Skip to main content
SpringerLink
Log in

Controlling Security of Software Development with Multi-agent System

  • Conference paper
Knowledge-Based and Intelligent Information and Engineering Systems (KES 2010)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 6279))

Abstract

Software systems become distributed and complex. Distributed systems are crucial for organizations since they provide possibility to share data and information, resources and services. Nowadays, many software systems are not developed from scratch: system development involves reuse of already developed components. However, with the intrusion in the computer systems, it has become important that systems must fulfill security goals and requirements. Moreover, interdependencies of components create problems during integration phase. Therefore, security properties of components should be considered and evaluated earlier in the lifecycle. In this paper, we propose an agent-oriented process that supports verification of fulfillment of security goals and validation of security requirements during different phases of development lifecycle. Moreover, the system needs to support mapping of security requirements to threat list to determine if any of the attacks in the list is applicable to the system to be developed. This is performed by the meta-agents. These meta-agents automatically create a security checklist, as well as, provide control of actions taken by human agent.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture A Business-Driven Approach. CMP Books (2005), ISBN 1-57820318-X

    Google Scholar 

  2. Lodderstedt, T., Basin, D., Doser, J.: A UML-Based Modeling Language for Model-Driven Security*. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  3. Mellado, D., Fernández-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems, vol. 29(2), pp. 244–253. Elsevier Science Publishers B. V, Amsterdam (February 2007), ISSN:0920-5489

    Google Scholar 

  4. Abbas, H., Yngström, L., Hemani, A.: Option Based Evaluation: Security Evaluation of IT Products Based on Options Theory. In: First IEEE Eastern European Conference on the Engineering of Computer Based Systems, pp. 134–141 (2009)

    Google Scholar 

  5. Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and System Engineering: Towards the Modelling of Secure Information Systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, pp. 63–78. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Brændeland, G., Stølen, K.: Using Model-based Security Analysis in Component-oriented System Development QoP 2006, Alexandria, Virginia, USA. Copyright 2006, ACM 1-59593-553-3/06/0010 (October 30, 2006)

    Google Scholar 

  7. Gilliam, D.P., Wolf, T.L., Sherif, J.S., Bishop, M.: Software Security Checklist for the Software Life Cycle. In: Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2003), pp. 243–248 (June 2003), ISBN: 0-7695-1963-6

    Google Scholar 

  8. Phillips-Wren, G.: Assisting Human Decision Making with Intelligent Technologies. In: Lovrek, I., Howlett, R.J., Jain, L.C. (eds.) KES 2008, Part I. LNCS (LNAI), vol. 5177, pp. 1–10. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Håkansson, A., Hartung, R.: Calculating optimal decision using Meta-level agents for Multi-Agents in Networks. In: Apolloni, B., Howlett, R.J., Jain, L. (eds.) KES 2007, Part I. LNCS (LNAI), vol. 4692, pp. 180–188. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Russell, S., Norvig, P.: Artificial Intelligence: A Modern Approach. Prentice-Hall, Englewood Cliffs (1995), ISBN: 0-13-103805-2

    MATH  Google Scholar 

  11. Moradian, E., Håkansson, A.: Approach to Solving Security Problems Using Meta-Agents in Multi Agent System. In: Nguyen, N.T., Jo, G.-S., Howlett, R.J., Jain, L.C. (eds.) KES-AMSTA 2008. LNCS (LNAI), vol. 4953, pp. 122–131. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Pfleeger, S.L.: Software Engineering Theory an Practice, 2nd edn. Prentice-Hall, Inc., Englewood Cliffs (2001), ISBN 0-13-029049-1

    Google Scholar 

  13. Andersson, R.: Security Engineering A guide to building. Dependable Distributed Systems, 2nd edn. Wiley, Chichester (2008), ISBN 978-0-470-06852-6

    Google Scholar 

  14. Bishop, M.: Introduction to Computer Security. Pearson Education, Inc., London (2005), ISBN 0-321-24744-2

    Google Scholar 

  15. McGraw, G.: Software Security Building Security. Addison-Wesley Pearson Ed., Reading (2006), ISBN 0-321-35670-5

    Google Scholar 

  16. Lindström, C., Näsström, S.: Handbook for Software in Safety-Critical Applications. Swedish Armed Forces (2005)

    Google Scholar 

  17. Moradian, E., HÃ¥kansson, A., Andersson, J.-O.: Multi-Agent System Supporting Security Requirements Engineering. Accepted in The 9th International Conference of Software Engineering Research and Practice, SERP 2010 (2010)

    Google Scholar 

  18. Allen, J.H., Barnum, S., Ellisson, R.J., McGraw, G., Mead, N.: Software Security Engineering A Guide for Project Managers. Addison-Wesley, Reading (2008), ISBN: 0-321-50917X

    Google Scholar 

  19. Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: A Framework to security requirements engineering. In: SESS 2006, Shanghai, China. Copyright, May 20-21, ACM 1-59593- 085-X/06/0005 (2006)

    Google Scholar 

  20. Magnusson, C.: Corporate Governance, Internal Control and Compliance (September 2007), http://www.svensktnaringsliv.se/material/rapporter/article35898.ece

  21. Vetterling and Wimmel Secure Systems Development Based on the Common Criteria: The PalME Project SIGSOFT 2002/FSE10, Charleston, SC, USA, November 18-22. ACM 1581135149/02/0011 (2002)

    Google Scholar 

  22. Papazoglou, M.: Web Services: Principles and Technology. Pearson Education, Essex (2008), ISBN: 978-0-321-15555-0

    Google Scholar 

  23. Swiderski, F., Snyder, W.: Threat Modelling. Microsoft Press(2004), ISBN 0-7356-1991-3

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Communication Systems, KTH, The Royal Institute of Technology, Forum 100, 164 40 Kista, Stockholm, Sweden

    Esmiralda Moradian & Anne Håkansson

Authors
  1. Esmiralda Moradian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anne HÃ¥kansson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering, Cardiff University, The Parade, CF24 3AA, Cardiff, UK

    Rossitza Setchi

  2. Dept. of Computer Science and Software Engineering, University of Portsmouth, BUckingham Building, Lion Terrace, PO1 3HE, Portsmouth, UK

    Ivan Jordanov

  3. KES International, 145-157 St. John Street, EC1V 4PY, London, UK

    Robert J. Howlett

  4. School of Electrical and Information Engineering, University of South Australia, Adelaide, Mawson Lakes Campus, 5095, SA, Australia

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Moradian, E., HÃ¥kansson, A. (2010). Controlling Security of Software Development with Multi-agent System. In: Setchi, R., Jordanov, I., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based and Intelligent Information and Engineering Systems. KES 2010. Lecture Notes in Computer Science(), vol 6279. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15384-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15384-6_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15383-9

  • Online ISBN: 978-3-642-15384-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation