[PDF] [BIB] [DOI]
Security of an agent system is often limited, relying on basic cryptographic techniques without consideration of issues such as key maintenance, forming and communicating in secure groups, or interlayer security. From a security engineering perspective, multi-agent systems introduce new channels and possibly layers, resulting in additional security concerns. A comprehensive security engineering perspective - studying the information flow of the multi-layered system, identifying, analyzing and addressing multi-level security threats - is rarely taken. This paper presents a security engineering process for multi-agent systems - motivating the need for comprehensive security engineering and showing how to proceed with the process within an agent system. One of the largest obstacles in security engineering is understanding how to decompose a system into the parts that require security. This paper provides a decomposition for agent systems that can be directly applied to the security engineering process. Examples are given that detail the application of the presented security engineering process to: 1) a FIPA-compliant agent system; and 2) peer-to-peer content lookup. The most important contribution of this paper, is proposing a formal approach to addressing security within an agent system, where there exist unique and application-specific threats that must be addressed.