Abstract
Open multi-agent systems (MASs) have growing popularity in the Multi-agent Systems community and are predicted to have many applications in future, as large scale distributed systems become more widespread. A major practical limitation to open MASs is security because the openness of such systems negates many traditional security solutions. In this paper we introduce and classify main attacks on open MASs. We then survey and analyse various security techniques in the literature and categorise them under prevention and detection approaches. Finally, we suggest which security technique is an appropriate countermeasure for which classes of attack.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aggarwal CC, Yu PS (2008) Outlier detection with uncertain data. In: SIAM international conference on data mining (SDM), pp 483–493
Artikis A, Sergot M, Pitt J (2009) Specifying norm-governed computational societies. ACM Trans Comput Logic 10: 1–42
Becker MY (2010) Information flow in credential systems. IEEE Comput Secur Found Symp 0: 171–185
Beydoun G, Low G, Mouratidis H, Henderson-Sellers B (2009) A security-aware metamodel for multi-agent systems (MAS). Inf Softw Technol 51(5): 832–845
Bierman E, Cloete E (2002) Classification of malicious host threats in mobile agent computing. In: SAICSIT’02: Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on enablement through technology. South African Institute for Computer Scientists and Information Technologists, South Africa, pp 141–148
Bijani S, Robertson D, Aspinall D (2011) Probing attacks on multi-agent systems using electronic institutions. In: Declarative Agent Languages and Technologies Workshop (DALT), AAMAS 2011
Borselius N, Mitchell C (2003) Securing FIPA agent communication. In: Proceedings of the 2003 International conference on security and management (SAM’03), vol 1, USA, pp 135–141
Botelho V, Enembreck F, Avila B, de Azevedo H, Scalabrin E (2009) Encrypted certified trust in multi-agent system. In: The 13th international conference on computer supported cooperative work in design, pp 227–232
Braynov S, Jadliwala M (2004) Detecting malicious groups of agents. In: Proceedings of the 1st IEEE symposium on multi-agent security and survivability (MAS&S) 2004. IEEE Computer Society, Philadelphia, pp 90–99
Bresciani P, Giorgini P, Manson G, Mouratidis H (2004a) Multi-agent systems and security requirements analysis. In: Lecture Notes in Computer Science. Springer, Berlin
Bresciani P, Perini A, Giorgini P, Giunchiglia F, Mylopoulos J (2004b) TROPOS: an agent-oriented software development methodology. Auton Agents Multi Agent Syst 8: 203–236
Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial-of-service attack- detection techniques. IEEE Internet Comput 10(1): 82–89
Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41: 15:1–15:58
Cheng A, Friedman E (2005) Sybilproof reputation mechanisms. In: P2PECON’05: Proceedings of the 2005 ACM SIGCOMM workshop on economics of peer-to-peer systems. ACM, Philadelphia, pp 128–132
Clark KP, Warnier M, Quillinan TB, Brazier FM (2010) Secure monitoring of service level agreements. In: Proceedings of the 2nd international workshop on organizational security aspects (OSA 2010). IEEE
Dasgupta D, Majumdar N (2002) Anomaly detection in multidimensional data using negative selection algorithm. In: The IEEE conference on evolutionary computation. Hawaii, pp 1039–1044
Demazeau Y, Rocha Costa A. (1996) Populations and organizations in open multi-agent systems. In: Proceedings of the I national symposium on parallel and distributed AI (PDAI’96), Hyderabad
Denning DE (1976) A lattice model of secure information flow. Commun. ACM 19-5: 236–243
Douceur JR (2002) The sybil attack. In: IPTPS ’01: Revised papers from the 1st international workshop on peer-to-peer systems. Springer, pp 251–260
Dove R (2009) On detecting and classifying aberrant behavior in unmanned autonomous systems under test and on mission. In: Live virtual constructive conference. International Test and Evaluation Association
El Ariss O, Xu D (2011) Modeling security attacks with statecharts. In: The joint ACM SIGSOFT conference—QoSA and ACM SIGSOFT symposium. ACM, pp 123–132
