Design and Analysis of Self-protection: Adaptive Security for Software-Intensive Systems-Reference-Cited by-同舟云学术

Design and Analysis of Self-protection: Adaptive Security for Software-Intensive Systems

Published: Issue: Volume: Page:
ISSN:
Container-title:
language:
Short-container-title:

Author:

,Skandylas Charilaos^ORCID,

Abstract

Today's software landscape features a high degree of complexity, frequent changes in requirements and stakeholder goals, and uncertainty.Uncertainty and high complexity imply a threat landscape where cybersecurity attacks are a common occurrence while their consequences are often severe. Self-adaptive systems have been proposed to mitigate the complexity and frequent changes by adapting at run-time to deal with situations not known at design time.Self-adaptive systems that aim to identify, analyse and mitigate threats autonomously are called self-protecting systems.This thesis contributes approaches towards developing systems with self-protection capabilities under two perspectives. Under the first perspective, we enhance the security of component-based systems and equip them with self-protection capabilities that reduce the exposedattack surface or provide efficient defenses against identified attacks. We target systems where information about the system components and the adaptationdecisions is available, and control over the adaptation is possible. We employ runtime threat modeling and analysis using quantitative risk analysis and probabilistic verification to rank adaptations to be applied in the system in terms of their security levels. We then introduce modular and incremental verification approaches to tackle the scalability issues of probabilistic verification to be able to analyze larger-scale software systems.To protect against cyberattacks that cannot be mitigated by reducing the exposed attack surface, we propose an approach to analyze the security of different software architectures incorporating countermeasures to decide on the most suitable ones to evolve to. Under the second perspective, we study open decentralized systems where we have limited information about and limited control over the system entities. We employ decentralized information flow control mechanisms to enforce security by controlling the interactions among the system elements.We extend decentralized information flow control by incorporating trust and adding adaptationcapabilities that allow the system to identify security threats and self-organize to maximize trust between the system entities.

Publisher

Linnaeus University

Reference320 articles.

1. [1] Habtamu Abie. Adaptive security and trust management for autonomic message-oriented middleware. In IEEE 6th International Conference on Mobile Adhoc and Sensor Systems, MASS 2009, 12-15 October 2009, Macau (S.A.R.), China, pages 810-817. IEEE Computer Society, 2009. doi:10.1109/MOBHOC.2009.5336915.

2. [2] Sheikh Iqbal Ahamed, Munirul M. Haque, Md. Endadul Hoque, Farzana Rahman, and Nilothpal Talukder. Design, analysis, and deployment of omnipresent formal trust model (FTM) with trust bootstrapping for pervasive environments. Journal of Systems and Software, 83(2):253-270, 2010. doi:10.1016/j.jss.2009.09.040.

3. [3] José Bacelar Almeida, Maria João Frade, Jorge Sousa Pinto, and Simão Melo de Sousa. An Overview of Formal Methods Tools and Techniques, pages 15-44. Springer London, London, 2011. doi:10.1007/978-0-85729-018-2_2.

4. [4] Florina Almenárez, Andrés Marín, Daniel Díaz Sánchez, Alberto Cortés, Celeste Campo, and Carlos García-Rubio. Trust management for multimedia P2P applications in autonomic networking. Ad Hoc Networks, 9(4):687-697, 2011. doi:10.1016/j.adhoc.2010.09.005.

5. [5] Hussain M. J. Almohri, Layne T. Watson, Danfeng Yao, and Xinming Ou. Security optimization of dynamic networks with probabilistic graph modeling and linear programming. IEEE Transactions on Dependable and Secure Computing, 13(4):474-487, 2016. doi:10.1109/TDSC.2015.2411264.