lnu.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Design and Analysis of Self-protection: Adaptive Security for Software Systems
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM).ORCID iD: 0000-0002-5057-2790
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Today's software landscape features a high degree of complexity, frequent changes in requirements and stakeholder goals, and uncertainty.Uncertainty and high complexity imply a threat landscape where cybersecurity attacks are a common occurrence while their consequences are often severe. Self-adaptive systems have been proposed to mitigate the complexity and frequent changes by adapting at run-time to deal with situations not known at design time.Self-adaptive systems that aim to identify, analyse and mitigate threats autonomously are called self-protecting systems.This thesis contributes approaches towards developing systems with self-protection capabilities under two perspectives.

Under the first perspective, we enhance the security of component-based systems and equip them with self-protection capabilities that reduce the exposedattack surface or provide efficient defenses against identified attacks. We target systems where information about the system components and the adaptationdecisions is available, and  control over the adaptation is possible. We employ runtime threat modeling and analysis using quantitative risk analysis and probabilistic verification to rank adaptations to be applied in the system in terms of their security levels.  We then introduce modular and incremental verification approaches to tackle the scalability issues of probabilistic verification to be able to analyze larger-scale software systems.To protect against cyberattacks that cannot be mitigated by reducing the exposed attack surface, we propose an approach to analyze the security of different software architectures incorporating countermeasures to decide on the most suitable ones to evolve to.

Under the second perspective, we study open decentralized systems where we have limited information about and limited control over the system entities. We employ decentralized information flow control mechanisms to enforce security by controlling the interactions among the system elements.We extend decentralized information flow control by incorporating trust and adding adaptationcapabilities that allow the system to identify security threats and self-organize to maximize trust between the system entities.
Place, publisher, year, edition, pages
Växjö: Linnaeus University Press, 2023. , p. 258
Series
Linnaeus University Dissertations ; 497
Keywords [en]
Security Analysis, Self-Protection, Self-adaptive Systems, Verification, Information Flow Control, Risk Assessment
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
URN: urn:nbn:se:lnu:diva-121777DOI: 10.15626/LUD.497.2023ISBN: 9789180820479 (print)ISBN: 9789180820486 (electronic)OAI: oai:DiVA.org:lnu-121777DiVA, id: diva2:1767030
Public defence
2023-08-18, Weber, Hus K, Växjö, 13:00 (English)
Opponent
Supervisors
Available from: 2023-06-14 Created: 2023-06-13 Last updated: 2023-08-23Bibliographically approved
List of papers
1. Towards secure architecture-based adaptations
Open this publication in new window or tab >>Towards secure architecture-based adaptations
2019 (English)In: 2019 IEEE/ACM 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), IEEE, 2019, p. 114-125Conference paper, Published paper (Refereed)
Abstract [en]

As any software system, a self-adaptive system is subject to security threats. However, applying self-adaptation may introduce additional threats. So far, little research has been devoted to this important problem. In this paper, we propose an approach for vulnerability analysis of architecture-based adaptations in self-adaptive systems using threat modeling and analysis techniques. To this end, we specify components' vulnerabilities and the system architecture formally and generate an attack model that describes the attacker's strategies to attack the system by exploiting different vulnerabilities. We use a set of security metrics to quantitatively assess the security risks of adaptations based on the produced attack model which enables the system to consider security aspects while choosing an adaptation to apply to the system. We automate and incorporate our approach into the Rainbow framework, allowing for secure architectural adaptations at runtime. To evaluate the effectiveness of our approach, we apply it on a simple document storage system and on the ZNN system.
Place, publisher, year, edition, pages
IEEE, 2019
Series
Software Engineering for Adaptive and Self-Managing Systems, ICSE Workshops, SEAMS, International Workshop on, ISSN 2157-2305, E-ISSN 2157-2321 ; 2019
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-93172 (URN)10.1109/SEAMS.2019.00023 (DOI)000589350700013 ()2-s2.0-85071120571 (Scopus ID)9781728133683 (ISBN)9781728133690 (ISBN)
Conference
2019 IEEE/ACM 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), Montreal, Canada, May 25-26, 2019
Projects
PROSSES
Available from: 2020-03-27 Created: 2020-03-27 Last updated: 2023-06-13Bibliographically approved
2. Design and Implementation of Self-Protecting Systems: A Formal Approach
Open this publication in new window or tab >>Design and Implementation of Self-Protecting Systems: A Formal Approach
2021 (English)In: Future generations computer systems, ISSN 0167-739X, E-ISSN 1872-7115, Vol. 115, p. 421-437Article in journal (Refereed) Published
Abstract [en]

