Controlling Security of Software Development with Multi-agent System

Software systems become distributed and complex. Distributed systems are crucial for organizations since they provide possibility to share data and information, resources and services. Nowadays, many software systems are not developed from scratch: system development involves reuse of already developed components. However, with the intrusion in the computer systems, it has become important that systems must fulfill security goals and requirements. Moreover, interdependencies of components create problems during integration phase. Therefore, security properties of components should be considered and evaluated earlier in the lifecycle. In this paper, we propose an agent-oriented process that supports verification of fulfillment of security goals and validation of security requirements during different phases of development lifecycle. Moreover, the system needs to support mapping of security requirements to threat list to determine if any of the attacks in the list is applicable to the system to be developed. This is performed by the meta-agents. These meta-agents automatically create a security checklist, as well as, provide control of actions taken by human agent.

[1]  Esmiralda Moradian,et al.  Multi-Agent System Supporting Security Requirements Engineering , 2010, Software Engineering Research and Practice.

[2]  Alexander K. Wißpeintner,et al.  Secure systems development based on the common criteria: the PalME project , 2002, SIGSOFT '02/FSE-10.

[3]  Haralambos Mouratidis,et al.  Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems , 2003, CAiSE.

[4]  Esmiralda Moradian,et al.  Approach to Solving Security Problems Using Meta-Agents in Multi Agent System , 2008, KES-AMSTA.

[5]  Mike P. Papazoglou,et al.  Web Services - Principles and Technology , 2007 .

[6]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[7]  A. Clark,et al.  Enterprise Security Architecture: A Business-Driven Approach , 2005 .

[8]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[9]  Bashar Nuseibeh,et al.  A framework for security requirements engineering , 2006, SESS '06.

[10]  Matt Bishop Introduction to Computer Security , 2004 .

[11]  Gloria E. Phillips-Wren,et al.  Assisting Human Decision Making with Intelligent Technologies , 2008, KES.

[12]  Ketil Stølen,et al.  Using model-based security analysis in component-oriented system development , 2006, QoP '06.

[13]  VetterlingMonika,et al.  Secure systems development based on the common criteria , 2002 .

[14]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[15]  Rodolfo Alfredo Bertone,et al.  Software engineering: Theory and practice, 2nd Edition. Shari Lawrence Pfleeger. Prentice Hall, 2001 , 2005 .

[16]  Nancy R. Mead,et al.  Software Security Engineering: A Guide for Project Managers , 2004 .

[17]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .

[18]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[19]  Ronald L. Hartung,et al.  Calculating Optimal Decision Using Meta-level Agents for Multi-Agents in Networks , 2007, KES.

[20]  Lakhmi C. Jain,et al.  Knowledge-Based Intelligent Information and Engineering Systems , 2004, Lecture Notes in Computer Science.

[21]  Joseph S. Sherif,et al.  Software security checklist for the software life cycle , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[22]  Mario Piattini,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007, Comput. Stand. Interfaces.

[23]  Jean-Marc Jézéquel,et al.  ≪UML≫ 2002 — The Unified Modeling Language , 2002, Lecture Notes in Computer Science.

[24]  Haider Abbas,et al.  Option Based Evaluation: Security Evaluation of IT Products Based on Options Theory , 2009, 2009 First IEEE Eastern European Conference on the Engineering of Computer Based Systems.