Visible to the public Architecture-Based Self-Protection: Composing and Reasoning about Denial-of-Service MitigationsConflict Detection Enabled

TitleArchitecture-Based Self-Protection: Composing and Reasoning about Denial-of-Service Mitigations
Publication TypeConference Proceedings
Year of Publication2014
AuthorsBradley Schmerl, Javier Camara, Jeffrey Gennari, David Garlan, Paulo Casanova, Gabriel Moreno, Thomas Glazier, Jeffrey Barnes
Conference NameHotSoS '14 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security
Date Published04/2014
PublisherACM New York, NY, USA ©2014
Conference LocationRaleigh, NC
ISBN978-1-4503-2907-1
Other Numbersarticle no 2
KeywordsCMU, denial-of-service, July'14, probabilistic model checking, self-adaptation
Abstract

Security features are often hardwired into software applications, making it difficult to adapt security responses to reflect changes in runtime context and new attacks. In prior work, we proposed the idea of architecture-based self-protection as a way of separating adaptation logic from application logic and providing a global perspective for reasoning about security adaptations in the context of other business goals. In this paper, we present an approach, based on this idea, for combating denial-of-service (DoS) attacks. Our approach allows DoS-related tactics to be composed into more sophisticated mitigation strategies that encapsulate possible responses to a security problem. Then, utility-based reasoning can be used to consider different business contexts and qualities. We describe how this approach forms the underpinnings of a scientific approach to self-protection, allowing us to reason about how to make the best choice of mitigation at runtime. Moreover, we also show how formal analysis can be used to determine whether the mitigations cover the range of conditions the system is likely to encounter, and the effect of mitigations on other quality attributes of the system. We evaluate the approach using the Rainbow self-adaptive framework and show how Rainbow chooses DoS mitigation tactics that are sensitive to different business contexts.

DOI10.1145/2600176.2600181
Citation Keynode-30119

Other available formats:

Schmerl_Arch_Based_SElf_Protection_DG.pdf
AttachmentTaxonomyKindSize
Schmerl_Arch_Based_SElf_Protection_DG.pdfPDF document316.94 KBDownloadPreview
AttachmentSize
bytes