Multi-model run-time security analysis - January 2017

Public Audience
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

PI(s): David Garlan, Bradley Schmerl

1) HARD PROBLEM(S) ADDRESSED (with short descriptions)

• Composability through multiple semantic models (here, architectural, organizational, and behavioral), which provide separation of concerns, while supporting synergistic benefits through integrated analyses.
• Scalability to large complex distributed systems using architectural models.
• Resilient architectures through the use of adaptive models that can be used at run-time to predict, detect and repair security attacks.
• Predictive security metrics by adapting social network-based metrics to the problem of architecture-level anomaly detection.

2) PUBLICATIONS

• Hemank Lamba, Bryan Hooi, Kijung Shin, and Christos Faloutsos. zooRay: Scoring Entities in Anomalous Temporal Multimodal Blocks.

- Submitted to the Pacific-Asia Conference on Knowledge Discovery and Data Mining, 2017.

• Hemank Lamba, Thomas J. Glazier, Javier Camara, Bradley Schmerl, David Garlan and Jurgen Pfeffer. Model-based cluster analysis for identifying suspicious activity sequences in software. 2017. Submitted for publication to the 3rd International Workshop on Security and Privacy Analytics - 2017.

3) KEY HIGHLIGHTS

We started a new task on resilience - using models of software, attacks, and defenses to provide analyzable and automated self-adaptive defense.

4) COMMUNITY ENGAGEMENTS

We have engaged with a new group from the NSA to start the new subtask above.

5) EDUCATIONAL ADVANCES