Visible to the public Vulnerability and Resilience Prediction Models - October 2015Conflict Detection Enabled

Submitted by drwright on Mon, 09/21/2015 - 9:07am

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Mladen Vouk, Laurie Williams
Researchers:  Donghoon Kim

HARD PROBLEM(S) ADDRESSED

  • Security Metrics and Models
  • Resilient Architectures
  • Scalability and Composability

Resilience of software to attacks is an open problem. Resilience depends on the science behind the approach used, as well as on our engineering abilities. The scope includes recognition of attacks through metrics and models we use to describe and identify software vulnerabilities, and the models we use to predict resilience to attacks in the field (Security Metrics and Models). It also depends on the software (and system) architecture(s) used (Resilient Architectures), and their scalability (Scalability and Composability). For example, if one has a number of highly attack-resilient components and appropriate attack sensors, is it possible to compose a resilient system from these parts, and how does that solution scale and age?

PUBLICATIONS

  • Two pending publications (see group internal report).
  • Yu Xianqing, Peng Ning, Vouk, M.A., ”Enhancing security of Hadoop in a public cloud,” in the Proceedings of the 6th International Conference Information and Communication Systems (ICICS), 7-9 April 2015, pp. 38 – 43

ACCOMPLISHMENT HIGHLIGHTS

  • We have found that some of the existing and proven high-assurance resilience methods, such as run-time fault-tolerance through back-to-back assessment, and operational and non-operational profile testing and filtering, can be used with success to detect  and counter security vulnerabilities and attacks.
  • Using some of the recent vulnerabilities, breaches and attacks (such as the Heartbleed), we have found that back-to-back testing and run-time comparison based analysis can discover a very large fraction of such issues including zero-day attacks.
  • Our work also shows that many attacks have a hypergeometric character driven by resource and schedule constraints issues, and that this information can be used to build efficient high-probability attack detection sensors.
  • We also continue to investigate how to secure application chains, including those operating in a cloud. All this opens the door to development of off-the-shelf security sensors for clouds, Internet of Things (IoT) and stand-alone services.

 

Groups: