Model-Based Explanation For Human-in-the-Loop Security - January 2021

PI(s), Co-PI(s), Researchers: David Garlan, Bradley Schmerl (CMU)

HARD PROBLEM(S) ADDRESSED
Human Behavior
Metrics
Resilient Architectures

We are addressing human behavior by providing understandable explanations for automated mitigation plans generated by self-protecting systems that use various models of the software, network, and attack. We are addressing resilience by providing defense plans that are automatically generated as the system runs and accounting for current context, system state, observable properties of the attacker, and potential observable operations of the defense.

PUBLICATIONS

None.

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

We developed a tool, xGames, that provides exploration capabilities for game-theoretic approaches to self-protection. Game theory modeling is a common approach for developing defense strategies for such systems, but the reasoning behind the games and the effects of the game on the system being protected are often difficult to read by human operators. This tool allows operators to (a) visualize and explore games by selecting nodes in the game tree and understanding the state of the game at that point, (b) ask "why", "why not", and "what if" questions about alternative courses of action, (c) understand the impact of games on the system that is affected by moves in the game, and (d) be customizable to arbitrary games and systems. The tool takes in a game that has been defined by a game specification tool called Gambit and visualizes the game in a web page. The system can also connect to software engineering tools to display the state of the system. Currently, the xGames supports a software architecture tool to display the software architecture of the system, and see (for example) which components have been compromised or protected at different points in the game. We published a talk on this at: https://www.youtube.com/watch?v=WihcNjPA_fo.

COMMUNITY ENGAGEMENTS (If applicable)

EDUCATIONAL ADVANCES (If applicable)