A review of attacks and security approaches in open multi-agent systems

Open multi-agent systems (MASs) have growing popularity in the Multi-agent Systems community and are predicted to have many applications in future, as large scale distributed systems become more widespread. A major practical limitation to open MASs is security because the openness of such systems negates many traditional security solutions. In this paper we introduce and classify main attacks on open MASs. We then survey and analyse various security techniques in the literature and categorise them under prevention and detection approaches. Finally, we suggest which security technique is an appropriate countermeasure for which classes of attack.

[1]  Alice Cheng,et al.  Sybilproof reputation mechanisms , 2005, P2PECON '05.

[2]  Milan Rollo,et al.  Communication Security in Multi-agent Systems , 2003, CEEMAS.

[3]  Alexander Artikis,et al.  Specifying norm-governed computational societies , 2009, TOCL.

[4]  Ulises Cortés,et al.  Formalizing an electronic institution for the distribution of human tissues , 2003, Artif. Intell. Medicine.

[5]  Dianxiang Xu,et al.  Modeling security attacks with statecharts , 2011, QoSA-ISARCS '11.

[6]  Frances M. T. Brazier,et al.  Secure Monitoring of Service Level Agreements , 2010, 2010 International Conference on Availability, Reliability and Security.

[7]  Sergi Robles,et al.  Trust and Security , 2007 .

[8]  Oguz Dikenelli,et al.  An Architecture for Verification of Access Control Policies with Multi Agent System Ontologies , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[9]  Mohamed Jmaiel,et al.  A Formal Approach to prevent Attacks on Mobile Agent Systems , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[10]  Jan Jürjens Using UMLsec and goal trees for secure systems development , 2002, SAC '02.

[11]  Anand R. Tripathi,et al.  Security in the Ajanta mobile agent system , 2001, Softw. Pract. Exp..

[12]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[13]  Clark D. Thomborson,et al.  On the Use of Opaque Predicates in Mobile Agent Code Obfuscation , 2005, ISI.

[14]  Luiz Marcio Cysneiros,et al.  Designing for privacy and other competing requirements , 2002 .

[15]  Zhang Yong,et al.  On the Security Properties and Attacks against Mobile Agent Graph Head Sealing (MAGHS) , 2009, ISA.

[16]  Fabrício Enembreck,et al.  Encrypted certified trust in multi-agent system , 2009, 2009 13th International Conference on Computer Supported Cooperative Work in Design.

[17]  Luc Moreau,et al.  Extending execution tracing for mobile code security , 2002 .

[18]  Thomas F. La Porta,et al.  Security for Telecommunications Networks , 2008, Advances in Information Security.

[19]  Chris J. Mitchell Security for Mobility , 2003 .

[20]  Paula Kotzé,et al.  Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology , 2002 .

[21]  Elsabé Cloete,et al.  Classification of malicious host threats in mobile agent computing , 2002 .

[22]  Maria Indrawan,et al.  Extending the buddy model to secure variable sized multi agent communities , 2005 .

[23]  David Stuart Robertson,et al.  A Lightweight Coordination Calculus for Agent Systems , 2004, DALT.

[24]  Frances M. T. Brazier,et al.  Enforcing security in the AgentScape middleware , 2008, MidSec '08.

[25]  Joseph Y. Halpern,et al.  Secrecy in Multiagent Systems , 2008, TSEC.

[26]  Haeryong Park,et al.  The algorithm to enhance the security of multi-agent in distributed computing environment , 2006, 12th International Conference on Parallel and Distributed Systems - (ICPADS'06).

[27]  Eric Rescorla,et al.  Transport Layer Security (TLS) Renegotiation Indication Extension , 2010, RFC.

[28]  Sarit Kraus,et al.  Coordinating randomized policies for increasing security of agent systems , 2009, Inf. Technol. Manag..

[29]  Arkady B. Zaslavsky,et al.  A Buddy Model of Security for Mobile Agent Communities Operating in Pervasive Scenarios , 2004, ACSW.

[30]  Ghassan Beydoun,et al.  A security-aware metamodel for multi-agent systems (MAS) , 2009, Inf. Softw. Technol..

[31]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[32]  Ronald D. Williams,et al.  Taxonomies of attacks and vulnerabilities in computer systems , 2008, IEEE Communications Surveys & Tutorials.

[33]  Stefan Poslad,et al.  Specifying Standard Security Mechanisms in Multi-agent Systems , 2002, Trust, Reputation, and Security.

[34]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[35]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[36]  Stefan Poslad,et al.  Towards improved trust and security in FIPA agent platforms , 2004 .

[37]  Leonard N. Foner A Security Architecture for Multi-Agent Matchmaking , 1996 .

[38]  Liang Xiao An adaptive security model using agent-oriented MDA , 2009, Inf. Softw. Technol..

[39]  Gerd Wagner,et al.  Multi-Level Security in Multiagent Systems , 1997, CIA.

[40]  Chris J. Mitchell,et al.  Securing FIPA Agent Communication , 2003, Security and Management.

[41]  Arno Wagner,et al.  Possible Attacks on and Countermeasures for Secure Multi-Agent Computation , 2004, Security and Management.

[42]  Miao Kang,et al.  Secure by Design: Developing Secure Software Systems from the Ground Up , 2011, Int. J. Secur. Softw. Eng..

[43]  Sabah Al-Fedaghi,et al.  Threat Risk Modeling , 2010, 2010 Second International Conference on Communication Software and Networks.

