Applying Security Standards to Multi Agent Systems


There is a growing need for the evaluation and certification of distributed systems regarding security standards. Almost all existing multi-agent systems that have been developed in the context of the telecommunications market ne-glect strong security evaluations. In particular, an evaluation of a multi-agent system based on the widely accepted and well known Common Criteria standard has not been carried out successfully yet. A certified agent envi-ronment must at least support the areas: Protection of user data, strength of cryptography, and agent communication. Furthermore, the evaluation assurance level EAL3 requires an investigation of the environment aspects, such as configuration management, lifecycle support, product delivery, administration guidance, testing, functional and high level specifications, and a vulnerability analysis concluding the evaluation. This paper describes the experiences of cer-tifying the Serviceware Framework JIAC IV, a multi-agent system in compliance with the Common Criteria security standard.

author = {...},
title = {...},
booktitle = {...},
year = {...},
isbn = {...},
pages = {...},
location = {...},
doi = {...},
publisher = {...},
address = {...},
Tim nologin, Olaf Kroll-Peters
Proceedings of the First International Workshop on Safety and Security in Multiagent Systems, Sasamas'04, AAMAS'04, New York