Attacking agent-based systems

Agent-based systems add unique aspects to assessment activity and require the use of traditional tools and techniques in new or unconventional ways and the development of new, domain-customized tools. Agent-based system assessments must address the same issues as those of traditional systems: unsafe programming practices, such as failure to validate inputs or use of insecure libraries. Assessments of agent-based systems should also include "system-of-systems" concepts. Complex systems interact with and rely on other systems that may exist independently. A system-of-systems assessment identifies systems and their behaviors and considers ways that those behaviors can interact to harm the complex system. Attacks are then developed to cause the desired behavior. Agent-based systems are aware of and respond to their environment through adaptation and evolution. They require assessment through concepts normally reserved for humans. Just as adversaries cause humans to react in ways advantageous to the attacker, agent-based system assessors must cause agents to react. These assessments require "social engineering" of the agents just as simpler systems may require "social engineering" of users and administrators. This paper discusses the application of existing and new tools and techniques to agent system assessments including descriptions of actual and theoretical attacks.