Multi-model run-time security analysis - April 2017

Public Audience
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

PI(s): David Garlan, Bradley Schmerl

1) HARD PROBLEM(S) ADDRESSED (with short descriptions)

• Composability through multiple semantic models (here, architectural, organizational, and behavioral), which provide separation of concerns, while supporting synergistic benefits through integrated analyses.
• Scalability to large complex distributed systems using architectural models.
• Resilient architectures through the use of adaptive models that can be used at run-time to predict, detect and repair security attacks.
• Predictive security metrics by adapting social network-based metrics to the problem of architecture-level anomaly detection.

2) PUBLICATIONS

• Hemank Lamba, Thomas J. Glazier, Javier Camara, Bradley Schmerl, David Garlan and Jurgen Pfeffer. Model-based cluster analysis for identifying suspicious activity sequences in software. 2017. In Proceedings of the 3rd International Workshop on Security and Privacy Analytics, March 23-25, Scottsdale, AZ.

3) KEY HIGHLIGHTS

We submitted a report to NSA R2 on and exemplar design to illustrate different IT attack scenarios, and which can be used to compare the effect of different resilience approaches to addressing attacks.

4) COMMUNITY ENGAGEMENTS

We engaged with a new group from the NSA to start the new resilence subtask above.

5) EDUCATIONAL ADVANCES