Ellison C, Schneier B (2000) Ten risks of PKI: what you’re not being told about public key infrastructure. Comput Secur J 16(2):1–7
Endsuleit R, Wagner A (2004) Possible attacks on and countermeasures for secure multi-agent computation. In: Proceedings of the international conference on security and management (SAM’04), Las Vegas, pp 221–227
Esteva M, de la Cruz D, Rosell B, Arcos JL, Rodriguez-Aguilar JA, Cuni G (2004) Engineering open multi-agent systems as electronic institutions. In: 19th national conference on artifical Intelligence (AAAI 04). AAAI Press, pp 1010–1011
Finin T, Joshi A, Joshi A (2002) Developing secure agent systems using delegation based trust management. In: Security of mobile multiAgent systems (SEMAS 02) held at autonomous agents and multiAgent systems (AAMAS), pp 200–202
Foner LN (1996) A security architecture for multi-agent matchmaking. In: Proceedings of the 2nd international conference on multi-agent systems, pp 80–86
Halpern JY, ONeill KR (2008) Secrecy in multiagent systems. ACM Trans Inf Syst Secur 12: 5:1–5:47
He Q, Sycara KP, Finin TW (1998) Personal security agent: KQML-based PKI. In: The 2nd international conference on autonomous agents
Igure V, Williams R (2008) Taxonomies of attacks and vulnerabilities in computer systems. Commun Surv Tutor 10(1): 6–19
Jansen W, Karygiannis T (2000) Mobile agent security. National Institute of Standards and Technology (NIST) Special Publication 800-19
Jurjens J (2002) Using UMLsec and goal trees for secure systems development. In: The 2002 ACM symposium on applied computing. ACM, Madrid, pp 1026–1030
Kadota K, Tominaga D, Akiyama Y, Takahashi K (2003) Detecting outlying samples in microarray data: a critical assessment of the effect of outliers on sample classification. Chem-Bio Inform 3: 30–45
Karnik NM, Tripathi AR (2001) Security in the Ajanta mobile agent system. Softw Pract Experience 31(4):301–329
Khan A, Arshad Q, Niu X, Yong Z, Anwar MW (2009) On the security properties and attacks against mobile agent graph head sealing (MAGHS). In: The 3rd international conference and workshops on advances in information security and assurance (ISA 09). Springer, Seoul, pp 223–228
Lee H, Alves-Foss J, Harrison S (2004) The use of encrypted functions for mobile agent security. In: The 37th annual Hawaii international conference on system sciences (HICSS’04). IEEE Computer Society, p 10
Lippmann RP, Ingols KW (2005) An annotated review of past papers on attack graphs. Linoln Lab, MIT, Cambridge
Liu L, Yu E, Mylopoulos J (2002) Analyzing security requirements as relationships among strategic actors. In: 2nd Symposium on requirements engineering for information security (SREIS 2002)
Loulou M, Tounsi M, Kacem AH, Jmaiel M, Mosbah M (2007) A formal approach to prevent attacks on mobile agent systems. In: SECUREWARE’07: Proceedings of the the international conference on emerging security information, systems, and technologies. IEEE Computer Society, Washington, pp 42–47
Majumdar A, Thomborson C (2005) On the use of opaque predicates in mobile agent code obfuscation. In: Intelligence and security informatics. Springer, Berlin, pp 255–236
Massacci F, Mylopoulos J, Zannone N (2010) Security requirements engineering: the SI* modeling language and the secure tropos methodology. Adv Intell Inf Syst 265: 147–174
McDermott JP (2000) Attack net penetration testing. In: The 2000 workshop on new security paradigms (NSPW’00), Cork, pp 15–21
Microsoft (2010) Threat risk modeling. Retrieved from The Open Web Application Security Project:http://www.owasp.org/index.php/Threat_Risk_Modeling
Mitchell C (2003) Security for Mobility. Institution of Electrical Engineers, Piscataway
Mouratidis H (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng (IJSEKE) 17(2): 285–309
Mouratidis H, Giorgini P (2009) Enhancing secure tropos to effectively deal with security requirements in the development of multiagent systems In: Safety and security in multiagent systems. Springer-Verlag, pp 8–26
Mouratidis H, Giorgini P, Manson G (2003a) Modelling secure multiagent systems. In: AAMAS 03: Proceedings of the 2nd international joint conference on autonomous agents and multiagent systems. ACM, New York, pp 859–866
