Multi-agent systems and security requirements analysis

Agent Oriented Software Engineering (AOSE) is a software paradigm that has grasped the attention of researchers the last few years. As a result, many different methods have been introduced to help developers in the development of multi-agent systems. However, so far, these methods have mainly neglected security requirements. The common approach towards the inclusion of security within a system is to identify security requirements after the definition of the system. However, this approach has provoked the emergence of computer systems afflicted with security vulnerabilities. In this paper we propose an analysis, based on the measures of criticality (how critical an actor of the system is) and complexity (represents the effort required by the actors of the system to achieve the requirements that have been imposed to them), which aims to identify possible bottlenecks of a multi-agent system with respect to security. An integrated agent-based health and social care information system is used as a case study throughout this paper

A security oriented approach in the development of multiagent systems : applied to the management of the health and social care needs of older people in England.

Security can play an important role in the development of some multi agent systems. However, a careful analysis of software development processes indicates that the definition of security requirements is, usually, considered after the design of the system. This approach, usually, leads to problems, such as conflicts between security and functional requirements, which can translate into security vulnerabilities. As a result, the integration of security issues in agent oriented software engineering methodologies has been identified as an important issue. Nevertheless, developers of agent oriented software engineering methodologies have mainly neglected security engineering and in fact very little evidence has been reported on work that integrates security issues into the development stages of agent oriented software engineering methodologies. This thesis advances the current state of the art In agent oriented software engineering in many ways. It identifies problems associated with the integration of security and software engineering and proposes a set of minimum requirements that a security oriented process should demonstrate. It extends the concepts and the development process of the Tropos methodology with respect to security to allow developers, even those with minimum security knowledge, to identify desired security requirements for their multi agent systems, reason about them, and as a result develop a system that satisfies its security requirements. In doing so, this research has developed (1) an analysis technique to enable developers to select amongst alternative architectural styles using as criteria the security requirements of the system, (2) a pattern language consisting of security patterns for multi agent systems, and (3) a scenario-based technique that allows developers to test the reaction of the system to potential attacks. The applicability of the approach is demonstrated by employing it in the development of the electronic single assessment process (eSAP) system, a real-life case study that provided the initial motivation for this research

Modelling MAS-Specific Security Features

In this paper, we pursue a modelling approach to address security requirements for multi-agent systems (MAS). This will allow developers to account for both the system and agent-specific security requirements of a MAS during the requirements phase and throughout the whole Software Development Lifecycle of the system. We focus on autonomy, mobility and cooperation of individual agents and how these create additional security vulnerabilities to the system. In proposing a set of generic modelling primitives for these engendered requirements in the analysis of the MAS, we extend our recently proposed MAS metamodel. In this paper, we pursue a modelling approach to address security requirements for multi-agent systems (MAS). This will allow developers to account for both the system and agent-specific security requirements of a MAS during the requirements phase and throughout the whole Software Development Lifecycle of the system. We focus on autonomy, mobility and cooperation of individual agents and how these create additional security vulnerabilities to the system. In proposing a set of generic modelling primitives for these engendered requirements in the analysis of the MAS, we extend our recently proposed MAS metamodel

Evaluating how agent methodologies support the specification of the normative environment through the development process

