Chapter 7. Mica Security

Table of Contents

SSL Connections
Secure XML Protocol
Verifying Agents
Restricting Agent Actions

The common transport used with Mica and used by default with MicaRunner is an XML protocol sent over TCP. This provides no security at all for either agents or mobs. Alternatively it is possible to use a secure XML protocol and an SSL connection layer.

When using MicaRunner the transport protocol and connection layers can be selected using a transport tag. Available protocols are 'xml' and 'secure', while connections can be either 'tcp' or 'ssl'. Such a tag will look like:

<transport protocol="secure" connection="ssl" />

SSL Connections

The SSL connection for Mica allows all communication between an agent and the blackboard to be encrypted.

The SSL connection layer for Mica uses standard Java SSL sockets. To use these sockets Java needs to know where to look for valid SSL certificates. The eassiest way to do this is to give Java access to a key store and the password for the store. For a blackboard this can be done by setting the Java parameters javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword. For an agent the parameters javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword need to be set.

Key stores can be created using Java's keytool tool.

If using MicaRunner the key store can be set using a keystore tag attched to the transport tag. This will look something like:

<transport protocol="secure" connection="ssl" >
    <keystore location="myKeyStore" password="123456" />
</transport>