Modelling MAS-Specific Security Features

In this paper, we pursue a modelling approach to address security requirements for multi-agent systems (MAS). This will allow developers to account for both the system and agent-specific security requirements of a MAS during the requirements phase and throughout the whole Software Development Lifecycle of the system. We focus on autonomy, mobility and cooperation of individual agents and how these create additional security vulnerabilities to the system. In proposing a set of generic modelling primitives for these engendered requirements in the analysis of the MAS, we extend our recently proposed MAS metamodel. In this paper, we pursue a modelling approach to address security requirements for multi-agent systems (MAS). This will allow developers to account for both the system and agent-specific security requirements of a MAS during the requirements phase and throughout the whole Software Development Lifecycle of the system. We focus on autonomy, mobility and cooperation of individual agents and how these create additional security vulnerabilities to the system. In proposing a set of generic modelling primitives for these engendered requirements in the analysis of the MAS, we extend our recently proposed MAS metamodel

A Security-Aware Metamodel for Multi-Agent Systems (MAS)

This paper adopts a model-based security (MBS) approach to identify security requirements during the early stages of multi-agent system development. Our adopted MBS approach is underpinned by a metamodel independent of any specific methodology. It allows for security considerations to be embedded within any situated agent methodology which then prescribes security considerations within its work products. Using a standard model-driven engineering (MDE) approach, these work products are initially constructed as high abstraction models and then transformed into more precise models until code-specific models can be produced. A multi-agent system case study is used to illustrate the applicability of the proposed security-aware metamodel

Programming satan's agents

Mobile agent security is still a young discipline and most naturally, the focus up to the time of writing was on inventing new cryptographic protocols for securing various aspects of mobile agents. However, past experience shows that protocols can be flawed, and flaws in protocols can remain unnoticed for a long period of time. The game of breaking and fixing protocols is a necessary evolutionary process that leads to a better understanding of the underlying problems and ultimately to more robust and secure systems. Although, to the best of our knowledge, little work has been published on breaking protocols for mobile agents, it is inconceivable that the multitude of protocols proposed so far are all flawless. As it turns out, the opposite is true. We identify flaws in protocols proposed by Corradi et al., Karjoth et al., and Karnik et al., including protocols based on secure coprocessors. Additionally, we propose how the protocols can be strengthened against the types of attacks we launch against them