Abstract
Software systems become distributed and complex. Distributed systems are crucial for organizations since they provide possibility to share data and information, resources and services. Nowadays, many software systems are not developed from scratch: system development involves reuse of already developed components. However, with the intrusion in the computer systems, it has become important that systems must fulfill security goals and requirements. Moreover, interdependencies of components create problems during integration phase. Therefore, security properties of components should be considered and evaluated earlier in the lifecycle. In this paper, we propose an agent-oriented process that supports verification of fulfillment of security goals and validation of security requirements during different phases of development lifecycle. Moreover, the system needs to support mapping of security requirements to threat list to determine if any of the attacks in the list is applicable to the system to be developed. This is performed by the meta-agents. These meta-agents automatically create a security checklist, as well as, provide control of actions taken by human agent.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture A Business-Driven Approach. CMP Books (2005), ISBN 1-57820318-X
Lodderstedt, T., Basin, D., Doser, J.: A UML-Based Modeling Language for Model-Driven Security*. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Mellado, D., Fernández-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems, vol. 29(2), pp. 244–253. Elsevier Science Publishers B. V, Amsterdam (February 2007), ISSN:0920-5489
Abbas, H., Yngström, L., Hemani, A.: Option Based Evaluation: Security Evaluation of IT Products Based on Options Theory. In: First IEEE Eastern European Conference on the Engineering of Computer Based Systems, pp. 134–141 (2009)
Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and System Engineering: Towards the Modelling of Secure Information Systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, pp. 63–78. Springer, Heidelberg (2003)
Brændeland, G., Stølen, K.: Using Model-based Security Analysis in Component-oriented System Development QoP 2006, Alexandria, Virginia, USA. Copyright 2006, ACM 1-59593-553-3/06/0010 (October 30, 2006)
Gilliam, D.P., Wolf, T.L., Sherif, J.S., Bishop, M.: Software Security Checklist for the Software Life Cycle. In: Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2003), pp. 243–248 (June 2003), ISBN: 0-7695-1963-6
Phillips-Wren, G.: Assisting Human Decision Making with Intelligent Technologies. In: Lovrek, I., Howlett, R.J., Jain, L.C. (eds.) KES 2008, Part I. LNCS (LNAI), vol. 5177, pp. 1–10. Springer, Heidelberg (2008)
Håkansson, A., Hartung, R.: Calculating optimal decision using Meta-level agents for Multi-Agents in Networks. In: Apolloni, B., Howlett, R.J., Jain, L. (eds.) KES 2007, Part I. LNCS (LNAI), vol. 4692, pp. 180–188. Springer, Heidelberg (2007)
Russell, S., Norvig, P.: Artificial Intelligence: A Modern Approach. Prentice-Hall, Englewood Cliffs (1995), ISBN: 0-13-103805-2
Moradian, E., Håkansson, A.: Approach to Solving Security Problems Using Meta-Agents in Multi Agent System. In: Nguyen, N.T., Jo, G.-S., Howlett, R.J., Jain, L.C. (eds.) KES-AMSTA 2008. LNCS (LNAI), vol. 4953, pp. 122–131. Springer, Heidelberg (2008)
Pfleeger, S.L.: Software Engineering Theory an Practice, 2nd edn. Prentice-Hall, Inc., Englewood Cliffs (2001), ISBN 0-13-029049-1
Andersson, R.: Security Engineering A guide to building. Dependable Distributed Systems, 2nd edn. Wiley, Chichester (2008), ISBN 978-0-470-06852-6
Bishop, M.: Introduction to Computer Security. Pearson Education, Inc., London (2005), ISBN 0-321-24744-2
McGraw, G.: Software Security Building Security. Addison-Wesley Pearson Ed., Reading (2006), ISBN 0-321-35670-5
Lindström, C., Näsström, S.: Handbook for Software in Safety-Critical Applications. Swedish Armed Forces (2005)
Moradian, E., HÃ¥kansson, A., Andersson, J.-O.: Multi-Agent System Supporting Security Requirements Engineering. Accepted in The 9th International Conference of Software Engineering Research and Practice, SERP 2010 (2010)
Allen, J.H., Barnum, S., Ellisson, R.J., McGraw, G., Mead, N.: Software Security Engineering A Guide for Project Managers. Addison-Wesley, Reading (2008), ISBN: 0-321-50917X
Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: A Framework to security requirements engineering. In: SESS 2006, Shanghai, China. Copyright, May 20-21, ACM 1-59593- 085-X/06/0005 (2006)
Magnusson, C.: Corporate Governance, Internal Control and Compliance (September 2007), http://www.svensktnaringsliv.se/material/rapporter/article35898.ece
Vetterling and Wimmel Secure Systems Development Based on the Common Criteria: The PalME Project SIGSOFT 2002/FSE10, Charleston, SC, USA, November 18-22. ACM 1581135149/02/0011 (2002)
Papazoglou, M.: Web Services: Principles and Technology. Pearson Education, Essex (2008), ISBN: 978-0-321-15555-0
Swiderski, F., Snyder, W.: Threat Modelling. Microsoft Press(2004), ISBN 0-7356-1991-3
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Moradian, E., HÃ¥kansson, A. (2010). Controlling Security of Software Development with Multi-agent System. In: Setchi, R., Jordanov, I., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based and Intelligent Information and Engineering Systems. KES 2010. Lecture Notes in Computer Science(), vol 6279. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15384-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-15384-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15383-9
Online ISBN: 978-3-642-15384-6
eBook Packages: Computer ScienceComputer Science (R0)