lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
AT-DIFC +: Toward Adaptive and Trust-Aware Decentralized Information Flow Control
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). (ERES)ORCID iD: 0000-0002-5057-2790
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). (ERES)ORCID iD: 0000-0002-0377-5595
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM).ORCID iD: 0000-0001-5471-551x
2020 (English)In: ACM Transactions on Autonomous and Adaptive Systems, ISSN 1556-4665, E-ISSN 1556-4703, Vol. 15, no 4, article id 13Article in journal (Refereed) Published
Abstract [en]

Modern software systems and their corresponding architectures are increasingly decentralized, distributed, and dynamic. As a consequence, decentralized mechanisms are required to ensure security in such architectures. Decentralized Information Flow Control (DIFC) is a mechanism to control information flow in distributed systems. This article presents and discusses several improvements to an adaptive decentralized information flow approach that incorporates trust for decentralized systems to provide security. Adaptive Trust-Aware Decentralized Information Flow (AT-DIFC+) combines decentralized information flow control mechanisms, trust-based methods, and decentralized control architectures to control and enforce information flow in an open, decentralized system. We strengthen our approach against newly discovered attacks and provide additional information about its reconfiguration, decentralized control architectures, and reference implementation. We evaluate the effectiveness and performance of AT-DIFC+ on two case studies and perform additional experiments and to gauge the mitigations’ effectiveness against the identified attacks.

Place, publisher, year, edition, pages
ACM Press, 2020. Vol. 15, no 4, article id 13
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
URN: urn:nbn:se:lnu:diva-108706DOI: 10.1145/3487292ISI: 000807171600005Scopus ID: 2-s2.0-85142035502OAI: oai:DiVA.org:lnu-108706DiVA, id: diva2:1622113
Projects
PROSSESERESAvailable from: 2021-12-21 Created: 2021-12-21 Last updated: 2024-08-28Bibliographically approved
In thesis
1. Design and Analysis of Self-protection: Adaptive Security for Software Systems
Open this publication in new window or tab >>Design and Analysis of Self-protection: Adaptive Security for Software Systems
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Today's software landscape features a high degree of complexity, frequent changes in requirements and stakeholder goals, and uncertainty.Uncertainty and high complexity imply a threat landscape where cybersecurity attacks are a common occurrence while their consequences are often severe. Self-adaptive systems have been proposed to mitigate the complexity and frequent changes by adapting at run-time to deal with situations not known at design time.Self-adaptive systems that aim to identify, analyse and mitigate threats autonomously are called self-protecting systems.This thesis contributes approaches towards developing systems with self-protection capabilities under two perspectives.

Under the first perspective, we enhance the security of component-based systems and equip them with self-protection capabilities that reduce the exposedattack surface or provide efficient defenses against identified attacks. We target systems where information about the system components and the adaptationdecisions is available, and  control over the adaptation is possible. We employ runtime threat modeling and analysis using quantitative risk analysis and probabilistic verification to rank adaptations to be applied in the system in terms of their security levels.  We then introduce modular and incremental verification approaches to tackle the scalability issues of probabilistic verification to be able to analyze larger-scale software systems.To protect against cyberattacks that cannot be mitigated by reducing the exposed attack surface, we propose an approach to analyze the security of different software architectures incorporating countermeasures to decide on the most suitable ones to evolve to.

Under the second perspective, we study open decentralized systems where we have limited information about and limited control over the system entities. We employ decentralized information flow control mechanisms to enforce security by controlling the interactions among the system elements.We extend decentralized information flow control by incorporating trust and adding adaptationcapabilities that allow the system to identify security threats and self-organize to maximize trust between the system entities.

Place, publisher, year, edition, pages
Växjö: Linnaeus University Press, 2023. p. 258
Series
Linnaeus University Dissertations ; 497
Keywords
Security Analysis, Self-Protection, Self-adaptive Systems, Verification, Information Flow Control, Risk Assessment
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-121777 (URN)10.15626/LUD.497.2023 (DOI)9789180820479 (ISBN)9789180820486 (ISBN)
Public defence
2023-08-18, Weber, Hus K, Växjö, 13:00 (English)
Opponent
Supervisors
Available from: 2023-06-14 Created: 2023-06-13 Last updated: 2024-03-26Bibliographically approved

Open Access in DiVA

fulltext(1545 kB)174 downloads
File information
File name FULLTEXT01.pdfFile size 1545 kBChecksum SHA-512
035cf2e42753ec69a6356f2312719fd65547cdda30c70eb31b8048350f0c2446ba6827d7b11b587c73585c07ead8380b475d3d27b8993ab9656f687be64b6da1
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Skandylas, CharilaosKhakpour, NargesAndersson, Jesper

Search in DiVA

By author/editor
Skandylas, CharilaosKhakpour, NargesAndersson, Jesper
By organisation
Department of computer science and media technology (CM)
In the same journal
ACM Transactions on Autonomous and Adaptive Systems
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 174 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 175 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf