Metamodel for Reputation based Agents System

Case Study for Electrical Distribution SCADA Design

Guy Guemkam, Jonathan Blangenois, Christophe Feltus, Djamel Khadraoui
Laboratoire dinformatique de Paris 6, France
Faculty of Computer Science, University of Namur, Belgium
Public Research Centre Henri Tudor, Luxembourg-Kirchberg, Luxembourg

christophe.feltus@tudor.lu

October 13-16, 2013

1

Table of contents
Introduction

ArchiMate
Policy concept and trust value
Case study presentation
Simulations
Conclusions

October 2013

SMC IEEE conference

Table of contents
Introduction

ArchiMate
Policy concept and trust value
Case study presentation
Simulations
Conclusions

October 2013

SMC IEEE conference

Introduction
-

Critical Infrastructures are essential for the functioning of a

society and economy

4 statements:
- CI are monitored and secured by SCADA systems
- SCADA are deployed using agents whish are governed by
policies
- Agents behave based on their own perception of the evolving
environment and according the perceived trust
- SCADA operates at different abstraction levels of the CI

October 2013

SMC IEEE conference

Introduction
Additionally:
- No integrated approach for designing, managing and
monitoring SCADA systems policies
- No consideration of the trust and reputation existing amongst
the agents
Our goal:
Agents modelling framework based on ArchiMate
Integration of Trust based policy

October 2013

SMC IEEE conference

Table of contents
Introduction

ArchiMate
Policy concept and trust value
Case study presentation
Simulations
Conclusions

October 2013

SMC IEEE conference

ArchiMate, the theory

-

Enterprise architecture metamodel

3 abstraction layers (business, application and technical)
3 families of concepts: structural, behavioral, informational
ArchiMate core concepts:

http://pubs.opengroup.org/architecture/archimate2-doc/

October 2013

SMC IEEE conference

ArchiMate
metamodel

6/16/2014

Presentation Tudor

Table of contents
Introduction

ArchiMate
Policy concept and trust value

Policy definition

ArchiMate specialisation for MAS and with the policy concept

Policy function of trust

Case study presentation

Simulations

Conclusions

October 2013

SMC IEEE conference

Organizational Policy

The set of rules that achieves the organizational strategy

That governs the execution of behaviours which serve the
realization of organizational services
That are executed by means of processes, which occurs in a specific
context, symbolized by a configuration of the business object

Application Policy

The set of rules that achieves the application strategy

That governs the execution of behaviours that serve the
realization of application services
That are executed by means of applications, which occurs in a
specific context, symbolized by a configuration of data objects

October 2013

SMC IEEE conference

10

Organisational policy

ArchiMate
metamodel
for MAS
Application policy

Allows defining:
1. Organizational policy
2. Application policy

Policy is defined as a
behavioral rule which is
associated to a concept
from the architecture

October 2013

SMC IEEE conference

11

Policy is a function of the trust

The rules defined by the policy is function of the level of trust

that each agent puts in another.

To derive the level of trustworthiness the agent exploits

information provided by probes.

The implementation of trust mechanisms are translated into

agent through the concept of Policies called Trust Policies.
12

Policy and trust value

The trust value of a component at an upper level is derived from
sublevels agents.
That signifies that, for two given agents A and B, the trust value of agent
B computed by agents A is calculated using the equation adapted
from Guemkam et al. as such:
TAB=ORAB= DRAB+ (1-)(1IRi1B+ 2IRi2B+1IRi3B)
with 1+2+2=1 and 0<<1
DRAB represents the direct reputation of agent B view by agent A
IRi1B represents reputation coming from other agent i1 and 1, 2 and 3
represent the trustworthiness of the associations between each agent.
1, 2 and 3 values calculated based on strategic broadcasting decision
e.g. prioritization of regional broadcasting or technology threat
mitigation.

13

Table of contents
Introduction

ArchiMate
Policy concept and trust value
Case study presentation
Simulations
Conclusions

October 2013

SMC IEEE conference

14

Case Study: Electric power distribution

The ACE Agents collects, aggregates and analyses network information and
confirms alerts are sent to the PIE
The PIE Agents receives a confirmed alert from the ACE, set the severity level
and the extent of the network response (depending on the alert layer). The high
level alert messages are transferred to the RDP.

Septembre 2013

FARES workshop

15

Example of
ArchiMate
Instanciation of the ACE agent

16

Example of
ArchiMate

Policies

Instantiation of all agents

17

Table of contents
Introduction

ArchiMate
Policy concept and trust value
Case study presentation
Simulations
Conclusions

October 2013

SMC IEEE conference

18

Simulation / Environment
We have simulated a heterogeneous network of ACE and PIE
agents running the reputation model.

The framework used for the test environment has been developed
in JAVA and simulate MAS network in a graphical environment.
Each created agent is deployed and is only connected to a central
supervisor (Composed of an Agent Manager and a Graph
Supervisor) that gives him the list of his neighbors depending
of his location on the network with a maximum edge size
between agents.
19

Simulation Protocole
The protocol used asks ACE agents to send a message containing
the collected data from the probe to the nearest PIE every five
seconds.
Test environment represents a city of 50x50km with a maximum of
5 kilometers connection distance between agents.
Simulations have been running several times during 120 seconds
with different load of malicious agents, respectively 10%, 50%
and 90%.

20

Simulation results
For each load of malicious agents in the network we have collected
the trust table of the same PIE agent, representing his perception
of his neighbors ACE
10%
ACE
A73
A71
A80
A45
A55
A56
A66
A32
A35
A0

Rep
0.8
0.86
0.69
0.72
0.91
0.93
0.82
0.8
0.84
0.73

Malicious percentage
50%
ACE
Rep
A73
0.75
A71
0.87
A80
0.55
A45
0.98
A55
0.93
A56
0.0
A66
0.85
A32
0.81
A35
0.92
A0
0.71

90%
ACE
A73
A71
A80
A45
A55
A56
A66
A32
A35
A0

Rep
0.62
0.81
0.15
0.76
0.9
0.36
0.72
0.44
0.99
0.66

As the percentage of malicious growth, the threshold evolves

according to the reputation.
Depending on the connection amongst the agent, the reputation
increases, decreases or fluctuates

21

Table of contents
Introduction

ArchiMate
Policy concept and trust value
Case study presentation
Simulations
Conclusions

October 2013

SMC IEEE conference

22

Conclusions
We have elaborated a specialisation of ArchiMate for MAS
purpose to enrich the agents society collaborations
An trust based policy has been introduced and described to
enhance the modelling of the agent evolution in its
environment
Finally, we have simulated a heterogeneous network of ACE and
PIE agents running the reputation model with different load of
malicious agents.
As future works, additional validations are expected in the next
months on larger scale infrastructures. In parallel, a supporting
tool is being developed.

October 2013

SMC IEEE conference

23

Acknowledgments
The research described in this paper is funded by the
CockpitCI research project within the 7th framework
Programme (FP7) of the European Union (EU) (topic SEC2011.2.5-1 Cyber-attacks against critical infrastructures
Capability Project).

Thank you for your attention !

Any questions ?