Resilience Requirements, Design, and Testing

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Kevin Sullivan, Mladen Vouk, Ehab Al-Shaer
Researchers: Ashiq Rahman and Mohamed Alsaleh (UNCC), Anoosha Vangaveeti (NCSU), Chong Tang (UVA)

HARD PROBLEM(S) ADDRESSED

Precise characterization of attack-resiliency of software needs to be done  from its very inception because without such characterization attack resiliency is not properly testable or implementable.

• Resilient Architectures - vulnerability avoidance, evaluation and tolerance strategies and architectures.
• Security Metrics and Models - development of metrics and models for static and dynamic assessment of resilience of software.

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

None in this quarter.

ACCOMPLISHMENT HIGHLIGHTS

As part of our efforts to measure and model attack resiliency,

• We are developing metrics for measuring resiliency against different types of attacks (e.g., stealthy state estimation attacks is currently under investigation);
• We are investigating types of security errors humans make when developing (open source) software. This should help us understand what resiliency requirements and vulnerability avoidance, elimination and fault-tolerance processes need to emphasize.
• We are bootstrapping an initial formal model of a general framework for reasoning about non-functional software properties (such as security) and tradeoffs among them.
• Above efforts will lead to better understanding of security-aware software engineering.