On Security in Open Multi-Agent Systems

In open multi-agent systems agents must interact with other agents with which they are not familiar. In particular, an agent will receive requests and assertions from other agents and must decide how to act on the requests and assess the credibility of the assertions. In a closed environment, agents have well known and familiar transaction partners whose rights and credibility are known. The problem thus reduces to authentication which is the reliable identification of agents’ true identity. In an open environment, however, agents must transact business even when knowing the true identities is uninformative. Decisions about who to believe and who to serve must be based on an agent’s properties. These properties are established by proving them from an agent’s credentials, beliefs of other agents and the appropriate security policies. In this paper we present an approach to some security problems in open multi-agent systems based on distributed trust, the delegation of permissions and distributed belief. Distributed trust management involves verifying if the requesting agent meets the required credentials for the request. As distributed trust management is inherently policy-based, our approach also includes a flexible policy language. Agents collect information that they require to make security decisions through distributed belief, which allows rules to be specified for accepting beliefs of other agents. We begin by describing our approach and the concepts on which it is built. Then we present a design that provides security functionality in a typical agent framework (FIPA) and describe initial work in its realization.