A security-aware metamodel for multi-agent systems (MAS)

https://doi.org/10.1016/j.infsof.2008.05.003Get rights and content

Abstract

This paper adopts a model-based security (MBS) approach to identify security requirements during the early stages of multi-agent system development. Our adopted MBS approach is underpinned by a metamodel independent of any specific methodology. It allows for security considerations to be embedded within any situated agent methodology which then prescribes security considerations within its work products. Using a standard model-driven engineering (MDE) approach, these work products are initially constructed as high abstraction models and then transformed into more precise models until code-specific models can be produced. A multi-agent system case study is used to illustrate the applicability of the proposed security-aware metamodel.

Introduction

In the context of conceptual modelling and model-driven software engineering, (software) agents can be defined as conceptual entities that exhibit autonomy, situatedness and interactivity. They are situated in an environment in which they are able to sense and respond to changes. Agents have been found useful in model-based development of open, distributed and heterogeneous systems. However, as has been argued in the literature [23], for agent technology to be widely recognized, the security issues that surround agents must be resolved.

Research efforts, so far, have mainly focused on solving individual security problems of multi-agent systems (MAS), such as attacks by an agent on another agent, attacks from a platform on an agent, and/or attacks from an agent on a platform [14]. Security is not yet considered as part of the development process of a MAS. This is partly because existing methodologies, modelling languages and methods for the development of MASs do not generally incorporate abstractions and processes that support the consideration of security issues. Rather security is often considered only after the design of the system has been finalised, which leads to various security vulnerabilities [19].

In this paper, we produce a methodology-independent security (meta) model that can be used in the construction of any situated methodology [7] as required by the context of the MAS development project. It is aligned with model-based security (MBS) as proposed in [16] as a means of supporting the consideration of security from the early stages of the information system development process. Initially, high abstraction models are constructed and transformed, following a standard model-driven engineering (MDE) approach, into more precise models until code-specific models can be produced. We believe this approach, combining agents and security in an MDE context, can be successfully employed in the overall development of a multi-agent software system. Towards this, this paper provides the foundations for the construction of the models in the form of an agent-oriented modelling language that incorporates security considerations.

We present a MAS metamodel that defines security concepts along with agent development concepts. Our MAS metamodel described in this paper has the capacity to model the security requirements of any given MAS independently of the process used to create it. It is based on the FAML (FAME1 Agent-oriented Modelling Language) generic metamodel [1] and previous work on security-aware agent metamodels [2]. The chosen security concepts are designated into two sets: run-time concepts and design-time concepts. Each set has two scopes: system-related or agent-internals-related scope. Our work is part of a greater effort to develop secure multi-agent systems, based on the application of model-based security and a conceptual modelling approach to address security requirements of multi-agent systems, as suggested in recent work e.g. [10], [19]. This allows developers to account for security of a MAS early during the development of the system rather than as a costly afterthought.

The rest of this paper is organized as follows: Section 2 describes related work. Section 3 briefly outlines the FAML metamodel and the analytic process used to identify the required security modelling units (classes in the metamodel). Section 4 articulates the MAS-specific security concerns of any MAS and associates these with basic modelling primitives. Section 5 incorporates these primitives into our metamodel and extends the metamodel to accommodate all security concerns identified in Section 4. Section 6 illustrates the semantics of the modelling units of our metamodel on a P2P community sharing application illustrating our model-driven approach to develop a securitised MAS. Finally, Section 7 concludes with a discussion of future work.

Section snippets

Modelling and developing secure agent-oriented systems

The term agent derives from the present particle of the Latin verb agere, which means to drive, act, lead or do [5]. Although there is no standard definition of what a software agent is, it is widely agreed that, in broad terms, an agent demonstrates the following properties: (i) Autonomy. Agents operate without the direct intervention of humans or others, and have some kind of control over their actions and internal state; (ii) Social ability. Agents interact with other agents (and possibly

The FAME agent-oriented modelling language

Within the overall framework of the FAME (Framework for Agent-oriented Method Engineering) project, we have identified the need to include a modelling language. Such a modelling language defines concepts from which can be instantiated modelling elements from which a model (a design) can be constructed. The design can then be hand-coded or used as the input to model-based (or model-driven) information systems development, as in MDE (model-driven engineering) or a specific flavour of MDE like

Security requirements of a MAS

In this section, we analyse the security requirement of multi-agent systems to extend FAML to support modelling of security concerns. The extension of FAML consists of two sets of modelling classes (metaclasses): One set to model the security requirements of a multi-agent system (MAS) identified by the developer during the design stage; and another to model security actions satisfying the security requirements. These modelling classes will be added to the four views of the FAML metamodel shown

Proposed metamodel

This section presents the new version of FAML which accounts for security requirements. The new security concepts added to FAML are first presented (Table 4). As these concepts are added, some existing FAML concepts are changed and some new non-security concepts are added (Table 5). The new ‘securitised’ FAML is presented in Fig. 6, Fig. 7, Fig. 8, Fig. 9.

