services of lower layers to communicate. Vertical arrows show
execution relations. One layer executes the layer above, e.g. the
host system runs the agent system that, again, runs mobile agents.
Dashed lines between two layers indicate calling relations. As the
figure suggests, access to layers below the one beneath should be
indirect, e.g. the agent system should guard access of agents to the
host system.
Communication relations can be considered as transport of messages, e.g. through a network. On the one hand, both parties run in different environments without direct interference, i.e. no side has direct access to memory or other local resources at the other end. Any action may only happen upon receipt of a message but still under full control of the receiver. On the other hand, the transport media itself or at least the data transmitted requires protection. A network may be complex with several components between both ends, spanning a longer distance.
Adding agent systems to management systems, there are also relations that are different to communcation and need closer attention. With an agent system executing an agent there is an execution relation between both. As both run on a single machine even direct manipulation of either one might be possible. The agent system provides the environment as part of the execution relation. Therefore, an agent system may easily spy out data carried by the agent, manipulate the execution trace or even deny execution.
Once the agent comes to life it has a calling relation with the agent system as it usually needs various services of the agent system to fulfil its task, e.g. access to base system libraries or network services. However, all interaction must happen in a controlled manner to protect the agent system and the environment. An agent might try to gain unauthorized access to the agent system or host system
Looking closer at entities we find a basic structure as indicated in
figure (in a simplified way). A
host system is any kind of computer or device that takes
part in the management system. Main requirements are the abilities to
provide network communication and to run further program code.
Besides, a host system can have a fully-fledged operating system, but
it may be as well a simple network device.
The agent system adapts the host system to meet the needs of mobile agents. In respect to the management system it can be considered as infrastructure. It usually uses a virtual machine to provide a common, homogeneous execution platform. Therefore, it hides heterogeneous details of the host system, tries to protect it and fills shortages. Moreover, the agent system offers additional, important services to agents, e.g. naming, location, communication services. Depending on the type of host system an agent system may use underlying mechanisms, e.g. encryption or authorization services, key management or access control.
Mobile agents are actually part of the management application. They use the agent system for their execution and for services they need. As they cannot live without an agent system they also highly depend on protection to be provided by the agent system. Actually, agents are at the mercy of the agent system as it seems almost impossible to protect agents against malicious agent systems [#!hohl97!#]. Therefore, the management application must take this into consideration, e.g. it must not send an agent with sensitive data or task to an agent system not fully trusted.