Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Systematic Survey of Self-Protecting Software Systems

Published byNeal Cobb Modified over 8 years ago

Similar presentations

Presentation on theme: "A Systematic Survey of Self-Protecting Software Systems"— Presentation transcript:

1 A Systematic Survey of Self-Protecting Software Systems
Dustin Gardner 9/22/15 E. Yuan and S. Malek, “A taxonomy and survey of self-protecting software systems,” ICSE Work. Softw. Eng. Adapt. Self-Managing Syst., vol. 8, no. 4, pp. 109–118, 2012.

2 Overview Autonomic Computing Defining Self-Protection Survey
Process followed Process applied Interesting observations

3 Autonomic Computing Self Managed Systems
Joseph J. and Fellenstein C., Autonomic Computing -

4 Autonomic Element MAPE-K
This is the most basic part of an autonomic system, an autonomic element. Multiple elements interact with each other to create an autonomic system. O. Jeffrey and M. David, “The Vision of Autonomic Computing,” IEEE Comput., vol. 36, no. January, pp. 41–50, 2003.

5 What are self-protecting software systems?
Software Systems that detect and mitigate threats at runtime, not statically. Two main perspectives on protection systems Reactive – system automatically defends against attacks Proactive – system anticipates attacks and takes steps to mitigate them Pg 17:1 Kephart & Chess referenced in the text == The reference on this slide O. Jeffrey and M. David, “The Vision of Autonomic Computing,” IEEE Comput., vol. 36, no. January, pp. 41–50, 2003. Pg 17:1

6 Why Self-Protecting Software Systems?
Increasing Cyber Threats Conficker worm Stuxnet worm Static security solutions insufficient Software is increasingly dynamic at runtime Why shouldn’t security measures? From Pg 17:2 & 17:3 The conficker worm caused largest computer infection in history. The stuxnet worm is the first known malware to target and subvert industrial control systems. Pg 17:2 & 17:3

7 Self-Protection - Defined
Differ from ITS & IRS Not intrusion-centric & perimeter based Local (Base) & Global (Meta) loops Example: Upon sensing an unusual data retreival pattern from a windows server, the global loop shuts down the server and redirects all traffic to a backup Linux server. From Pg 17:5 One should not interpret this reference architecture to mean that the base level subsystem is agnostic to security concerns. The base-level subsystem may incorporate various security mechanisms, such as authentication, encryption, etc. It is the decision of when and how those security mechanisms are employed that rests with the meta-level subsystem. Security objectives specified by human stakeholders Pg 17:5

8 Moving to the ‘bread and butter’
Survey & Taxonomy 1030 papers selected 107 papers made the cut Systematic Pg 17:2 & 17:29

9 The Systematic System Pg 17:29

10 Taxonomy (RQ1) Pg 17:9 & 17:10

11 Taxonomy Applied (1)(RQ2)
Pg 17:32

12 Taxonomy Applied (2) (RQ2)
Pg 17:33

13 Taxonomy Applied (3) (RQ2)
Pg 17:34

14 Observations From (“WHAT”)(RQ3)
Self-Protection Levels Depths-of-Defense Layers Protection Goals Pg 17:15-18

15 Self-Protection & Depths-of-Defense
Self-Protection Levels This is because of the difficulty involved with the machine learning. This issue isn’t limited to Self-protection within AC, but within all four sub-domains of self-*. Depths-of-Defense Layers Need for research applying to attack prediction and prevention Pg 17:16

16 Protection Goal Observations
Most focus on one or two, but not all three goals. Small confidentiality & availability overlap expected E.G. – host-based intrusion, restart server Confidentiality & Integrity Preserved Not availability! Pg 17:18

17 Observations from (“HOW”)(RQ3)
Control Topology Response Timing Enforcement Locale Pg 17:18-21

18 A Chart of All Three Reactive paradigm still norm, but proactive approaches catching up Why are these so skewed? Traditional focus on “perimeter” Pg 17:22

19 Observations from Approach Quality
Validation Method Repeatability Applicability Pg 17:26

20 Charts of all Three Extremely low repeatability (12%)
High Applicability (60%) Why? High percent of applicable implementations, prototypes, tools, etc. not available to public Pg 17:26 Low repeatability because of the nature of the business of security.

21 What are the applications of all this?
The paper presents numerous great areas of research to focus See the page referenced Combine both reactive and proactive mechanisms for overall system protection and monitoring Leverage the techniques and communities from ID, IR, IT and others toward achieving a common goal Pg 17:28

22 Conclusion Self-Protection
is increasingly important Faces many challenges This survey was a great starting point for my research

23 Questions?

Download ppt "A Systematic Survey of Self-Protecting Software Systems"

Similar presentations

Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science.

Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science.
Self-Managing Anycast Routing for DNS

Self-Managing Anycast Routing for DNS
SLA-Oriented Resource Provisioning for Cloud Computing

SLA-Oriented Resource Provisioning for Cloud Computing
Welcome to DEAS 2005 Design and Evolution of Autonomic Application Software David Garlan, CMU Marin Litoiu, IBM CAS Hausi A. Müller, UVic John Mylopoulos,

Welcome to DEAS 2005 Design and Evolution of Autonomic Application Software David Garlan, CMU Marin Litoiu, IBM CAS Hausi A. Müller, UVic John Mylopoulos,
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Autonomic Systems Justin Moles, Winter 2006 Security in an Autonomic Computing Environment Paper by: D. M. Chess, C. C. Palmer S. R. White Presentation.

Autonomic Systems Justin Moles, Winter 2006 Security in an Autonomic Computing Environment Paper by: D. M. Chess, C. C. Palmer S. R. White Presentation.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Architecture Support for Security Peter Chapman Michael Maass.

Architecture Support for Security Peter Chapman Michael Maass.
Yingping Huang and Gregory Madey University of Notre Dame A W S utonomic eb-based imulation Presented by Tariq M. King Published by the IEEE Computer Society.

Yingping Huang and Gregory Madey University of Notre Dame A W S utonomic eb-based imulation Presented by Tariq M. King Published by the IEEE Computer Society.
A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.

A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Autonomic Computing Shafay Shamail Malik Jahan Khan.

Autonomic Computing Shafay Shamail Malik Jahan Khan.
Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., 2006. All rights reserved. Chapter 8: Autonomic computing.

Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 8: Autonomic computing.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.

Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.

Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim.

Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim.
Mark W. Propst Scientific Research Corporation.  Attack Motivations  Vulnerability Classification  Traffic Pattern Analysis  Testing Barriers  Concluding.

Mark W. Propst Scientific Research Corporation.  Attack Motivations  Vulnerability Classification  Traffic Pattern Analysis  Testing Barriers  Concluding.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis

A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis

Similar presentations

Ads by Google