As threats to computer security become more common, complex and frequent, systems that canautomatically protect themselves from attacks are imminently needed. In this paper, we proposea formal approach to achieve self-protection by performing security analysis on self-adaptive systems, taking the adaptation process into account. We use probabilistic model checking to quantitatively analyze adaptation security, rank the strategies available and select the most secure one to apply in the system. We have incorporated our approach in Rainbow which is a framework to develop architecture-based self-adaptive systems.To evaluate our approach's effectiveness, we applied it on two  case studies: a simple document storage system and ZNN, a well known self-adaptive exemplar. The results show that applying our approachcan guarantee a reasonable degree of security, both during and after adaptation.
Place, publisher, year, edition, pages
Elsevier, 2021
Keywords
Self-Protection, Self-Adaptive Systems, Formal Security Analysis, Model Checking, Adaptive Security
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-98075 (URN)10.1016/j.future.2020.09.005 (DOI)000591438900011 ()2-s2.0-85092115590 (Scopus ID)
Projects
PROSSES
Funder
Knowledge Foundation
Available from: 2020-09-16 Created: 2020-09-16 Last updated: 2023-06-13Bibliographically approved
3. Adaptive Trust-Aware Decentralized Information Flow Control
Open this publication in new window or tab >>Adaptive Trust-Aware Decentralized Information Flow Control
2020 (English)In: 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS): Virtual Conference 17-21 August 2020 / [ed] Esam El-Araby, Sven Tomforde, Timothy Wood, Pradeep Kumar, Claudia Raibulet, Ioan Petri, Gabriele Valentini, Phyllis Nelson, Barry Porter, IEEE, 2020, p. 92-101Conference paper, Published paper (Refereed)
Abstract [en]

Modern software systems are decentralized, distributed, and dynamic, and consequently, require decentralized mechanisms to enforce security. In this paper, we propose an adaptive approach using a combination of decentralized information flow control (DIFC) mechanisms, trust-based methods and decentralized control architectures to enforce security in open distributed systems. In our approach, adaptivity mitigates two aspects of the system dynamics that cause uncertainty: the ever-changing nature of trust and system openness. We formalize our trust-aware DIFC model and instantiate two decentralized control architectures to implement and evaluate it. We evaluate the effectiveness and performance of our method and decentralized control architectures on two case studies.
Place, publisher, year, edition, pages
IEEE, 2020
Keywords
Adaptive Security, Decentralized Information Flow Control, Adaptive Trust, Decentralized Feedback Loop
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-98074 (URN)10.1109/ACSOS49614.2020.00030 (DOI)000719369400011 ()2-s2.0-85092697845 (Scopus ID)978-1-7281-7278-1 (ISBN)978-1-7281-7277-4 (ISBN)
Conference
2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), Virtual Conference 17-21 August 2020
Projects
PROSSES
Funder
Knowledge Foundation
Available from: 2020-09-16 Created: 2020-09-16 Last updated: 2023-06-13Bibliographically approved
4. AT-DIFC +: Toward Adaptive and Trust-Aware Decentralized Information Flow Control
Open this publication in new window or tab >>AT-DIFC +: Toward Adaptive and Trust-Aware Decentralized Information Flow Control
2020 (English)In: ACM Transactions on Autonomous and Adaptive Systems, ISSN 1556-4665, E-ISSN 1556-4703, Vol. 15, no 4, article id 13Article in journal (Refereed) Published
Abstract [en]

