Architecture-based self-protecting software systems

Authors:
Eric Yuan;Sam Malek;Bradley Schmerl;David Garlan;Jeff Gennari
Affiliations:
George Mason University, Fairfax, VA, USA;George Mason University, Fairfax, VA, USA;Carnegie Mellon University, Pittsburgh, PA, USA;Carnegie Mellon University, Pittsburgh, PA, USA;Carnegie Mellon University, Pittsburgh, PA, USA
Venue:
Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures
Year:
2013

Citing 17
Cited 0

Acme: architectural description of component-based systems

Foundations of component-based systems
Practical byzantine fault tolerance and proactive recovery

ACM Transactions on Computer Systems (TOCS)
The Vision of Autonomic Computing

Computer
Software Rejuvenation: Analysis, Module and Applications

FTCS '95 Proceedings of the Twenty-Fifth International Symposium on Fault-Tolerant Computing
Security in an autonomic computing environment

IBM Systems Journal
Rainbow: Architecture-Based Self-Adaptation with Reusable Infrastructure

Computer
ADEPTS: Adaptive Intrusion Response Using Attack Graphs in an E-Commerce Environment

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
A taxonomy of intrusion response systems

International Journal of Information and Computer Security
Organizing Security Patterns

IEEE Software
Evaluating the effectiveness of the Rainbow self-adaptive system

SEAMS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems
Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery

IEEE Transactions on Parallel and Distributed Systems
VASP: virtualization assisted security monitor for cross-platform protection

Proceedings of the 2011 ACM Symposium on Applied Computing
Architecture-based run-time fault diagnosis

ECSA'11 Proceedings of the 5th European conference on Software architecture
A Comparison of Intrusion-Tolerant System Architectures

IEEE Security and Privacy
Combining intrusion detection and recovery for enhancing system dependability

DSNW '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops
Stitch: A language for architecture-based self-adaptation

Journal of Systems and Software
Diagnosing architectural run-time failures

Proceedings of the 8th International Symposium on Software Engineering for Adaptive and Self-Managing Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Since conventional software security approaches are often manually developed and statically deployed, they are no longer sufficient against today's sophisticated and evolving cyber security threats. This has motivated the development of self-protecting software that is capable of detecting security threats and mitigating them through runtime adaptation techniques. In this paper, we argue for an architecture-based self- protection (ABSP) approach to address this challenge. In ABSP, detection and mitigation of security threats are informed by an architectural representation of the running system, maintained at runtime. With this approach, it is possible to reason about the impact of a potential security breach on the system, assess the overall security posture of the system, and achieve defense in depth. To illustrate the effectiveness of this approach, we present several architecture adaptation patterns that provide reusable detection and mitigation strategies against well-known web application security threats. Finally, we describe our ongoing work in realizing these patterns on top of Rainbow, an existing architecture-based adaptation framework.