Belief change operations under confidentiality requirements in multiagent systems

Abstract

Multiagent systems are populated with autonomous computing entities called agents which pro-actively pursue their goals. The design of such systems is an active field within artificial intelligence research with one objective being flexible and adaptive agents in dynamic and inaccessible environments. An agent's decision-making and finally its success in achieving its goals crucially depends on the agent's information about its environment and the sharing of information with other agents in the multiagent system. For this and other reasons, an agent's information is a valuable asset and thus the agent is often interested in the confidentiality of parts of this information. From research in computer security it is well-known that confidentiality is not only achieved by the agent's control of access to its data, but by its control of the flow of information when processing the data during the interaction with other agents. This thesis investigates how to specify and enforce the confidentiality interests of an agent D while it reacts to iterated query, revision and update requests from another agent A for the purpose of information sharing. First, we will enable the agent D to specify in a dedicated confidentiality policy that parts of its previous or current belief about its environment should be hidden from the other requesting agent A. To formalize the requirement of hiding belief, we will in particular postulate agent A's capabilities for reasoning about D's belief and about D's processing of information to form its belief. Then, we will relate the requirements imposed by a confidentiality policy to others in the research of information flow control and inference control in computer security. Second, we will enable the agent D to enforce its confidentiality aims as expressed by its policy by refusing requests from A at a potential violation of its policy. A crucial part of the enforcement is D's simulation of A's postulated reasoning about D's belief and the change of this belief. In this thesis, we consider two particular operators of belief change: an update operator for a simple logic-oriented database model and a revision operator for D's assertions about its environment that yield the agent's belief after its nonmonotonic reasoning. To prove the effectiveness of D's means of enforcement, we study necessary properties of D's simulation of A and then based on these properties show that D's enforcement is effective according to the formal requirements of its policy.