Automated Synthesis of Resilient Architectures - July 2017
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Ehab Al-Shaer
Researchers: Mohamed Alsaleh (UNCC), Abdullah Al Farooq (UNCC).
HARD PROBLEM(S) ADDRESSED
- Resilient Architectures: The goal of this project is to develop a formal automated reasoning framework for designing resilient architectures with provable bounds/metrics for cyber and Cyber-physical systems. This includes investigating metric-driven automated synthesis of security counter-measures to resist and mitigate attacks for cyber and cyber-physical systems. This research work contributes to the design and verification of resilient architectures with guaranteed properties.
PUBLICATIONS
ACCOMPLISHMENT HIGHLIGHTS
-
Proactive risk mitigation is the holy grail of cyber resiliency. An effective risk mitigation requires an optimal security configuration hardening that considers multiple factors including the end-hosts' security weaknesses, threat exposure due to network connectivity, potential damage, impact on usability, and budgetary constraints. We developed a formal framework that can automatically determine the security configuration for optimal risk mitigation considering the previous constraints. Our global risk optimization model considers both end-host security compliance scanning reports (XCCDF), and vulnerability inter-dependencies due to network reachability to automatically generate fine-grain network access control that maximizes the Return on Investment (ROI) of cyber security.