Home   Research Publications Members Related Software
IndexBrowse   BibliographiesMy selection
 Search: in   (word length ≥ 3)
      Login
Publication no #405   Download bibtex file Type :   Html | Bib | Both
Add to my selection
Architecture-Based Self-Protection: Composing and Reasoning about Denial-of-Service Mitigations

Bradley Schmerl, Javier Cámara, Jeffrey Gennari, David Garlan, Paulo Casanova, Gabriel A. Moreno, Thomas J. Glazier and Jeffrey M. Barnes.


In HotSoS 2014: 2014 Symposium and Bootcamp on the Science of Security, Raleigh, NC, USA, 8-9 April 2014.

Online links: PDF PPT   Bibtex entry   Plain Text

Abstract
Security features are often hardwired into software applications, making it difficult to adapt security responses to reflect changes in runtime context and new attacks. In prior work, we proposed the idea of architecture-based self-protection as a way of separating adaptation logic from application logic and providing a global perspective for reasoning about security adaptations in the context of other business goals. In this paper, we present an approach, based on this idea, for combating denial-of- service (DoS) attacks. Our approach allows DoS-related tactics to be composed into more sophisticated mitigation strategies that encapsulate possible responses to a security problem. Then, utility-based reasoning can be used to consider diff erent business contexts and qualities. We describe how this approach forms the underpinnings of a scientific approach to self-protection, allowing us to reason about how to make the best choice of mitigation at runtime. Moreover, we also show how formal analysis can be used to determine whether the mitigations cover the range of conditions the system is likely to encounter, and the e ffect of mitigations on other quality attributes of the system. We evaluate the approach using the Rainbow self-adaptive framework and show how Rainbow chooses DoS mitigation tactics that are sensitive to diff erent business contexts.

Keywords: Assurance, Autonomic Systems, Landmark, Model Checking, Rainbow, Science of Security, Self-adaptation, Stitch.  
    Created: 2014-01-07 09:12:28     Modified: 2016-05-27 02:00:05
Feedback: ABLE Webmaster
Last modified: Tue June 20 2017 16:43:41
        BibAdmin