Visible to the public Vulnerability and Resilience Prediction Models - July 2015Conflict Detection Enabled

Submitted by drwright on Wed, 06/17/2015 - 9:27am

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Mladen Vouk, Laurie Williams
Researchers:  Donghoon Kim

HARD PROBLEM(S) ADDRESSED

  • Security Metrics and Models
  • Resilient Architectures
  • Scalability and Composability

Resilience of software to attacks is an open problem. Resilience depends on the science behind the approach used, as well as on our engineering abilities. The scope includes recognition of attacks through metrics and models we use to describe and recognize software vulnerabilities, and the models we use to predict resilience to attacks in the field (Security Metrics and Models). It also depends on the software (and system) architecture(s) used (Resilient Architectures), and their scalability (Scalability and Composability). For example, if one has a number of highly attack-resilient components and appropriate attack sensors, is it possible to compose a resilient system from these parts, and how does that solution scale and age?

PUBLICATIONS

Donghoon Kim and Mladen A. Vouk, “A survey of common security vulnerabilities and corresponding countermeasures for SaaS.” In Globecom Workshop on Cloud Computing Systems, Networks, and Applications (CCSNA), December 8-12, 2014, Austin, Texas, pp. 59-63. IEEE, 2014.

Donghoon Kim, Henry E. Schaffer, and Mladen A. Vouk, “About PaaS Security.”, Proceedings of the 3rd International IBM Cloud Academy Conference (ICACON 2015), Budapest, Hungary, May 21-23.

Donghoon Kim and Mladen A. Vouk, "Securing Scientific Workflows." Proceedings of the 2015 IEEE International Conference on Software Quality, Reliability and Security (QRS), Vancouver, Canada, August 2-5, 2015 as part of the QRS workshop on Trustworthy Computing, 2015, to appear.

ACCOMPLISHMENT HIGHLIGHTS

  • Our investigation of dataflow-guided scientific workflows in cloud environments has illuminated three security properties that are essential for making Kepler-based workflows more secure, and that use of the Kepler provenance module may help secure Kepler-based workflows.
  • We are investigating principal Platform-as-a-Service (PaaS) vulnerability categories and the corresponding countermeasures to help understand threats facing a cloud-based workflow and develop attack detection models.
Groups: