Towards Using Possibilistic Information Flow Control to Design Secure Multiagent Systems

  • Axel Schairer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2802)


We show how security requirements, in particular confidentiality requirements, for a whole multiagent system can formally be decomposed into confidentiality requirements for the agents. The decomposition assumes that there is some control over, or trust in, a subset of the agents and that the platform is trusted to satisfy certain reasonable assumptions. It is generic over the internal execution model of the agents. The decomposition is carried out in full detail for one specific class of confidentiality requirements, yielding a theorem that can be directly applied to derive confidentiality requirements for single agents from the overall requirement. Similar decompositions for other global requirements or under slightly different assumptions about the platform can be carried out along the same lines.

For expressing security requirements we use an existing framework for possibilistic information flow control, profitting from, e.g., the framework’s available composition results. The decomposition, because it is carried out formally and rests on a well-studied framework, is fully rigorous and the resulting property of the overall system is well-understood.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biskup, J., Bonatti, P.: Confidentiality policies and their enforcement for controlled query evaluation. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, p. 39. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Hutter, D., Mantel, H., Schairer, A.: Informationsflusskontrolle als Grundlage für die Sicherheit von Multiagentensystemen. Praxis der Informationsverarbeitung und Kommunikation 26(1) (2003)Google Scholar
  3. 3.
    Mantel, H.: Possibilistic definitions of security – an assembly kit. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop (2000)Google Scholar
  4. 4.
    Mantel, H.: Unwinding possibilistic security properties. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Mantel, H.: On the composition of secure systems. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)Google Scholar
  6. 6.
    Mantel, H., Sabelfeld, A.: A generic approach to the security of multi-threaded programs. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop (2001)Google Scholar
  7. 7.
    Reiser, H., Vogt, G.: Security requirements for management systems using mobile agents. In: Proceedings of the 5th IEEE Symposium on Computers and Communications (2000)Google Scholar
  8. 8.
    Schaefer, I.: Secure mobile multiagent systems in virtual marketplaces. A case study on comparison shopping. Research Report RR-02-02, Deutsches Forschungszentrum für Künstliche Intelligenz, DFKI GmbH (2002)Google Scholar
  9. 9.
    Subrahmanian, V.S., Bonatti, P., Dix, J., Eiter, T., Kraus, S., Özcan, F., Ross, R.: Secure agent programs. In: Heterogeneous Agent Systems, ch. 10, MIT Press, Cambridge (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Axel Schairer
    • 1
  1. 1.German Research Center for Artificial Intelligence (DFKI GmbH)SaarbrückenGermany

Personalised recommendations