Modeling Observability in Adaptive Systems to Defend Against Advanced Persistent Threats
Cody Kinneer,
Ryan Wagner, Fei Fang, Claire Le Goues and
David Garlan.
In Proceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for Systems Design (MEMCODE\'19), San Diego, USA, 9-11 October 2019.
Online links:
Abstract
Advanced persistent threats (APTs) are a particularly troubling challenge
for software systems. The adversarial nature of the security
domain, and APTs in particular, poses unresolved challenges to
the design of self-* systems, such as how to defend against multiple
types of attackers with different goals and capabilities. In
this interaction, the observability of each side is an important and
under-investigated issue in the self-* domain. We propose a model
of APT defense that elevates observability as a first-class concern.
We evaluate this model by showing how an informed approach that
uses observability improves the defender’s utility compared to a
uniform random strategy, can enable robust planning through sensitivity
analysis, and can inform observability-related architectural
design decisions. |
Keywords: Science of Security, Self-adaptation.
@InProceedings{Kinneer:2019:observability,
AUTHOR = {Kinneer, Cody and Wagner, Ryan and Fang, Fei and Le Goues, Claire and Garlan, David},
TITLE = {Modeling Observability in Adaptive Systems to Defend Against Advanced Persistent Threats},
YEAR = {2019},
MONTH = {9-11 October},
BOOKTITLE = {Proceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for Systems Design (MEMCODE\'19)},
ADDRESS = {San Diego, USA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/memocode2019.pdf},
ABSTRACT = {Advanced persistent threats (APTs) are a particularly troubling challenge
for software systems. The adversarial nature of the security
domain, and APTs in particular, poses unresolved challenges to
the design of self-* systems, such as how to defend against multiple
types of attackers with different goals and capabilities. In
this interaction, the observability of each side is an important and
under-investigated issue in the self-* domain. We propose a model
of APT defense that elevates observability as a first-class concern.
We evaluate this model by showing how an informed approach that
uses observability improves the defender’s utility compared to a
uniform random strategy, can enable robust planning through sensitivity
analysis, and can inform observability-related architectural
design decisions.},
KEYWORDS = {Science of Security, Self-adaptation} }
|