The paper is very interesting and brings up a lot of issues. It is
relevant to t hose who are interested in Internet security and how
OS's provide security for o r against agents.

However, the language in certain sections of paper are too casual such
as using terms as "bad guys." One last note, try not to use corporate
trademarks or names such as "Delta Airlines" in your examples.

There are some examples in the paper to make some of the ideas more
lucid. The p aper covers a wide breadth of topics about agents and
their host operating syste ms too. However, the tone of the paper in
general sounds like it wants to avoid giving solutions to problems it
presents. As said in its conclusion, this area o f research is
relatively premature and requires much more development. It almost
sounds like a bias of some sort and a way to dodge indepth analysis of
certain topics covered in the paper.

The presentation of the solutions and their criticisms went
hand-in-hand. Howeve r, I had a hard time figuring out the abstract
mechanisms on what these solution s are based upon.

======================================================================

The authors present security challenges
faced by Mobile Code Systems in this paper.
Being a relatively new concept, some aspects
of security have not matured yet. Hence, as
pointed out in the paper research efforts
in this field should converge on certain
techniques to gain wide spread usefulness.

Certain points that I felt were not clear are:

- Proof-carrying is a technique used to prevent
 host corruption, where the client attaches a proof
 of adherence to its' publicized security policy. 
 However, what happens if it attaches a bogus proof?
 Not cross examining the code and the proof might
 prevent the host from catching disparities between
 the code and the proof.

- When hardware is provided to take over the proof
 production and verification in proof delegation,
 wouldn't that piece of hardware become a bottleneck?
 Replication might be too expensive a solution, provided
 that such hardware is not widely available.

In conclusion, I really think this was an interesting paper. 
It successfully summarizes the issues related to mobile code 
security. However, occasional use of informal language, in my
opinion, take away from the overall quality of the paper.

======================================================================

   The paper has a well defined outline, and explains clearly the 
security problems that result from using mobile agents. Even though
the topic is "hot", as are many Internet-related topics, the authors 
looked at one of the most important current issues in computing - 
security, at the difficulties of implementing it, and have analyzed and
summarized these issues well. There is a good presentation of the
problems that arise with the use of mobil agents, and the techniques
of dealing with these problems.  There are examples that support the 
claims and observations.
   The research is interesting, and novel in many ways, it looks at 
the latest development in a relatively new and not well defined area. 
The authors emphasized the questions that remain unanswered in the
the filed, and pointed out a few possible directions that a future 
research might take.
   Overall the paper deserves an excellent score.

======================================================================

IMPORT: 
In my view, the subject area discussed is quite an emerging one and of
importance, especially in the light of the growing popularity of Internet.
This paper does well in picking up the security concerns associated with
both the host and agent security, which we are going to face in time to come.

NOVELTY:
The paper presents some future avenues and poses some open questions towards
the end, which lend some thoughtfulness to the subject.   

QUALITY: 
The authors have clearly delineated the various security issues dealing
with the 
mobile code systems. Although, at many places, the ideas presented looked
abstract to me, but in general, I would say that the observations made
have been supported well. 

OVERALL:
The overall structure of the paper is very good and clear in its scope.
However, I think if the paper can provide a little bit insight into possible
implementation aspects about the various security policies discussed, it 
would add to the value of the paper.   

======================================================================

The paper gives a good overview of mobile code and the concept of the
mobile agent computing paradigm.  Overall, the paper lacks analysis
contents.  The paper raised many interesting questions on the design
and the approach to take.  However, the author does not provide 
enough guidance as to determine the viability of the technologies
presented. 

======================================================================

I do not believe that the paper effectively tied itself to the topic of
operating systems. The Subject of the paper was fairly novel and the
paper was well written. I believe that in a few cases the text dropped
below formality expected by the intended audience. Some of the
adjectives used and the style used are better suited for conversations.
For example, the acknowledgments section, horrendous bungles, and
TaekYorDo individually add some humor to the paper perhaps there was too
much humor.

======================================================================

2, Survey of security in Mobile Code Systems(SS)

Import
Security is a big problem in modern computer design, mobile code system
is a very new idea and "hot" topic in OS. The authors select security
in mobile code system as their survey,it can attract many computer
researcher's attention and it is an excellent survey topic.

Novelty
Although many ideas are from reference papers, the authors give a 
reasonable analysis, and put related information together(such as 
4 Host security, 5 Agent security and the conclusion ). This
gives readers some new ideas about how the security problems were
solved in different clients and servers.

Quality
This paper has good quality. The authors provide different techniques
employed to ensure host integrity and agent security. Besides they  use 
Java applets and ActiveX controls as examples to make readers understand
their topic easily.

Overall
This is an excellent survey paper. 
First I was impressed by their topic.I'd like to read it to know more about 
mobile agents, and relative security problems. 
Second, the paper has a good written structure, so the general
idea of this paper is easy to be understood, although some techniques are
very complicated and  many of them are still theoretical.

Overall, we should accept this paper.

(P.S.)I'd like to know more mobile agent examples except Java applets and 
ActiveX.    

======================================================================