Академический Документы
Профессиональный Документы
Культура Документы
3. AGENT RESPONSIBILITY
3.1 Responsibility Model
In a non-crisis context, agents are assigned to responsibilities like
PEP, PIE, ACE, etc. By analyzing for instance the activity of
monitoring the fileserver (see Fig. 2), we observe e.g. that the PEP
concerned by that activity has the responsibility to collect the log
file on the firewall, to make a basic correlation between the values
1
Bay Area Research Wireless Access Network project, conducted at the
University of California at Berkeley. Figure 2. Synoptical ReD Architecture
In general, the definition of the agent responsibility is mostly We consider the trust in an agent as the reliance that this agent
incomplete. Most of the architectures only consider the agent act as it is requested. For didactic reason, we consider in this
against the outcome that it has to produce. Sometimes, advanced paper that a trust level of 10 is high and a trust level of 0 is low.
solutions integrate the inputs that those agents request for
performing the outcome. We define the responsibilities as a state 3.2 Agent Responsibility Specifications
assigned to an agent to signify him its obligations concerning the Based on the responsibility model defined above, we may
task, its accountabilities regarding its obligations, and the rights instantiate the responsibility model for each responsibility of the
and capabilities necessary to perform it. In [3] and [12] we have agents within the network. Because of the size of the paper, only
proposed an initial responsibility model that can be used to depict the four most important meta-concepts are instantiated: the
the agent responsibility. That responsibility model has been obligations concerning the task (in red), the capabilities (in blue),
upgraded in order to integrate the following concepts: the rights (in green), and commitment represented as a trust value
(in black). Table 1 provides these concepts instantiated for each
responsibilities of the network. The two last columns propose a
mapping of the rights and capabilities which are necessary by
obligation.
For the PEP, we observe that the responsibility includes
obligations such as the obligation to retrieve the logs from the
component he monitors (O1), to provide an immediate reaction
if necessary (O2), etc. In order to perform that obligation, he
must have the capabilities to be on the same network as the
component he controls (C1), to be able to communicate with the
PDP (C2), to be able to communicate with the facilitator agent
(C3) and so on. He also must have the right to read the log file on
the concerned network component (R1), to write the log in a
central logs database (R2), and so on.
Fig.3. Responsibility model for Conviction sharing
4. MONITORING NEEDS BASED
The assignment is the action of linking an agent to a
responsibility. Delegation process is the transfer of an agents CONVICTION MODEL
responsibility assignment to another agent. Commonly an agent is considered as an encapsulated computer
system [13] that is situated in some environment and that is
The accountability is a duty to justify the performance of a task capable of flexible, autonomous action in that environment in
to someone else under threat of sanction [5]. Accountability is a order to meet its design objectives [9]. As agents have control
type of obligation to report the achievement, maintenance or over their own behaviour, they must cooperate and negotiate with
avoidance of some given state to an authority and, as each other to achieve their goals [10]. The convergence of these
consequence, is associated to an obligation. Accountability agents properties and distributed systems behaviour makes the
contribute to generate trust or to remove trust depending of the multi-agent architecture an appropriate mechanism to evaluate the
accountability outcomes [20]. security (Conviction) of critical infrastructures run by distributed
systems [11]. Nonetheless for such multi-agents systems one
The obligation is the most frequent concept to appear as well in
would expect each involved agent to be able to meet its assigned
literature [4] as in industrial and professional frameworks.
responsibilities in order to provide efficient monitoring of the
Obligation is a duty which links a responsibility with a task that
security [14] of a network. Indeed, this is an intrinsic
must be performed. We define a task as an action to use or
characteristic of the monitoring system which should be
transform an object.
guaranteed if one is to gain a reliable insight of a network security
The capability describes the requisite qualities, skills or resources posture. The common approach which is to put more emphasis on
necessary to perform a task. Capability may be declined through the well functioning of the network itself need being augmented
knowledge or know-how, possessed by the agent such as ability to with a critical evaluation of the monitoring system to ensure the
make decision, its processing time, its faculty to analyze a reliability of its operations. This is relevant since links between
problem, and its position on the network. entities part of the monitoring system may break, agents with the
task of conducting the verification and measurements may fail to
The right is common component but is not systematically fulfill their tasks and obligations for a range of raisons including:
embedded in all frameworks. Right encompasses facilities
required by an agent to fulfill his obligations e.g. the access right Erroneous assignment of their rights or alteration of the latter
that the agent gets once he is assigned responsible. during runtime [16].
