The buck stops here: trust management in multi-agent systems with accountability

Much of security in multi-agent systems is based on models where each agent declares limits on what other agents are permitted to receive. Traditional systems are engineered to operate without violating their agents' cumulative declared constraints (V. Swarup and J. T. Fbrega, 1999 and J. Vitek and C. J., 1999). In contrast, here, we consider a trust model that is suited for use by ensembles of closely coupled agents operating in a system supporting agent accountability using audit trails for information flows. In such systems, an agent does not require enforcement of absolute limits on what other agents receive, but instead seeks assurance that its personal liabilities never exceeded its declared risk tolerance. In short, each agent expects the system to behave in a manner which respects its declared accountability constraints - quantitative limits on what the agent agrees to be held accountable for sending. This paper outlines a suite of protocols with which a multi-agent system can fulfill the cumulative accountability (K. Aberer and Z. Despotovic, 2001) constraints of its constituent agents, and avoid subjecting any individual agent to greater liability than its declared risk tolerance. The protocols are shown to be efficient in a dynamic network setting, and are analyzed under a comprehensive set of failure models including link delay, link failure, and limited corruption in the control and data processing logic of agents.