Visible to the public Resilience Requirements, Design, and Testing - July 2015Conflict Detection Enabled

Submitted by drwright on Wed, 06/17/2015 - 10:29am

Public Audience
PI(s):  Kevin Sullivan, Mladen Vouk, Ehab Al-Shaer
Researchers: Ashiq Rahman and Mohamed Alsaleh (UNCC), Anoosha Vangaveeti (NCSU), Chong Tang (UVA)

HARD PROBLEM(S) ADDRESSED

Characterization of attack-resiliency of software needs to be done  from its very inception because without such characterization attack resiliency is not properly testable or implementable.

  • Resilient Architectures - vulnerability avoidance, evaluation and tolerance strategies and architectures.
  • Security Metrics and Models - development of metrics and models for static and dynamic assessment of resilience of software.

 

PUBLICATIONS
Knight, J., Xiang, J., and Sullivan, K., "Real-World Types and Their Applications." to appear, Proceedings of The International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2015). Delft, The Netherlands.  Sept. 23-25, 2015.

Donghoon Kim and Mladen A. Vouk, "A survey of common security vulnerabilities and corresponding countermeasures for SaaS." In Globecom Workshop on Cloud Computing Systems, Networks, and Applications (CCSNA), December 8-12, 2014, Austin, Texas, pp. 59-63. IEEE, 2014.

Donghoon Kim, Henry E. Schaffer, and Mladen A. Vouk, "About PaaS Security." Proceedings of the 3rd International IBM Cloud Academy Conference (ICACON 2015), Budapest, Hungary. May 21-23, 2015.

ACCOMPLISHMENT HIGHLIGHTS

  • Formalized reusable framework for specifying, reasoning about, verifying, and certifying a broad range of system properties, including security resiliency.
  • We are proposing an agile software testing process that combines operational and non-operational (or attack related) testing with the intent of finding more security problems faster.
  • We have been conducting surveys and analyzing security problem classifications in order to understand what an attack resilient system needs to protect against, so that we can understand  and assess resilience properties of software designs. More recent work is focused on issues that may be related to applications that reside in clouds. Work continues.
  • We developed a taxonomy of resiliency metrics which include classifications, applications, analysis and limitations. We also developed metrics to quantify three main properties of resiliency: isolation, diversity and redundancy.  
Groups: