Visible to the public Vulnerability and Resilience Prediction Models - October 2014

Submitted by drwright on Wed, 09/24/2014 - 1:40pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Mladen Vouk, Laurie Williams
Researchers:  Da Young Lee

 

HARD PROBLEM(S) ADDRESSED

  • Security Metrics and Models
  • Resilient Architectures
  • Scalability and Composability

Resilience of software to attacks is an open problem. Resilience depends on the science behind the approach used, as well as our engineering abilities. The scope of interests includes recognition of attacks through metrics and models we use to describe and recognize software vulnerabilities, and predict resilience to attacks in the field (Security Metrics and Models). It also depends on the software (and system) architecture(s) used (Resilient Architectures), and their scalability (Scalability and Composability). For example, if one has a number of highly attack-resilient components and appropriate attack sensors, is it possible to compose a resilient system from these parts, and how does that solution scale and age?

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

  • Rivers, Anthony T.; Vouk, Mladen A.; Williams, Laurie A., "On Coverage-Based Attack Profiles," Software Security and Reliability-Companion (SERE-C), 2014 IEEE Eighth International Conference on, San Franciso, CA, pp 5-6.
  • Donghoon Kim and Mladen A. Vouk, "A survey of common security vulnerabilities and corresponding countermeasures for SaaS," IEEE Globecom 2014 Workshop on  Cloud Computing Systems, Networks, and Applications (CCSNA), 8-12 December 2014, Austin, Texas, USA, to appear in proceedings.
  • Roopak Venkatakrishnan,"Redundancy-Based Detection of Security Anomalies in Web-Server Environments," M.S., NC State University, 2014.

 

 

ACCOMPLISHMENT HIGHLIGHTS

  • A model of cyber-attack process
  • A survey of SaaS vulnerabilities and countermeasures
Groups: