Future mobile systems are expected to exploit the flexibility of agent-based software in a variety of ways. This includes agents providing both middleware and application-level functionality. Realising the full benefits of this innovative approach requires that security issues are properly addressed. There are many security issues associated with agent-based systems; some of the most difficult to deal with arise when agents themselves can be mobile. There has been much recent interest in developing cryptographic protocols designed especially for securing mobile agents. However, this work has mainly been ad hoc in nature, i.e., it has not been developed in response to a thorough analysis of the security requirements for a particular agent application. The paper describes research intended to help rectify this gap by providing a detailed security architecture, including a security model and a specification of security services provided within the model.