[EN] Due to the increase in collaborative work and the decentralization of processes in many domains, there is an expanding demand for large-scale, flexible and adaptive software systems to support the interactions of people and institutions distributed in heterogeneous environments. Commonly, these software applications should follow specific regulations meaning the actors using them are bound by rights, duties and restrictions. Since this normative environment determines the final design of the software system, it should be considered as an important issue during the design of the system. Some agent-oriented software engineering methodologies deal with the development of normative systems (systems that have a normative environment) by integrating the analysis of the normative environment of a system in the development process. This paper analyses to what extent these methodologies support the analysis and formalisation of the normative environment and highlights some open issues of the topic.This work is partially supported by the PROMETEOII/2013/019, TIN2012-36586-C03-01, FP7-29493, TIN2011-27652-C03-00, CSD2007-00022 projects, and the CASES project within the 7th European Community Framework Program under the grant agreement No 294931.Garcia Marques, ME.; Miles, S.; Luck, M.; Giret Boggino, AS. (2014). Evaluating how agent methodologies support the specification of the normative environment through the development process. Autonomous Agents and Multi-Agent Systems. 1-20. https://doi.org/10.1007/s10458-014-9275-zS120Cossentino, M., Hilaire, V., Molesini, A., & Seidita, V. (Eds.). (2014). Handbook on agent-oriented design processes (Vol. VIII, 569 p. 508 illus.). Berlin: Springer.Akbari, O. (2010). A survey of agent-oriented software engineering paradigm: Towards its industrial acceptance. Journal of Computer Engineering Research, 1, 14–28.Argente, E., Botti, V., Carrascosa, C., Giret, A., Julian, V., & Rebollo, M. (2011). An abstract architecture for virtual organizations: The THOMAS approach. Knowledge and Information Systems, 29(2), 379–403.Argente, E., Botti, V., & Julian, V. (2009). GORMAS: An organizational-oriented methodological guideline for open MAS. In Proceedings of AOSE’09 (pp. 440–449).Argente, E., Botti, V., & Julian, V. (2009). Organizational-oriented methodological guidelines for designing virtual organizations. In Distributed computing, artificial intelligence, bioinformatics, soft computing, and ambient assisted living. Lecture Notes in Computer Science (Vol. 5518, pp. 154–162).Boella, G., Pigozzi, G., & van der Torre, L. (2009). Normative systems in computer science—Ten guidelines for normative multiagent systems. In G. Boella, P. Noriega, G. Pigozzi, & H. Verhagen (Eds.), Normative multi-agent systems, number 09121 in Dagstuhl seminar proceedings.Boella, G., Torre, L., & Verhagen, H. (2006). Introduction to normative multiagent systems. Computational and Mathematical Organization Theory, 12(2–3), 71–79.Bogdanovych, A., Esteva, M., Simoff, S., Sierra, C., & Berger, H. (2008). A methodology for developing multiagent systems as 3d electronic institutions. In M. Luck & L. Padgham (Eds.), Agent-Oriented Software Engineering VIII (Vol. 4951, pp. 103–117). Lecture Notes in Computer Science. Berlin: Springer.Boissier, O., Padget, J., Dignum, V., Lindemann, G., Matson, E., Ossowski, S., Sichman, J., & Vazquez-Salceda, J. (2006). Coordination, organizations, institutions and norms in multi-agent systems. LNCS (LNAI) (Vol. 3913).Bordini, R. H., Fisher, M., Visser, W., & Wooldridge, M. (2006). Verifying multi-agent programs by model checking. In Autonomous agents and multi-agent systems (Vol. 12, pp. 239–256). Hingham, MA: Kluwer Academic Publishers.Botti, V., Garrido, A., Giret, A., & Noriega, P. (2011). The role of MAS as a decision support tool in a water-rights market. In Post-proceedings workshops AAMAS2011 (Vol. 7068, pp. 35–49). Berlin: Springer.Breaux, T. (2009). Exercising due diligence in legal requirements acquisition: A tool-supported, frame-based approach. In Proceedings of the IEEE international requirements engineering conference (pp. 225–230).Breaux, T. D., & Baumer, D. L. (2011). Legally reasonable security requirements: A 10-year ftc retrospective. Computers and Security, 30(4), 178–193.Breaux, T. D., Vail, M. W., & Anton, A. I. (2006). Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations. In Proceedings of the 14th IEEE international requirements engineering conference, RE ’06 (pp. 46–55). Washington, DC: IEEE Computer Society.Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., & Mylopoulos, J. (2004). Tropos: An agent-oriented software development methodology. Autonomous Agents and Multi-Agent Systems, 8(3), 203–236.Cardoso, H. L., & Oliveira, E. (2008). A contract model for electronic institutions. In COIN’07: Proceedings of the 2007 international conference on Coordination, organizations, institutions, and norms in agent systems III (pp. 27–40).Castor, A., Pinto, R. C., Silva, C. T. L. L., & Castro, J. (2004). Towards requirement traceability in tropos. In WER (pp. 189–200).Chopra, A., Dalpiaz, F., Giorgini, P., & Mylopoulos, J. (2009). Modeling and reasoning about service-oriented applications via goals and commitments. ICST conference on digital business.Cliffe, O., Vos, M., & Padget, J. (2006). Specifying and analysing agent-based social institutions using answer set programming. In O. Boissier, J. Padget, V. Dignum, G. Lindemann, E. Matson, S. Ossowski, J. Sichman, & J. Vázquez-Salceda (Eds.), Coordination, organizations, institutions, and norms in multi-agent systems. Lecture Notes in Computer Science (Vol. 3913, pp. 99–113). Springer. Berlin.Criado, N., Argente, E., Garrido, A., Gimeno, J. A., Igual, F., Botti, V., Noriega, P., & Giret, A. (2011). Norm enforceability in Electronic Institutions? In Coordination, organizations, institutions, and norms in agent systems VI (Vol. 6541, pp. 250–267). Springer.Dellarocas, C., & Klein, M. (2001). Contractual agent societies. In R. Conte & C. Dellarocas (Eds.), Social order in multiagent systems (Vol. 2, pp. 113–133)., Multiagent Systems, Artificial Societies, and Simulated Organizations New York: Springer.DeLoach, S. A. (2008). Developing a multiagent conference management system using the o-mase process framework. In Proceedings of the international conference on agent-oriented software engineering VIII (pp. 168–181).DeLoach, S. A., & Garcia-Ojeda, J. C. (2010). O-mase; a customisable approach to designing and building complex, adaptive multi-agent systems. International Journal of Agent-Oriented Software Engineering, 4(3), 244–280.DeLoach, S. A., Padgham, L., Perini, A., Susi, A., & Thangarajah, J. (2009). Using three aose toolkits to develop a sample design. International Journal Agent-Oriented Software Engineering, 3, 416–476.Dignum, F., Dignum, V., Thangarajah, J., Padgham, L., & Winikoff, M. (2007). Open agent systems? Eighth international workshop on agent oriented software engineering (AOSE) in AAMAS07.Dignum, V. (2003). A model for organizational interaction:based on agents, founded in logic. PhD thesis, Utrecht University.Dignum, V., Meyer, J., Dignum, F., & Weigand, H. (2003). Formal specification of interaction in agent societies. Formal approaches to agent-based systems (Vol. 2699).Dignum, V., Vazquez-Salceda, J., & Dignum, F. (2005). Omni: Introducing social structure, norms and ontologies into agent organizations. In R. Bordini, M. Dastani, J. Dix, & A. Seghrouchni (Eds.)Programming multi-agent systems. Lecture Notes in Computer Science (Vol. 3346, pp. 181–198). Berlin: Springer.d’Inverno, M., Luck, M., Noriega, P., Rodriguez-Aguilar, J., & Sierra, C. (2012). Communicating open systems, 186, 38–94.Elsenbroich, C., & Gilbert, N. (2014). Agent-based modelling. In Modelling norms (pp. 65–84). Dordrecht: Springer.Esteva, M., Rosell, B., Rodriguez, J. A., & Arcos, J. L. (2004). AMELI: An agent-based middleware for electronic institutions. In AAMAS04 (pp. 236–243).Fenech, S., Pace, G. J., & Schneider, G. (2009). Automatic conflict detection on contracts. In Proceedings of the 6th international colloquium on theoretical aspects of computing, ICTAC ’09 (pp. 200–214).Garbay, C., Badeig, F., & Caelen, J. (2012). Normative multi-agent approach to support collaborative work in distributed tangible environments. In Proceedings of the ACM 2012 conference on computer supported cooperative work companion, CSCW ’12 (pp. 83–86). New York, NY: ACM.Garcia, E., Giret, A., & Botti, V. (2011). Regulated open multi-agent systems based on contracts. In Information Systems Development (pp. 243–255).Garcia, E., Tyson, G., Miles, S., Luck, M., Taweel, A., Staa, T. V., & Delaney, B. (2012). An analysis of agent-oriented engineering of e-health systems. In 13th international eorkshop on sgent-oriented software engineering (AOSE-AAMAS).Garcia, E., Tyson, G., Miles, S., Luck, M., Taweel, A., Staa, T. V., and Delaney, B. (2013). Analysing the Suitability of Multiagent Methodologies for e-Health Systems. In Agent-Oriented Software Engineering XIII, volume 7852, pages 134–150. Springer-Verlag.Garrido, A., Giret, A., Botti, V., & Noriega, P. (2013). mWater, a case study for modeling virtual markets. In New perspectives on agreement technologies (Vol. Law, Gover, pp. 563–579). Springer.Gteau, B., Boissier, O., & Khadraoui, D. (2006). Multi-agent-based support for electronic contracting in virtual enterprises. IFAC Symposium on Information Control Problems in Manufacturing (INCOM), 150(3), 73–91.Hollander, C. D., & Wu, A. S. (2011). The current state of normative agent-based systems. Journal of Artificial Societies and Social Simulation, 14(2), 6.Hsieh, F.