Towards Secure Architecture-Based Adaptations
| Autor: | Charilaos Skandylas, Narges Khakpour, Danny Weyns, Goran Saman Nariman |
|---|---|
| Přispěvatelé: | Litoiu, Marin, Clarke, Siobhán, Tei, Kenji |
| Rok vydání: | 2019 |
| Předmět: |
Computer science
business.industry 020207 software engineering 02 engineering and technology Computer security computer.software_genre Attack model Vulnerability assessment Threat model 0202 electrical engineering electronic engineering information engineering Systems architecture 020201 artificial intelligence & image processing Software system Architecture Adaptation (computer science) business computer Risk management |
| Zdroj: | SEAMS@ICSE |
| DOI: | 10.1109/seams.2019.00023 |
| Popis: | As any software system, a self-adaptive system is subject to security threats. However, applying self-adaptation may introduce additional threats. So far, little research has been devoted to this important problem. In this paper, we propose an approach for vulnerability analysis of architecture-based adaptations in self-adaptive systems using threat modeling and analysis techniques. To this end, we specify components' vulnerabilities and the system architecture formally and generate an attack model that describes the attacker's strategies to attack the system by exploiting different types of vulnerabilities. We use a set of security metrics to quantitatively assess the security risks of adaptations based on the produced attack model which enables the system to consider security aspects while choosing an adaptation to apply to the system. We automate and incorporate our approach into the Rainbow framework, allowing secure architectural adaptations at runtime. To evaluate the effectiveness of our approach, we apply it on a simple document storage system and on the ZNN system. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|