[44]  Frank van Harmelen,et al.  Knowledge Coordinating Knowledge Sharing through Peer – to – Peer Interaction , 2008 .

[45]  Vincenzo Conti,et al.  An extended JADE-S based framework for developing secure Multi-Agent Systems , 2009, Comput. Stand. Interfaces.

[46]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[47]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[48]  Haralambos Mouratidis,et al.  Modelling secure multiagent systems , 2003, AAMAS '03.

[49]  Katia P. Sycara,et al.  The RETSINA MAS Infrastructure , 2003, Autonomous Agents and Multi-Agent Systems.

[50]  S. Braynov,et al.  Detecting malicious groups of agents , 2004, IEEE First Symposium onMulti-Agent Security and Survivability, 2004.

[51]  Timothy W. Finin,et al.  Developing Secure Agent Systems Using Delegation Based Trust Management , 2002, AAMAS 2002.

[52]  Bo Sun,et al.  Communication Security in MAS with XML Security Specifications , 2011 .

[53]  David Stuart Robertson,et al.  Probing Attacks on Multi-Agent Systems Using Electronic Institutions , 2011, DALT.

[54]  Ahmed M. Mahdy,et al.  Integrating Threat Modeling in Secure Agent-Oriented Software Development , 2011 .

[55]  Katia P. Sycara,et al.  Adding security and trust to multiagent systems , 2000, Appl. Artif. Intell..

[56]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[57]  Haralambos Mouratidis,et al.  Multi-agent Systems and Security Requirements Analysis , 2003, SELMAS.

[58]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[59]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[60]  Haralambos Mouratidis,et al.  Integrating Patterns and Agent-Oriented Methodologies to Provide Better Solutions for the Development of Secure Agent-Based Systems , 2003 .

[61]  Frank van Harmelen,et al.  Open Knowledge , 2008, LADS.

[62]  Tim Finin,et al.  Secret Agents - A Security Architecture for the KQML Agent Communication Language , 1995, CIKM 1995.

[63]  Frances M. T. Brazier,et al.  Security in large-scale open distributed multi-agent systems , 2010 .

[64]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[65]  Stefan Poslad,et al.  Policy driven systems for dynamic security reconfiguration , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[66]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[67]  S. Hazelburst Computer scientists and South Africa , 1988, CSOC.

[68]  John Mylopoulos,et al.  Analyzing security requirements as relationships among strategic actors , 2002 .

[69]  Vijay Varadharajan,et al.  A Secure Communication Scheme for Multiagent Systems , 1998, PRIMA.

[70]  John Mylopoulos,et al.  Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology , 2010, Advances in Intelligent Information Systems.

[71]  Rui Zhang,et al.  A Novel Security Protocol to Protect Mobile Agent against Colluded Truncation Attack by Cooperation , 2008, 2008 International Conference on Cyberworlds.

[72]  K. Kadota,et al.  Detecting outlying samples in microarray data: A critical assessment of the effect of outliers on sample classification , 2003 .

[73]  Adolfo Riera,et al.  Security for a Multi-Agent System based on JADE , 2007, Comput. Secur..

[74]  Charles J. Petrie,et al.  Service Agents and Virtual Enterprises: A Survey , 2003, IEEE Internet Comput..

[75]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[76]  Qi He,et al.  Personal security agent: KQML-based PKI , 1998, AGENTS '98.

[77]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[78]  Jim Alves-Foss,et al.  The use of encrypted functions for mobile agent security , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[79]  Rick Dove,et al.  On detecting and classifying aberrant behavior in unmanned autonomous systems under test and on mission , 2009 .

[80]  Xiaofeng Qiu,et al.  P2P attack taxonomy and relationship analysis , 2009, 2009 11th International Conference on Advanced Communication Technology.

[81]  Haralambos Mouratidis,et al.  Enhancing Secure Tropos to Effectively Deal with Security Requirements in the Development of Multiagent Systems , 2009, Safety and Security in Multiagent Systems.

[82]  Marc Esteva,et al.  Engineering Open Multi-Agent Systems as Electronic Institutions , 2004, AAAI.

[83]  Philip S. Yu,et al.  Outlier Detection with Uncertain Data , 2008, SDM.

[84]  Sarit Kraus,et al.  Security in multiagent systems by policy randomization , 2006, AAMAS '06.

[85]  Frances M. T. Brazier,et al.  Constructing secure mobile agent systems using the agent operating system , 2009, Int. J. Intell. Inf. Database Syst..

[86]  Wayne A. Jansen,et al.  Mobile Agent Security , 1999 .

[87]  Dipankar Dasgupta,et al.  Anomaly detection in multidimensional data using negative selection algorithm , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[88]  A.S. Tanenbaum,et al.  Security in a mobile agent system , 2004, IEEE First Symposium onMulti-Agent Security and Survivability, 2004.

[89]  Oguz Dikenelli,et al.  Policies for role based agents in environments with changing ontologies , 2011, AAMAS.

[90]  Bruce Schneier,et al.  Environmental Key Generation Towards Clueless Agents , 1998, Mobile Agents and Security.

[91]  Moritz Y. Becker Information Flow in Credential Systems , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[92]  J.B. Odubiyi,et al.  Building Security into an IEEE FIPA Compliant Multiagent System , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[93]  James P. McDermott,et al.  Attack net penetration testing , 2001, NSPW '00.