Modern software systems and their corresponding architectures are increasingly decentralized, distributed, and dynamic. As a consequence, decentralized mechanisms are required to ensure security in such architectures. Decentralized Information Flow Control (DIFC) is a mechanism to control information flow in distributed systems. This article presents and discusses several improvements to an adaptive decentralized information flow approach that incorporates trust for decentralized systems to provide security. Adaptive Trust-Aware Decentralized Information Flow (AT-DIFC+) combines decentralized information flow control mechanisms, trust-based methods, and decentralized control architectures to control and enforce information flow in an open, decentralized system. We strengthen our approach against newly discovered attacks and provide additional information about its reconfiguration, decentralized control architectures, and reference implementation. We evaluate the effectiveness and performance of AT-DIFC+ on two case studies and perform additional experiments and to gauge the mitigations’ effectiveness against the identified attacks.
Place, publisher, year, edition, pages
ACM Press, 2020
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-108706 (URN)10.1145/3487292 (DOI)000807171600005 ()2-s2.0-85142035502 (Scopus ID)
Projects
PROSSESERES
Available from: 2021-12-21 Created: 2021-12-21 Last updated: 2023-06-13Bibliographically approved
5. Security Countermeasure Selection for Component-Based Software-Intensive Systems
Open this publication in new window or tab >>Security Countermeasure Selection for Component-Based Software-Intensive Systems
2022 (English)In: 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), Guangzhou, China, 2022, IEEE, 2022, p. 63-72Conference paper, Published paper (Refereed)
Abstract [en]

Given the increasing complexity of software-intensive systems as well as the sophistication and high frequencyof cyber-attacks, automated and sound approaches to select countermeasures are required to effectively protect softwaresystems. In this paper, we propose a formal architecture-centered approach to analyze the security of a software-intensive component-based system to find cost-efficient countermeasuresthat consider both the system architecture and its behavior. We evaluate our approach by applying it on a case study.
Place, publisher, year, edition, pages
IEEE, 2022
Series
IEEE International Conference on Software Quality, Reliability and Security, E-ISSN 2693-9177
Keywords
Security Analysis, Countermeasure Selection, Software-Intensive Systems, Component-based Systems, Formal Methods
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-121774 (URN)10.1109/QRS57517.2022.00017 (DOI)2-s2.0-85151426531 (Scopus ID)9781665477048 (ISBN)
Conference
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), Guangzhou, China, December 5 -9, 2022
Available from: 2023-06-13 Created: 2023-06-13 Last updated: 2023-06-14Bibliographically approved
6. Reducing Complexity of Runtime Security Analysis in Software-Intensive Systems
Open this publication in new window or tab >>Reducing Complexity of Runtime Security Analysis in Software-Intensive Systems
(English)In: ACM Transactions on Software Engineering and Methodology, ISSN 1049-331X, E-ISSN 1557-7392Article in journal (Refereed) Submitted
Abstract [en]

To reason about and enforce security in complex, dynamic software systems, automated  analysis and verification approaches are required.Such approaches, however, often suffer from  scalability issues when employed at runtime. In this work, we propose an automated formal approach for security analysis of component-based systems that exploits formal abstraction and incremental analysis techniques to reduce the complexity of runtime analysis.We have fully automated, implemented and evaluated our approach. Our experiment results show that our approach indeed reduces the verification complexity.   
Keywords
Security Analysis, Model Checking, Runtime Security
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-121775 (URN)
Available from: 2023-06-13 Created: 2023-06-13 Last updated: 2023-11-30

Open Access in DiVA

fulltext(13608 kB)161 downloads
File information
File name FULLTEXT01.pdfFile size 13608 kBChecksum SHA-512
657c8bcf3e910b0bed21742d0769405b6c9aed15647487e6146c71de7b45fdc68fe3af4af8e5dd0c226d43f5ec51e7e90b852ed865a51f1ba5207831c93f9841
Type fulltextMimetype application/pdf

Other links

Publisher's full textBuy Book (SEK 160 + VAT and postage) lnupress@lnu.se

Authority records

Skandylas, Charilaos

Search in DiVA

By author/editor
Skandylas, Charilaos
By organisation
Department of computer science and media technology (CM)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 161 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 680 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.40.0
|
WCAG
|
DiVA support
|
Linnaeus University Library
|
Linnaeus University Press
|
Publish/Register