Eric Yuan
David Garlan
ABSTRACT
Since conventional software security approaches are often manually developed and statically deployed, they are no longer sufficient against today's sophisticated and evolving cyber security threats. This has motivated the development of self-protecting software that is capable of detecting security threats and mitigating them through runtime adaptation techniques. In this paper, we argue for an architecture-based self- protection (ABSP) approach to address this challenge. In ABSP, detection and mitigation of security threats are informed by an architectural representation of the running system, maintained at runtime. With this approach, it is possible to reason about the impact of a potential security breach on the system, assess the overall security posture of the system, and achieve defense in depth. To illustrate the effectiveness of this approach, we present several architecture adaptation patterns that provide reusable detection and mitigation strategies against well-known web application security threats. Finally, we describe our ongoing work in realizing these patterns on top of Rainbow, an existing architecture-based adaptation framework.
- Barna, C. et al. Model-based adaptive dos attack mitigation. In International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS) (2012), pp. 119--128.Google Scholar
- Casanova, P. et al. Diagnosing architectural run-time failures. To appear in SEAMS, 2013. Google ScholarDigital Library
- Casanova, P. et al. Architecture-based run-time fault diagnosis. In Proceedings of the 5th European Conference on Software Architecture (2011). Google ScholarDigital Library
- Castro, M., and Liskov, B. Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20, 4 (Nov. 2002), 398--461. Google ScholarDigital Library
- Cheng, S.-W., and Garlan, D. Stitch: A language for architecture-based self-adaptation. Journal of Systems and Software, Special Issue on State of the Art in Self-Adaptive Systems 85, 12 (December 2012). Google ScholarDigital Library
- Cheng, S.-W. et al. Evaluating the effectiveness of the rainbow self-adaptive system. In ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems, 2009. SEAMS '09 (May 2009), pp. 132--141. Google ScholarDigital Library
- Chess, D. M. et al. Security in an autonomic computing environment. IBM Systems Journal 42, 1 (2003), 107--118. Google ScholarDigital Library
- Foo, B. et al. ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In International Conference on Dependable Systems and Networks, 2005. DSN 2005. Proceedings (July 2005), pp. 508--517. Google ScholarDigital Library
- Garlan, D. et al. Rainbow: Architecture-based self-adaptation with reusable infrastructure. IEEE Computer 37, 10 (Oct. 2004), 46--54. Google ScholarDigital Library
- Garlan, D. et al. Acme: Architectural Description of Component-Based Systems. In Foundations of Component-Based Systems, G. Leavens and M. Sitaraman, Eds. Cambridge University Press, 2000, pp. 47--68. Google ScholarDigital Library
- Gennari, J., and Garlan, D. Measuring attack surface in software architecture. Tech. Rep. CMU-ISR-11-121, Institute for Software Research, School of Computer Science, Carnegie Mellon University, 2011.Google Scholar
- Hafiz, M. et al. Organizing security patterns. IEEE Software 24, 4 (Aug. 2007), 52--60. Google ScholarDigital Library
- Huang, Y. et al. Software rejuvenation: analysis, module and applications. In , Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995. FTCS-25. Digest of Papers (June 1995), pp. 381--390. Google ScholarDigital Library
- Kephart, J., and Chess, D. The vision of autonomic computing. Computer 36, 1 (Jan. 2003), 41--50. Google ScholarDigital Library
- Kitchenham, B. Procedures for performing systematic reviews. Keele, UK, Keele University 33 (2004).Google Scholar
- Li, M., and Li, M. An adaptive approach for defending against ddos attacks. Mathematical Problems in Engineering (2010).Google Scholar
- Nagarajan, A. et al. Combining intrusion detection and recovery for enhancing system dependability. In 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W) (June 2011), pp. 25--30. Google ScholarDigital Library
- Nguyen, Q., and Sood, A. A comparison of intrusion-tolerant system architectures. IEEE Security Privacy 9, 4 (Aug. 2011), 24--31. Google ScholarDigital Library
- North, D. A tutorial introduction to decision theory. IEEE Transactions on Systems Science and Cybernetics 4, 3 (1968), 200--210.Google ScholarCross Ref
- Okhravi, H. et al. Creating a cyber moving target for critical infrastructure applications using platform diversity. International Journal of Critical Infrastructure Protection 5, 1 (Mar. 2012), 30--39.Google ScholarCross Ref
- OWASP.org. Cross-site scripting (XSS) - OWASP. https://www.owasp.org/index.php/Cross- siteScripting (XSS).Google Scholar
- OWASP.org. Owasp top ten project. https://www.owasp.org/index.php/Category: OWASP Top Ten Project.Google Scholar
- Sibai, F., and Menasce, D. Defeating the insider threat via autonomic network capabilities. In 2011 Third International Conference on Communication Systems and Networks (COMSNETS) (Jan. 2011).Google ScholarCross Ref
- Sousa, P. et al. Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Transactions on Parallel and Distributed Systems 21, 4 (Apr. 2010), 452--465. Google ScholarDigital Library
- Stakhanova, N. et al. A taxonomy of intrusion response systems. International Journal of Information and Computer Security 1, 1 (Jan. 2007), 169--184. Google ScholarDigital Library
- The MITRE Corporation. CWE - 2011 CWE/SANS top 25 most dangerous software errors. http://cwe.mitre.org/top25/.Google Scholar
- The MITRE Corporation. CWE-89: improper neutralization of special elements used in an SQL command ('SQL injection'). http://cwe.mitre.org/data/definitions/89.html.Google Scholar
- Valdes, A. et al. An architecture for an adaptive intrusion-tolerant server. In Security Protocols, B. Christianson, B. Crispo, J. Malcolm, and M. Roe, Eds., vol. 2845 of Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2004, pp. 569--574.Google Scholar
- Wang, F. et al. SITAR: a scalable intrusion-tolerant architecture for distributed services. In Foundations of Intrusion Tolerant Systems, 2003 (2003), pp. 359--367.Google ScholarCross Ref
- Yoshioka, N. et al. A survey on security patterns. Progress in Informatics 5, 5 (2008), 35--47.Google Scholar
- Yuan, E., and Malek, S. A taxonomy and survey of self-protecting software systems. In International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS) (2012).Google ScholarCross Ref
- Yuan, E. et al. A survey of self-protecting software systems. In ACM Transactions on Autonomous and Adaptive Systems (TAAS) (June 2013).Google Scholar
- Zhu, M. et al. VASP: virtualization assisted security monitor for cross-platform protection. In Proceedings of the 2011 ACM Symposium on Applied Computing (2011), pp. 554--559. Google ScholarDigital Library
Index Terms
- Architecture-based self-protecting software systems
Recommendations
Towards realizing self-protecting SCADA systems
CISR '14: Proceedings of the 9th Annual Cyber and Information Security Research ConferenceSCADA (supervisory control and data acquisition) systems are prime cyber attack targets due to potential impacts on properties, economies, and human lives. Current security solutions, such as firewalls, access controls, and intrusion detection and ...
Self-protection against business logic vulnerabilities
SEAMS '20: Proceedings of the IEEE/ACM 15th International Symposium on Software Engineering for Adaptive and Self-Managing SystemsAttacks against business logic rules occur when the attacker exploits the domain rules in a malicious way. Such attacks have not received sufficient attention in research so far. In this paper, we propose a novel self-protecting approach that defends a ...
A Game-Theoretical Self-Adaptation Framework for Securing Software-Intensive Systems
Security attacks present unique challenges to the design of self-adaptation mechanism for software-intensive systems due to the adversarial nature of the environment. Game-theoretical approaches have been explored in security to model malicious behaviors ...
Comments