The commitment pledged by the agent related to this assignment Agents capabilities may be insufficient for accomplishing a
represents his required engagement to fulfill a task and the task assigned to them
conviction that he does it in respect of good practices. The
An accumulation of tasks for an agent may result in an
commitment in MAS has already been subject to many researches overload and subsequently a failure to meet some of its
[6]. The semantic analyze of the commitment [7] and [8] responsibilities.
advocates for considering trust between agents as a pragmatic
commitment antecedent [1]. And so forth.
Table 1: Responsibilities instantiation
Obligations concerning Task Capabilities Mapping of Mapping of
Capabilities to Rights to
Level of Trust Rights Obligations Obligations
O1: Must retrieve the logs from the C1: Is on the same network as the component to control C1, C4, C6, C7 R1, R2, R4
component it monitors C2: Be able to communicate with the PDP
C3: Be able to communicate with the facilitator agent
O2: Must provide an immediate reaction if
C4: Have enough computing resource to monitor the component
necessary C1, C2, C4 R3
to control
O3: Must communicate with the facilitator C5: Be able to communicate with the MAS management layer
C6. Must be able to encrypt data
PEP
requested component C2. Has a significant bandwidth depending on the network size C1, C2 R1, R2, R3
O2: Make a mapping between the C3. Be able to perform backup of the white page and yellow page
component name and the IP address and database C3 R1, R2, R3
keep backup
R1. Allow to read and write to the white pages services database
T: 5,099 R2. Allow to read and write to the yellow pages services database
R3. Allow to read information about the topology of the network
O1: Must retrieve the logs from the component it monitors C1, C4, C6, C7 R1, R2, R4 1
O2: Must provide an immediate reaction if necessary C1, C4 R3 0
PEP
O1: Based on the incident report from the PEP, must decide C1, C2 R1, R2, 0
which reaction policy is appropriate to be deployed by the PEP
PDP
O2: Must communicate with the facilitator to get the address C1, C3, C4 R1, R2 1
of the other components (PDP, PIE, Facilitator) and make back
up
T:4
O1: Must communicate with the PEP or others ACE to
receive alert message C2, C3, R4 0
O2. Must correlate the Alerts from different PEP or from
ACE
O1: Must provide IT addresses of the requested component C1, C2 R1, R2, R3 1
Facili-
O2: Make a mapping between the component name and the R1, R2, R3 0
tator
Obligation O1 of the PDP also suffers the lack of R3 which gives other ACEs to receive alerts since it cannot decrypt the message
the PDP the right to actually read the policy status and deploy a protocol coming from the PEP (C4). The facilitators obligation to
problem solving mechanism. The ACE as the agent responsible for keep back up (O1) can hardly be satisfied given the required
receiving alerts from nodes within the network cannot current meet capability C3 is currently not there.
its obligation O1 which is about communicating with the PEP and
6. CONCLUSIONS [5] B. C. Stahl, Accountability and reflective responsibility in
information systems. In: C. Zielinski et al. The information society
Critical infrastructures are more and more present and needs to be - emerging landscapes. Springer, 2006, pp. 51 -68.
seriously managed and monitor regarding the increasing amount [6] P. Munindar Singh, Semantical Considerations on Dialectical and
of threats. This paper presents a solution to automatically react Practical Commitments. Proceedings of the 23rd Conference on
after an incident on a wireless network based on MAS Artificial Intelligence (AAAI). July 2008
architecture. The system initially based on static assignments of [7] M. J. Smith and M. Desjardins. 2009. Learning to trust in the
function to agents needed more dynamicity in order to stay competence and commitment of agents. Autonomous Agents and
aligned with the new arising risks. Multi-Agent Systems 18, 1, 36-82.
[8] J.Broersen, Mehdi Dastani, Zhisheng Huang, and Leendert W. N.
In this position paper, we firstly enhance our previous works by van der Torre. 2002. Trust and Commitment in Dynamic Logic.
providing a conceptual representation of the agent responsibilities. EurAsia-ICT '02, Springer-Verlag, London, UK, 677-684.
