A review of attacks and security approaches in open multi-agent systems

Shahriar Bijani, David Robertson
2012 Artificial Intelligence Review  
One way to build large-scale autonomous systems is to develop an open multi-agent system using peer-to-peer architectures in which agents are not pre-engineered to work together and in which agents themselves determine the social norms that govern collective behaviour. The social norms and the agent interaction models can be described by Electronic Institutions such as those expressed in the Lightweight Coordination Calculus (LCC), a compact executable specification language based on logic
more » ... amming and pi-calculus. Open multi-agent systems have experienced growing popularity in the multi-agent community and are expected to have many applications in the near future as large scale distributed systems become more widespread, e.g. in emergency response, electronic commerce and cloud computing. A major practical limitation to such systems is security, because the very openness of such systems opens the doors to adversaries for exploit existing vulnerabilities. This thesis addresses the security of open multi-agent systems governed by electronic institutions. First, the main forms of attack on open multi-agent systems are introduced and classified in the proposed attack taxonomy. Then, various security techniques from the literature are surveyed and analysed. These techniques are categorised as either prevention or detection approaches. Appropriate countermeasures to each class of attack are also suggested. A fundamental limitation of conventional security mechanisms (e.g. access control and encryption) is the inability to prevent information from being propagated. Focusing on information leakage in choreography systems using LCC, we then suggest two frameworks to detect insecure information flows: conceptual modeling of interaction models and languagebased information flow analysis. A novel security-typed LCC language is proposed to address the latter approach. Both static (design-time) and dynamic (run-time) security type checking are employed to guarantee no information leakage can occur in annotated LCC interaction models. The proposed security type system is then formally evaluated by proving its properties. A limitation of both conceptual modeling and language-based frameworks is difficulty of formalising realistic policies using annotations. iv Finally, the proposed security-typed LCC is applied to a cloud computing configuration case study, in which virtual machine migration is managed. The secrecy of LCC interaction models for virtual machine management is analysed and information leaks are discussed. v Acknowledgement I am especially grateful to my supervisor David Robertson for his insight, supervision, time and support throughout my PhD study; even though he has been extremely busy as the Head of the School of Informatics. He has shown me qualities beyond that of academic nature, which I aspire to. I would like to thank David Aspinall, my second supervisor, for sharing his technical virtuosity and his valuable feedback to my work. Thanks to my examiners Michael Rovatsos and Maurizio Marchese for their valuable suggestions, especially to Michael for his detailed comments, which were really helpful. I would also like to thank my wife, for the constant source of unwavering support and her patience throughout the duration of my Ph.D, without her this thesis would not have been possible. Finally, thanks to my parents for supporting me spiritually throughout my life and nurturing me in the right trajectory. vi Declarations I declare that this thesis was composed by myself, that the work contained herein is my own except where explicitly stated otherwise in the text, and that this work has not been submitted for any other degree or professional qualification except as specified. Some of the material used in this thesis has been published in the following papers:
doi:10.1007/s10462-012-9343-1 fatcat:ppins5fil5hztjftmzbgzknzli