As noted in the previous section, MAS-specific security requirements are of two kinds. The first kind refers to general security requirements

Illustration of the metamodel on a MAS application

As a practical illustration of security concepts in FAML, we consider a community-based search MAS application that we designed in [34]. This is a very complex application that involves most concepts of FAML. However, we will only give examples of the security-related concepts. We first describe the application and then show how FAML assists in identifying and modelling security issues.

Discussion, conclusions and future work

In this paper, we have presented work that provides the foundation towards a model-based security approach for the development of secure multi-agent systems. In particular, we have extended the FAME Modelling Language (FAML) and we have defined a metamodel that supports the development of security models for agent-oriented systems. The original FAML metamodel [1] did not accommodate the security requirements of the system nor allow description of security solutions such as the ones discussed in

References (37)

  • S. Brinkkemper

    Method engineering: engineering of information systems development methods and tools

    Information and Software Technology

    (1996)
  • G. Beydoun et al.

    Developing and evaluating a generic metamodel for MAS work products

  • G. Beydoun, G. Low, H. Mouratidis, B. Henderson-Sellers, Modelling MAS-specific security features, in: Proceedings of...
  • G. Beydoun, N. Tran, G. Low, B. Henderson-Sellers, Foundations of Ontology-based Methodologies for Multi-agent Systems,...
  • N. Borselius, Security in Multi-Agent Systems, International Conference on Security and Management (SAM02), Las Vegas,...
  • M. Bradshaw

    Software Agents

    (1997)
  • P. Bresciani et al.

    TROPOS: an agent-oriented software development methodology

    Journal of Autonomous Agents and Multi-agent Systems

    (2004)
  • M. Esteva, Electronic Institutions: From Specification to Development, Artificial Intelligence Research Insitute, UAB –...
  • M. Esteva, D. de la Cruz, C. Sierra, ISLANDER: an electronic institutions editor, in: International Conference on...
  • P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, Requirements engineering meets trust management, in: Second...
  • B. Henderson-Sellers, Creating a comprehensive agent-oriented methodology – using method engineering and the OPEN...
  • M.-P. Huget, Nemo: an agent-oriented software engineering methodology, in: OOPSLA Workshop on Agent-Oriented...
  • C. Iglesias, M. Carijo, J. Gonzales, A survey of agent-oriented methodologies, in: Intelligent Agents IV, 1999, pp....
  • W. Jansen, T. Karygiannis, Mobile Agent Security, National Institute of Standards and Technology Special Publication...
  • N.R. Jennings

    An agent-based approach for building complex software systems

    Communications of the ACM

    (2001)
  • J. Jürjens, Sound methods and effective tools for model-based security engineering with UML, ICSE 2005, ACM, 2005, pp....
  • A. Kleppe et al.

    MDA Explained: The Model Driven Architecture – Practice and Promise

    (2003)
  • L. Liu, E. Yu, J. Mylopoulos, Analyzing security requirements as relationships among strategic actors, in: 2nd...
  • Cited by (44)

    • scenario modeling for government big data governance decision-making: Chinese experience with public safety services

      2022, Information and Management
      Citation Excerpt :

      For the purpose of this research, a GBDG scenario meta-model was developed to provide generic knowledge for scenario modeling. Agent Modeling Language (AML) was used to develop the scenario meta-model [[34], [8]]. This process involved first extracting the general scenario elements that were relevant to all available GBDG scenario models (or other relevant models that contain scenario elements, including GBDG influencing factor models, GBDG evaluation models, and GBDG decision-making framework).

    • Agent action diagram: Toward a model for emergency management system

      2019, Simulation Modelling Practice and Theory
    • A complete approach for CIM modelling and model formalising

      2015, Information and Software Technology
    View all citing articles on Scopus
    View full text