-S. (2005). Automated negotiation based on contract net and petri net. In E-commerce and web technologies. Lecture Notes in Computer Science (Vol. 3590, pp. 148–157).Kollingbaum, M., Jureta, I. J., Vasconcelos, W., & Sycara, K. (2008). Automated requirements-driven definition of norms for the regulation of behavior in multi-agent systems. In Proceedings of the AISB 2008 workshop on behaviour regulation in multi-agent systems, Aberdeen, Scotland, U.K., April 2008.Li, T., Balke, T., Vos, M., Satoh, K., & Padget, J. (2013). Detecting conflicts in legal systems. In Y. Motomura, A. Butler, & D. Bekki (Eds.), New Frontiers in Artificial Intelligence (Vol. 7856, pp. 174–189)., Lecture Notes in Computer Science Berlin Heidelberg: Springer.Lomuscio, A., Qu, H., & Solanki, M. (2010) Towards verifying contract regulated service composition. Journal of Autonomous Agents and Multi-Agent Systems (pp. 1–29).Lopez, F., Luck, M., & d’Inverno, M. (2006). A normative framework for agent-based systems. Computational and Mathematical Organization Theory, 12, 227–250.Lpez, F. y, Luck, M., & dInverno, M. (2006). A normative framework for agent-based systems. Computational and Mathematical Organization Theory, 12(2–3), 227–250.Mader, P., & Egyed, A. (2012). Assessing the effect of requirements traceability for software maintenance. In 28th IEEE International Conference on Software Maintenance (ICSM) (pp. 171–180), Sept 2012.Mao, X., & Yu, E. (2005). Organizational and social concepts in agent oriented software engineering. In AOSE IV. Lecture Notes in Artificial Intelligence (Vol. 3382, pp. 184–202).Meyer, J.-J. C., & Wieringa, R. J. (Eds.). (1993). Deontic logic in computer science: Normative system specification. Chichester, UK: Wiley.Okouya, D., & Dignum, V. (2008). Operetta: A prototype tool for the design, analysis and development of multi-agent organizations (demo paper). In AAMAS (pp. 1667–1678).Malone, T. W., Smith J. B., & Olson, G. M. (2001). Coordination theory and collaboration technology. Mahwah, NJ: Lawrence Erlbaum Associates.Oren, N., Panagiotidi, S., Vázquez-Salceda, J., Modgil, S., Luck, M., & Miles, S. (2009). Towards a formalisation of electronic contracting environments. COIN (pp. 156–171).Osman, N., Robertson, D., & Walton, C. (2006). Run-time model checking of interaction and deontic models for multi-agent systems. In AAMAS ’06: Proceedings of the fifth international joint conference on Autonomous agents and multiagent systems (pp. 238–240). New York, NY: ACM.Pace, G., Prisacariu, C., & Schneider, G. (2007). Model checking contracts a case study. In Automated technology for verification and analysis. Lecture Notes in Computer Science (Vol. 4762, pp. 82–97).Rotolo, A., & van der Torre, L. (2011). Rules, agents and norms: Guidelines for rule-based normative multi-agent systems. RuleML Europe, 6826, 52–66.Saeki, M., & Kaiya, H. (2008). Supporting the elicitation of requirements compliant with regulations. In CAiSE ’08 (pp. 228–242).Siena, A., Mylopoulos, J., Perini, A., & Susi, A. (2009). Designing law-compliant software requirements. In Proceedings of the 28th international conference on conceptual modeling, ER ’09 (pp. 472–486).Singh, M. P. Commitments in multiagent systems: Some history, some confusions, some controversies, some prospects.Solaiman, E., Molina-Jimenez, C., & Shrivastav, S. (2003). Model checking correctness properties of electronic contracts. In Service-oriented computing—ICSOC 2003. Lecture Notes in Computer Science (Vol. 2910, pp. 303–318). Berlin: Springer.Telang, P. R., & Singh, M. P. (2009). Conceptual modeling: Foundations and applications. Enhancing tropos with commitments (pp. 417–435).Vázquez-Salceda, J., Confalonieri, R., Gomez, I., Storms, P., Nick Kuijpers, S. P., & Alvarez, S. (2009). Modelling contractually-bounded interactions in the car insurance domain. DIGIBIZ 2009.Viganò, F., & Colombetti, M. (2007). Symbolic model checking of institutions. In ICEC (pp. 35–44).Walton, C. D. (2007). Verifiable agent dialogues. Journal of Applied Logic, 5(2):197–213, Logic-Based Agent Verification.Winkler, S., & Pilgrim, J. (2010). A survey of traceability in requirements engineering and model-driven development. Software and Systems Modeling (SoSyM), 9(4), 529–565.Wooldridge, M., Fisher, M., Huget, M., & Parsons, S. (2002). Model checking multi-agent systems with mable. In AAMAS02 (pp. 952–959). ACM