Mouratidis H, Giorgini P, Weiss M (2003b) Integrating patterns and agent-oriented methodologies to provide better solutions for the development of secure agent systems. In: Workshop on expressiveness of pattern languages 2003, at ChiliPLoP
Necula G, Lee P (1998) Safe, untrusted agents using proof-carrying code. In: Vigna G (eds) Mobile agents and security. Springer, Berlin, pp 61–91
Novak P, Rollo M, Hodik J, Vlcek T (2003) Communication security in multi-agent systems. In: The 3rd central and eastern European conference on multi-agent systems (CEEMAS’03). Springer, pp 454–463
Odubiyi JB, Choudhary AR (2007) Building security into an IEEE FIPA compliant multiagent system. In: Proceedings of the 2007 IEEE workshop on information assurance, IAW. IEEE Computer Society, West Point, pp 49–55
Oey MA, Warnier M, Brazier FM (2010) Security in large-scale open distributed multi-agent systems. In: Kordic V (ed) Autonomous agents. IN-TECH, pp 107–130
Page JP, Zaslavsky AB, Indrawan MT (2005) Extending the buddy model to secure variable sized multi agent communities. In: Proceedings of the 2nd international workshop on safety and security in multiagent systems, Utrecht, pp 59–75
Park H, Ju H, Chun K, Lee J, Ahn S, Noh B (2006) The algorithm to enhance the security of multi-agent in distributed computing environment. In: ICPADS’06: Proceedings of the 12th international conference on parallel and distributed systems. IEEE Computer Society, Washington, pp 55–60
Paruchuri P, Tambe M, Ordonez F, Kraus S (2006) Security in multiagent systems by policy randomization. In: Proceedings of the 5th international joint conference on autonomous agents and multiagent systems (AAMAS 06). ACM, Hakodate, pp 273–280
Paruchuri P, Pearce JP, Marecki J, Tambe M, Ordonez F, Kraus S (2009) Coordinating randomized policies for increasing security of agent systems. Inf Technol Manag 10: 67–79
Petrie C, Bussler C (2003) Service agents and virtual enterprises: a survey. IEEE Internet Comput 7: 68–78
Poslad S, Calisti M (2000) Towards improved trust and security in FIPA agent platforms. In: Workshop on deception, fraud and trust in agent Societies, Spain
Poslad S, Charlton P, Calisti M (2002) Specifying standard security mechanisms in Multi-agent systems. In: Trust, reputation, and security: theories and Practice, AAMAS 2002 international workshop. Springer, Berlin, pp 122–127
Quillinan TB, Warnier M, Oey MA, Timmer RJ, Brazier FM (2008) Enforcing security in the agentScape middleware. In: Proceedings of the 1st international workshop on middleware security (MidSec). ACM
Ray M (2009) Authentication gap in TLS renegotiation. http://extendedsubset.com/?p=8
Rescorla E, Ray M, Dispensa S, Oskov N (2010, Feb) Transport layer security (TLS) renegotiation indication extension. Internet Engineering Task Force (IETF)
Riordan J, Schneier B (1998) Environmental key generation towards clueless agents. Mobile agents and security. Springer, Berlin, pp 15–24
Robertson D (2005) A lightweight coordination calculus for agent systems. In: Declarative agent languages and technologies II, vol 3476/2005. Springer, Berlin, pp 183–197
Robertson D, Giunchiglia F, Harmelen Fv, Marchese M, Sabou M, Schorlemmer M et al (2008) Open knowledge—coordinating knowledge sharing through peer-to-peer interaction. In: Languages, methodologies and development tools for multi-agent systems. 1st International workshop, LADS 2007. Revised Selected and Invited Papers, vol 5118, pp 1–18
Robles S (2008) Trust and security. In: Moreno A., Pavn J. (eds) Issues in multi-agent systems: the agentCities. ES experience (Vol. Chapter 4). Birkhäuser, Basel, pp 87–115
Rojas DM, Mahdy AM (2011) Integrating threat modeling in secure agent-oriented software development. Int J Softw Eng (IJSE) 2: 23–36
Sabelfeld A, Myers A (2003) Language-based information-flow security. IEEE J Sel Areas Commun 21(1): 5–19
Schneier B (1999) Attack trees. Dr. Dobb’s J Softw Tools 24: 21–29
Sierra C, Walton C, Robertson D, Gerloff EJ, Li JS, Abian J et al (2008) Report on bioinformatics case studies. Techreport
Silei L, Rui Z, Jun L, Junmo X (2008) A novel security protocol to protect mobile agent against colluded truncation attack by cooperation. In: International conference on cyberworlds, pp 186–191
