Applying Formal Methods to Specify Security Requirements in Multi-Agent Systems

Security has become an important concern with the development of large scale distributed and heterogeneous multi-agent systems (MAS). One of the main problems in addressing security during the development of MAS is that security is often an afterthought. The cost involved to patch existing systems against vulnerabilities and attacks after deployment is high. If developers and designers can spend some quality time investigating security aspects before beginning to code then this cost can be reduced significantly. Also, using formal methods to specify the complex behavior of large scale software systems has resulted in reliable software systems. This research effort was focused on using formal methods early in the development lifecycle to specify security requirements for MAS. New solutions are emerging to fix security related issues, but how much thought gets in during the early phases of development in terms of security needs to be answered. In this paper, analysis of security requirements for MAS, existing solutions to secure MAS, and the use of formal methods to specify security requirements has been studied. Descartes - Agent, a formal specification language for specifying agent systems has been taken into study to model the security requirements of MAS early on in the development process. Functional specifications of MAS are modelled along with the non-functional security requirements using the Descartes - Agent specification language. A case study example is used to illustrate the specification of security requirements in MAS using the Descartes Agent.