Our solution exploits the concept of agents obligations regarding [9] N.R Jennings, An agent-based software engineering, Agent
tasks, the concepts of right and capability required to satisfy an Oriented Software Engineering, in the Proceedings of the 9th
obligation and the concept of trust that represent the reliance that European Workshop on Modeling Autonomous Agents in a Multi-
an agent to act as it is requested . Secondly, based on that Agent World (MAAMAW-99), Valencia, Spain.
definition of the agents responsibilities, a conviction level can be [10] P. Ciancarini, and M. Wooldridge, AgentOriented Software
estimated in order to determine the confidence that the agent can Engineering in Procceedings of the 22nd International Conference
meet its responsibilities. In the event of such conviction level on Software Engineering, June 2000, pp. 816-817.
being low, decisions can be made as to whether to shift the [11] M.Ouedraogo, H. Mouratidis, D. Khadraoui and E.Dubois, An
fulfillment of such a responsibility to a different agent. agent based system to support assurance of security requirement., in
proceeding of the fourth IEEE international conference on secure
The architecture that we exploit to demonstrate the enhanced software integration and reliability improvement (SSIRI 2010)
reaction mechanism relies on ReD, which is being tested and [12] C. Feltus, E. Dubois, E. Proper, I. Band, M. Petit, Enhancing the
currently produced in our deployment lab case. Practically ReD ArchiMate Standard with a Responsibility Modeling Language
defines the structural bases for the alert mechanism that we have for Access Rights Management, 5th ACM International Conference
exploited in the paper in order to illustrate the BARWAN project. on Security of Information and Networks (ACM SIN 2012), Jaipur,
Rajastan, India. doi>10.1145/2388576.2388577
Additional lab case demonstrations are currently running and
more formal result are being generated within the CockpiCI [13] Jennings, N. R. (2001). An agent-based approach for building
complex software systems. Communications of the ACM, 44(4),
project [18, 19]. The outcomes of these field experiments already 35-41.
underline the accuracy of the expected conviction model
[14] Schranz, Paul Steven. "VoIP security monitoring & alarm system."
outcomes and strengthen to recalculate the assurance value within U.S. Patent Application 10/694,678.
trust function perspective.
[15] Zaher, A. S., & McArthur, S. D. J. (2007, July). A multi-agent fault
detection system for wind turbine defect recognition and diagnosis.
7. ACKNOWLEGMENTS In Power Tech, 2007 IEEE Lausanne (pp. 22-27). IEEE.
This research is supported and funded by the European FP7-
[16] Sadeghi, A. R., Wolf, M., Stble, C., Asokan, N., & Ekberg, J. E.
Security project CockpiCI, Cybersecurity on SCADA: risk (2007). Enabling fairer digital rights management with trusted
prediction, analysis and reaction tools for Critical Infrastructures. computing. In Information Security (pp. 53-70). Springer Berlin
Heidelberg.
8. REFERENCES [17] Kalinowski, J., Stuart, A., Wamsley, L., & Rastatter, M. P. (1999).
[1] Gateau, B.; Khadraoui, D.; Feltus, C., "Multi-agents system service Effects of monitoring condition and frequency-altered feedback on
based platform in telecommunication security incident reaction," stuttering frequency. Journal of Speech, Language and Hearing
Information Infrastructure Symposium, 2009. GIIS '09. Global , Research, 42(6), 1347.
vol., no., pp.1,6, 23-26 June 2009. doi: 10.1109/GIIS.2009.5307083 [18] Jonathan. Blangenois, Guy. Guemkam, Christophe Feltus, Djamel
[2] E. A. Brewer, R. H. Katz, E. Amir, H. Balakrishnan, Y. Chawathe, Khadraoui, Organizational Security Architecture for Critical
A. Fox, SS. D. Gribble, T. Hodes, G. Nguyen, V. N. Padmanabhan, Infrastructure, 8th International Workshop on Frontiers in
M. Stemm, S. Seshan, T. Henderson, A network Architecture for Availability, 8th FARES 2013, IEEE, Germany.
Heterogeneous Mobile Computing, IEEE Personal Communications [19] Djamel Khadraoui, Christophe Feltus, Critical Infrastructures
Magazine, Oct. 1998 Governance - Exploring SCADA Cybernetics through
[3] Christophe Feltus, Michal Petit, Building a Responsibility Model Architectured Policy Semantic, IEEE SMC 2013, UK.
Including Accountability, Capability and Commitment, ARES [20] Christophe Feltus, Michal Petit, and Eric Dubois. 2009.
2009, Fukuoka, Japan. doi: 10.1109/ARES.2009.45 Strengthening employee's responsibility to enhance governance of
[4] B. Gteau. Modlisation et Supervision d'Institutions Multi-Agents. IT: COBIT RACI chart case study. In Proceedings of the first ACM
PhD Thesis held in cooperation with Ecole Nationale Superieure workshop on Information security governance (WISG '09). ACM,
des Mines de Saint Etienne and CRP Henri Tudor, defended in New York, NY, USA, 23-32. DOI=10.1145/1655168.1655174
Luxembourg the 26th of June 2007. http://doi.acm.org/10.1145/1655168.1655174