Visible to the public Multi-model run-time security analysis - April 2015Conflict Detection Enabled

Submitted by Jamie Presken on Wed, 03/04/2015 - 7:34am

Public Audience
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

PI(s): Jurgen Pfeffer
Co-PI(s): David Garlan, Bradley Schmerl

1) HARD PROBLEM(S) ADDRESSED (with short descriptions)

  • Composability through multiple semantic models (here, architectural, organizational, and behavioral), which provide separation of concerns, while supporting synergistic benefits through integrated analyses.
  • Scalability to large complex distributed systems using architectural models.
  • Resilient architectures through the use of adaptive models that can be used at run-time to predict, detect and repair security attacks.
  • Predictive security metrics by adapting social network-based metrics to the problem of architecture-level anomaly detection.

2) PUBLICATIONS

Hemank Lamba, Thomas J. Glazier, Bradley Schmerl, Jurgen Pfeffer, David Garlan (2015). Detecting Insider Threats in Software Systems using Graph Models of Behavioral Paths (short paper). HotSoS 2015: 2015 Symposium and Bootcamp on the Science of Security, April 21-22, Urbana-Champaign, IL.

3) KEY HIGHLIGHTS

  • This quarter, the focus of our work was on metrics.

  • We represent the entire activity log over an underlying software system as a graph. For every user, a sequence of observed activities becomes a path on the architecture graph. We developed a clustering approach to cluster these paths. Anomalous paths can then be taken for further investigation.

  • Results of this work will be presented are presented at the HotSoS 2015 conference.

Groups: