Automated Synthesis of Resilient Architectures - July 2015

Submitted by drwright on Wed, 06/17/2015 - 9:30am

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Ehab Al-Shaer
Researchers: Ashiq Rahman, Mohamed Alsaleh, Ghaith Husari

HARD PROBLEM(S) ADDRESSED

Resilient Architectures: The goal of this project is to develop a formal automated reasoning framework for designing resilient architectures with provable bounds/metrics for cyber and Cyber-physical systems. This includes investigating metric-driven automated synthesis of security counter-measures to resist and mitigate attacks for cyber and cyber-physical systems. This research work contributes to the design and verification of resilient architectures with guaranteed properties.

PUBLICATIONS

ACCOMPLISHMENT HIGHLIGHTS

We are creating formal models for verifying the network configuration resiliency based on three properties: isolation, diversity and redundancy. The isolation property measures the resistance of the network configuration based on defense in-depth. The diversity property measures the resistance of network based on the number of different vulnerabilities that attackers must compromise to reach the target host. The redundancy property measures the potential of the network to handle multiple simultaneous attacks. The model considers the entire network configuration including routing, FW, IDS, IPSec, proxies and allows for verifying these properties based on the users’ requirements.

Groups:

NCSU Science of Security Lablet Research Initiative