Layered security architecture for threat management using multi-agent system

The increasing complexity of software systems along with expanding connectivity has necessitated the evolution of an integrated security framework adopting innovative techniques for secure software systems. This paper proposes a layered security architecture for threat management using a multi-agent system to meet the above objective. Layer- 1 of this framework is designed for elicitation of realistic and flawless security requirements. Layer-2 uses a Multi-Agent system planning for avoidance of threats optimally. In this mechanism autonomous agents interact and coordinate with each other to achieve the common goal of software security. An adaptive defense mechanism using Meta-Agents in multi-agent system in conjunction with fuzzy logic to counter the adaptive and compound threats is the responsibility of Layer-3. Guidelines proposed in this paper have augmented this security architecture as a two-fold defensive strategy to ensure that a hacker is not able to tamper data even if they penetrate the periphery defenses. These proactive steps can be implemented during the design and development phases of the software life cycle in an incremental way as per the budget and security requirements of a software project. A case study on internet banking is included in the paper to describe the proposed security framework.

[1]  He You,et al.  A method of threat assessment using multiple attribute decision making , 2002, 6th International Conference on Signal Processing, 2002..

[2]  Glenn Wissing Multi-agent planning using HTN and GOAP , 2007 .

[3]  Susan Elliott Sim,et al.  A Comparative Evaluation of Three Approaches to Specifying Security Requirements , 2006 .

[4]  M Fasan Oluwasola SOFTWARE SECURITY RISK ANALYSIS USING FUZZY EXPERT SYSTEM , 2006 .

[5]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[6]  George J. Klir,et al.  Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems - Selected Papers by Lotfi A Zadeh , 1996, Advances in Fuzzy Systems - Applications and Theory.

[7]  William Yurcik,et al.  Threat Modeling as a Basis for Security Requirements , 2005 .

[8]  Sam Supakkul,et al.  Security threat modeling and analysis: A goal-oriented approach , 2006, ICSE 2006.

[9]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[10]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[11]  Punam Bedi,et al.  Identifying Security Requirements Hybrid Technique , 2009, 2009 Fourth International Conference on Software Engineering Advances.

[12]  Carnegie M Ielloii Secure Software Development Life Cycle Processes: A Technology Scouting Report , 2005 .

[13]  Punam Bedi,et al.  A step towards Secure Software System using fuzzy logic , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[14]  Esmiralda Moradian,et al.  Controlling Security of Software Development with Multi-agent System , 2010, KES.

[15]  Shawn A. Butler Security attribute evaluation method: a cost-benefit approach , 2002, ICSE '02.

[16]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[17]  Bharat B. Madan,et al.  Modeling and quantification of security attributes of software systems , 2002, Proceedings International Conference on Dependable Systems and Networks.

[18]  Michael Wooldridge,et al.  Agent-based software engineering , 1997, IEE Proc. Softw. Eng..

[19]  Philip Bjarnolf Threat Analysis Using Goal-Oriented Action Planning : Planning in the Light of Information Fusion , 2008 .

[20]  Madan M. Gupta,et al.  Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems , 2003 .

[21]  Mariana Hentea,et al.  Intelligent System for Information Security Management: Architecture and Design Issues , 2007 .

[22]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[23]  J. Pollock Planning Agents , 1998 .

[24]  Punam Bedi,et al.  Avoiding Threats Using Multi Agent System Planning for Web Based Systems , 2009, ICCCI.

[25]  E. H. Mamdani,et al.  Advances in the linguistic synthesis of fuzzy controllers , 1976 .

[26]  Joanna Witkowska The Quality of Obfuscation and Obfuscation Techniques , 2006, Biometrics, Computer Security Systems and Artificial Intelligence Applications.

[27]  Roger S. Pressman,et al.  Software Engineering: A Practitioner's Approach , 1982 .

[28]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[29]  Punam Bedi,et al.  Threat Mitigation, Monitoring and Management Plan - A New Approach in Risk Management , 2009, 2009 International Conference on Advances in Recent Technologies in Communication and Computing.

[30]  Esmiralda Moradian,et al.  Approach to Solving Security Problems Using Meta-Agents in Multi Agent System , 2008, KES-AMSTA.