3-level Module for Security Agent

Like human being, an agent needs to know the following for a given task:

1. security policy: what security rule can satisfy the security requirements. (e.g. which or what kinds of agents can access a certain kind of information?)
2. security protocol: how to put the policy into effect. (e.g. do the job step by step to reach the goal.)
3. security operation: in each step, what operation should be carried out on which object. (e.g. verify signature on query to check the integrity of query, etc.)

This top-down analysis gives us a hint for designing the architecture for security agent.
The security agent architecture is based on the agent architecture we have developed in the RETSINA multistage infrastructure[14]In RETSINA, an agent consists of a set of functional modules, each module would deal with a specific job. For instance, ``communicator'' module deals with the communication with other agents. Three modules are directly involved into agent security: agent editor, planner, and security module, which are corresponding to the three level works, policy specification, protocol generation, and operation execution.
Defining a set of security policies for a given task is the first level job for agent security and it would be done during the period the owner of the agent customizes his agent through the agent editor.
A security protocol is generated by ``planner'' for the agent to complete the task according to the security policy. This is the second level job.
To execute the security protocol, some basic security functions, such as encryption, decryption, signing, verification, etc. would be called during the execution of task. This is the third level job done by security execution module. The detailed architecture will be discussed later.
The relationship among cryptographic functions, security operations, security mechanisms, security protocol, and security policy are showed in Figure 2.2.