Multi agent system architecture oriented Prometheus methodology design to facilitate security of cloud data storage

Security plays an important role in the development of Multi Agent Systems (MAS). However, a careful analysis of software development processes shows that the definition of security requirements is, usually, considered after the design of the system. This is, mainly, due to the fact that agent oriented software engineering methodologies have not integrated security concerns throughout their developing stages. Designing a team of agents that can work together toward a common goal is one of the challenges in the research area of agent-oriented software engineering. Prometheus is an agent-oriented software engineering methodology. The Prometheus Design Tool (PDT) is a graphical editor which supports the design tasks specified within the Prometheus methodology for designing agent systems. The tool propagates information where possible and ensures consistency between various parts of the design. The main purpose of this paper is to design MAS architecture that can be used to facilitate confidentiality, correctness assurance, availability and integrity of Cloud Data Storage (CDS) or cloud data center. The proposed MAS architecture includes five types of agents: Cloud Service Provider Agent (CSPA), Cloud Data Confidentiality Agent (CDConA), Cloud Data Correctness Agent (CDCorA), Cloud Data Availability Agent (CDAA) and Cloud Data Integrity Agent (CDIA)

Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help

MULTI-AGENT SYSTEM OF PROTECTING INFORMATION FROM UNAUTHORIZED ACCESS

This article lists methods and tools for unlocking data from the local network. Modern methods and software tools for protecting data from unauthorized access from local area network have been analyzed. The advantages and disadvantages of the DLP (Data Loss / Leakage Prevention) system are demonstrated to protect data from unauthorized access. The criteria for increasing the effectiveness of the DLP system and the multi-intellect DLP system were suggested.Перечислены методы и инструменты для разблокировки данных из локальной сети. Проанализированы современные методы и программные средства защиты данных от несанкционированного доступа из локальной сети. Показаны преимущества и недостатки системы DLP, предназначенной для предотвращения потери / утечки данных от несанкционированного доступа. Предложены критерии повышения эффективности системы DLP и системы DLP с многоагентным интеллектом