Sit E, Morris R (2002) Security considerations for peer-to-peer distributed hash tables. In: IPTPS’01: revised papers from the 1st international workshop on peer-to-peer systems. Springer, pp 261–269
Sun B, Chen H (2011) Communication security in MAS with XML security specifications. Appl Mech Mater 65:251–254
Sycara K, Paolucci M, Van Velsen M, Giampapa J (2003) The RETSINA MAS infrastructure. Auton Agents Multi Agent Syst 7: 29–48
Tan H, Moreau L (2002) Extending execution tracing for mobile code security. In: 2nd International workshop on security of mobile multiAgent systems (SEMAS 2002), Bologna, pp 51–59
Tan JJ, Poslad S, Xi Y (2004) Policy driven systems for dynamic security reconfiguration. In: Proceedings of the 3rd international joint conference on autonomous agents and multiagent systems (AAMAS), vol 3. IEEE Computer Society, pp 1274–1275
Tekbacak F, Tuglular T, Dikenelli O (2009) An architecture for verification of access control policies with multi agent system ontologies. In: COMPSAC’09: Proceedings of the 2009 33rd annual IEEE international computer software and applications conference. IEEE Computer Society, pp 52–55
Tekbacak F, Tuglular T, Dikenelli O (2011) Policies for role based agents in environments with changing ontologies. In: The 10th international conference on autonomous agents and multiagent systems (AAMAS 11), Taipei, pp 1335–1336
Thirunavukkarasu C, Finin T, Mayfield J (1995) Secret agents—a security architecture for the KQML agent communication language. In: Intelligent information agents workshop (CIKM’95)
Traynor P, McDaniel P, Porta TL (2008) Security for telecommunications networks: future directions and challenges. Springer, US
van’t Noordende G, Brazier FM, Tanenbaum AS (2004) Security in a mobile agent system. In: The 1st IEEE symposium on multi-agent security and survivability, pp 35–45
van’t Noordende GJ, Overeinder BJ, Timmer RJ, Brazier FM, Tanenbaum AS (2009) Constructing secure mobile agent systems using the agent operating system. Int J Intell Inf Database Syst (IJIIDS) 3: 363–381
Vazquez-Salceda J, Padget JA, Cortes U, Lopez-Navidad A, Caballero F (2003) Formalizing an electronic institution for the distribution of human tissues. Artif Intell Med 27: 233–258
Vila X, Schuster A, Riera A (2007) Security for a multi-agent system based on JADE. Comput Secur 26: 391–400
Vitabile S, Conti V, Militello C, Sorbello F (2008) An extended JADE-S based framework for developing secure multi-agent systems. Comput Stand Interfaces 31: 913–930
Wagner G (1997) Multi-level security in multiagent systems. In: Proceedings of the 1st international workshop on cooperative information agents. Springer, London, pp 272–285
Wahbe R, Lucco S, Anderson T (1993) Efficient software-based fault isolation. In: The 14th ACM symposium on operating systems principles, pp 203–216
Wang H, Varadharajan V, Zhang Y (1999) A secure communication scheme for multiagent systems. In: PRIMA’98: selected papers from the 1st Pacific Rim international workshop on multi-agents, multiagent platforms, vol 1599. Springer, London, pp 174–185
Wong HC, Sycara K (1999) Adding security and trust to multi-agent systems. In: Proceedings of autonomous agents’99 workshop on deception, fraud, and trust in agent societies, pp 149–161
Xiao L (2009) An adaptive security model using agent-oriented MDA. Inf Softw Technol 51: 933–955
Yu E, Cysneiros LM (2002) Designing for privacy and other competing requirements. In: 2nd Symposium on requirements engineering for information security (SREISTM02), Raleigh
Yue X, Qiu X, Ji Y, Zhang C (2009) P2P attack taxonomy and relationship analysis. In: ICACT’09: Proceedings of the 11th international conference on advanced communication technology. IEEE Press, pp 1207–1210
Zaslavsky A, Indrawan M (2004) A buddy model of security for mobile agent communities operating in pervasive scenarios. Proc. Australas Inf Secur Data Mining Web Intell Softw Int 32: 17–25
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bijani, S., Robertson, D. A review of attacks and security approaches in open multi-agent systems. Artif Intell Rev 42, 607–636 (2014). https://doi.org/10.1007/s10462-012-9343-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10462-012-9343-1