A security oriented approach in the development of multiagent systems : applied to the management of the health and social care needs of older people in England
Security can play an important role in the development of some multi agent
systems. However, a careful analysis of software development processes indicates
that the definition of security requirements is, usually, considered after the design of
the system. This approach, usually, leads to problems, such as conflicts between
security and functional requirements, which can translate into security
vulnerabilities. As a result, the integration of security issues in agent oriented
software engineering methodologies has been identified as an important issue.
Nevertheless, developers of agent oriented software engineering methodologies have
mainly neglected security engineering and in fact very little evidence has been
reported on work that integrates security issues into the development stages of agent
oriented software engineering methodologies.
This thesis advances the current state of the art In agent oriented software
engineering in many ways. It identifies problems associated with the integration of
security and software engineering and proposes a set of minimum requirements that a
security oriented process should demonstrate. It extends the concepts and the
development process of the Tropos methodology with respect to security to allow
developers, even those with minimum security knowledge, to identify desired
security requirements for their multi agent systems, reason about them, and as a result
develop a system that satisfies its security requirements. In doing so, this research
has developed (1) an analysis technique to enable developers to select amongst
alternative architectural styles using as criteria the security requirements of the
system, (2) a pattern language consisting of security patterns for multi agent systems,
and (3) a scenario-based technique that allows developers to test the reaction of the
system to potential attacks.
The applicability of the approach is demonstrated by employing it in the
development of the electronic single assessment process (eSAP) system, a real-life
case study that provided the initial motivation for this research.