Resilience Requirements, Design, and Testing - October 2016

Submitted by drwright on Wed, 09/14/2016 - 9:25am

Public Audience
PI(s): Kevin Sullivan, Mladen Vouk, Ehab Al-Shaer
Researchers: Gaith Husari and Mohamed Alsaleh (UNCC), Anoosha Vangaveeti (NCSU), Chong Tang (UVA)

HARD PROBLEM(S) ADDRESSED

Characterization of attack-resiliency of software based systems needs to be done from its very inception because without such characterization attack resiliency is not properly testable or implementable.

Resilient Architectures - vulnerability avoidance, evaluation and tolerance strategies and architectures.
Security Metrics and Models - development of metrics and models for static and dynamic assessment of resilience of software.

PUBLICATIONS

Mohammad Ashiqur Rahman, Abdullah Al Faroq, Amarjit Datta, and Ehab Al-Shaer, Automated Synthesis of Resiliency Configurations for Cyber Networks, IEEE Conference on Communications and Network Security (CNS), Philadelphia, Pennsylvania, USA, October 2016,

ACCOMPLISHMENT HIGHLIGHTS

We defined two resiliency metrics: (1) the isolation metric to quantify the counter-measure resistance on any path (source to destination) based on the network access controls including firewalls, IPSec, IDS, proxy, and (2) the diversity metric to quantify the required attack vector by adversary based on the different disjoint attack surface due to OS and application diversity in the attack path . We then integrate both metrics to consider the optimal isolation-diversity combination for multi-stage attack scenarios.

Groups:

NCSU Science of Security Lablet Research Initiative