Resilience Requirements, Design, and Testing - January 2016

Submitted by drwright on Tue, 12/01/2015 - 2:14pm

Public Audience
PI(s): Kevin Sullivan, Mladen Vouk, Ehab Al-Shaer
Researchers: Ashiq Rahman and Mohamed Alsaleh (UNCC), Anoosha Vangaveeti (NCSU), Chong Tang (UVA)

HARD PROBLEM(S) ADDRESSED

Characterization of attack-resiliency of software based systems needs to be done from its very inception because without such characterization attack resiliency is not properly testable or implementable.

Resilient Architectures - vulnerability avoidance, evaluation and tolerance strategies and architectures.
Security Metrics and Models - development of metrics and models for static and dynamic assessment of resilience of software.

PUBLICATIONS

Yasir Khan, Ehab Al-Shaer. 2015. Cyber Resilience-by-Construction: Modeling, Measuring & Verifying. ACM CCS Workshop on Automated Decision Making for Active Cyber Defense.

ACCOMPLISHMENT HIGHLIGHTS

We developed a resiliency metric based on Cyber Resilience Engineering Framework (CREF) that allows for measuring the system resiliency with respect to multi-dimensional attack attribute. This metric is to be used in the formal verification and measurement of system resiliency according to specific attack properties.
In the (future) world of “Internet of Things” (IoT) security problems will be orders of magnitude bigger than what they are today. We are proposing a redundancy-based architecture (along with some associated performance metrics) that would make IoT more resilient to cyber attacks.

Groups:

NCSU Science of Security Lablet Research Initiative