Resilience Requirements, Design, and Testing
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Kevin Sullivan, Mladen Vouk, Ehab Al-Shaer
Researchers: Ashiq Rahman and Mohamed Alsaleh (UNCC), Anoosha Vangaveeti (NCSU), Chong Tang (UVA), Shweta Subramani (NCSU)
HARD PROBLEM(S) ADDRESSED
Characterization of attack-resiliency of software needs to be done from its very inception because without such characterization attack resiliency is not properly testable or implementable.
- Resilient Architectures - vulnerability avoidance, evaluation and tolerance strategies and architectures.
- Security Metrics and Models - development of metrics and models for static and dynamic assessment of resilience of software.
PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.
- A survey of common security vulnerabilities and corresponding countermeasures for SaaS.
- Ke Dou, Xi Wang, Chong Tang, Adam Ross and Kevin Sullivan, "An Evolutionary Theory-Systems Approach to a Science of the Ilities," Conference on Systems Engineering Research (CSER 2015), March 17-19, 2015, Hoboken, NJ, USA (to appear).
ACCOMPLISHMENT HIGHLIGHTS
- We developed a classification of quantitative resilience metrics and approaches by studying resiliency in various domains including intrusion tolerance, reliability, fault diagnosis, and reactive control systems.
- We also developed number of metrics for measuring various system aspects that contribute to systems resilience.
- We are investigating flexible logic-based languages and interfaces to define resiliency properties.
- We are developing a prototype of an attack resistant workflow architecture.