lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Adaptive Trust-Aware Decentralized Information Flow Control
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). (PROSSES;ERES)ORCID iD: 0000-0002-5057-2790
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). (PROSSES;ERES)ORCID iD: 0000-0002-0377-5595
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). (ERES)ORCID iD: 0000-0001-5471-551x
2020 (English)In: 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS): Virtual Conference 17-21 August 2020 / [ed] Esam El-Araby, Sven Tomforde, Timothy Wood, Pradeep Kumar, Claudia Raibulet, Ioan Petri, Gabriele Valentini, Phyllis Nelson, Barry Porter, IEEE, 2020, p. 92-101Conference paper, Published paper (Refereed)
Abstract [en]

Modern software systems are decentralized, distributed, and dynamic, and consequently, require decentralized mechanisms to enforce security. In this paper, we propose an adaptive approach using a combination of decentralized information flow control (DIFC) mechanisms, trust-based methods and decentralized control architectures to enforce security in open distributed systems. In our approach, adaptivity mitigates two aspects of the system dynamics that cause uncertainty: the ever-changing nature of trust and system openness. We formalize our trust-aware DIFC model and instantiate two decentralized control architectures to implement and evaluate it. We evaluate the effectiveness and performance of our method and decentralized control architectures on two case studies.

Place, publisher, year, edition, pages
IEEE, 2020. p. 92-101
Keywords [en]
Adaptive Security, Decentralized Information Flow Control, Adaptive Trust, Decentralized Feedback Loop
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
URN: urn:nbn:se:lnu:diva-98074DOI: 10.1109/ACSOS49614.2020.00030ISI: 000719369400011Scopus ID: 2-s2.0-85092697845ISBN: 978-1-7281-7278-1 (print)ISBN: 978-1-7281-7277-4 (electronic)OAI: oai:DiVA.org:lnu-98074DiVA, id: diva2:1468020
Conference
2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), Virtual Conference 17-21 August 2020
Projects
PROSSES
Funder
Knowledge FoundationAvailable from: 2020-09-16 Created: 2020-09-16 Last updated: 2024-08-28Bibliographically approved
In thesis
1. Design and Analysis of Self-protection: Adaptive Security for Software-Intensive Systems
Open this publication in new window or tab >>Design and Analysis of Self-protection: Adaptive Security for Software-Intensive Systems
2020 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Today’s software landscape features a high degree of complexity, frequent changes in requirements and stakeholder goals, and uncertainty. Uncertainty and high complexity imply a threat landscape where cybersecurity attacks are a common occurrence, while their consequences are often severe. Self-adaptive systems have been proposed to mitigate the complexity and frequent degree of change by adapting at run-time to deal with situations not known at design time. They, however, are not immune to attacks, as they themselves suffer from high degrees of complexity and uncertainty. Therefore, systems that can dynamically defend themselves from adversaries are required. Such systems are called self-protecting systems and aim to identify, analyse and mitigate threats autonomously. This thesis contributes two approaches towards the goal of providing systems with self-protection capabilities.

The first approach aims to enhance the security of architecture-based selfadaptive systems and equip them with (proactive) self-protection capabilities that reduce the exposed attack surface. We target systems where information about the system components and its adaptation decisions is available, and control over its adaptation is also possible. We formally model the security of the system and provide two methods to analyze its security that help us rank adaptations in terms of their security level: a method based on quantitative risk assessment and a method based on probabilistic verification. The results indicate an improvement to the system security when either of our solutions is employed. However, only the second method can provide self-protecting capabilities. We have identified a direct relationship between security and performance overhead, i.e., higher security guarantees impose analogously higher performance overhead.

The second approach targets open decentralized systems where we have limited information about and control over the system entities. Therefore, we attempt to employ decentralized information flow control mechanisms to enforce security by controlling interactions among the system elements. We extend a classical decentralized information flow control model by incorporating trust and adding adaptation capabilities that allow the system to identify security threats and self-organize to maximize the average trust between the system entities. We arrange entities of the system in trust hierarchies that enforce security policies among their elements and can mitigate security issues raised by the openness and uncertainty in the context and environment, without the need for a trusted central controller. The experiment results show that a reasonable level of trust can be achieved and at the same time confidentiality and integrity can be enforced with a low impact on the throughput and latency of messages exchanged in the system.

Place, publisher, year, edition, pages
Växjö: Linnaeus University Press, 2020. p. 122
Series
Lnu Licentiate ; 32
Keywords
Self-Protection, Security Analysis, Self-Adaptation
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-99109 (URN)978-91-89283-22-0 (ISBN)978-91-89283-23-7 (ISBN)
Presentation
2020-12-16, Newton, Hus C, Växjö, 10:00 (English)
Opponent
Supervisors
Available from: 2020-12-02 Created: 2020-12-01 Last updated: 2024-08-28Bibliographically approved
2. Design and Analysis of Self-protection: Adaptive Security for Software Systems
Open this publication in new window or tab >>Design and Analysis of Self-protection: Adaptive Security for Software Systems
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Today's software landscape features a high degree of complexity, frequent changes in requirements and stakeholder goals, and uncertainty.Uncertainty and high complexity imply a threat landscape where cybersecurity attacks are a common occurrence while their consequences are often severe. Self-adaptive systems have been proposed to mitigate the complexity and frequent changes by adapting at run-time to deal with situations not known at design time.Self-adaptive systems that aim to identify, analyse and mitigate threats autonomously are called self-protecting systems.This thesis contributes approaches towards developing systems with self-protection capabilities under two perspectives.

Under the first perspective, we enhance the security of component-based systems and equip them with self-protection capabilities that reduce the exposedattack surface or provide efficient defenses against identified attacks. We target systems where information about the system components and the adaptationdecisions is available, and  control over the adaptation is possible. We employ runtime threat modeling and analysis using quantitative risk analysis and probabilistic verification to rank adaptations to be applied in the system in terms of their security levels.  We then introduce modular and incremental verification approaches to tackle the scalability issues of probabilistic verification to be able to analyze larger-scale software systems.To protect against cyberattacks that cannot be mitigated by reducing the exposed attack surface, we propose an approach to analyze the security of different software architectures incorporating countermeasures to decide on the most suitable ones to evolve to.

Under the second perspective, we study open decentralized systems where we have limited information about and limited control over the system entities. We employ decentralized information flow control mechanisms to enforce security by controlling the interactions among the system elements.We extend decentralized information flow control by incorporating trust and adding adaptationcapabilities that allow the system to identify security threats and self-organize to maximize trust between the system entities.

Place, publisher, year, edition, pages
Växjö: Linnaeus University Press, 2023. p. 258
Series
Linnaeus University Dissertations ; 497
Keywords
Security Analysis, Self-Protection, Self-adaptive Systems, Verification, Information Flow Control, Risk Assessment
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-121777 (URN)10.15626/LUD.497.2023 (DOI)9789180820479 (ISBN)9789180820486 (ISBN)
Public defence
2023-08-18, Weber, Hus K, Växjö, 13:00 (English)
Opponent
Supervisors
Available from: 2023-06-14 Created: 2023-06-13 Last updated: 2024-03-26Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Skandylas, CharilaosKhakpour, NargesAndersson, Jesper

Search in DiVA

By author/editor
Skandylas, CharilaosKhakpour, NargesAndersson, Jesper
By organisation
Department of computer science and media technology (CM)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 400 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf