Engineering Self-protection for Autonomous Systems

Security violations occur in systems even if security design is carried out or security tools are deployed. Social engineering attacks, vulnerabilities that can not be captured in the relatively abstract design model (as buffer-overflows), or unclear security requirements are only some examples of such unpredictable or unexpected vulnerabilities. One of the aims of autonomous systems is to react to these unexpected events through the system itself. Subsequently, this goal demands further research about how such behavior can be designed and sufficiently supported throughout the software development process. We present an approach to engineer self-protection rules for autonomous systems that is integrated into a model-driven software engineering process and provides concepts to formally verify that a given intrusion response model satisfies certain security requirements.

[1]  Roy Sterritt Autonomic computing , 2005, Innovations in Systems and Software Engineering.

[2]  Francesco Parisi-Presicce,et al.  Access Control Specification in UML , 2007 .

[3]  Francesco Parisi Presicce,et al.  Generation of Role-base Access Control Requirements from UML Diagrams , 2005 .

[4]  Jan H. P. Eloff,et al.  An approach to implement a network intrusion detection system using genetic algorithms , 2004 .

[5]  Petr Jan Horn,et al.  Autonomic Computing: IBM's Perspective on the State of Information Technology , 2001 .

[6]  Grzegorz Rozenberg,et al.  Developments in Language Theory II , 2002 .

[7]  Günther Pernul,et al.  ABAC - Ein Referenzmodell für attributbasierte Zugriffskontrolle , 2005, Sicherheit.

[8]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[9]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[10]  Richard Murch,et al.  Autonomic Computing , 2004 .

[11]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[12]  Hartmut Ehrig,et al.  Handbook of graph grammars and computing by graph transformation: vol. 3: concurrency, parallelism, and distribution , 1999 .

[13]  David Frankel,et al.  Model Driven Architecture: Applying MDA to Enterprise Computing , 2003 .

[14]  Carla Marceau,et al.  Intrusion detection for distributed applications , 1999, CACM.

[15]  Grzegorz Rozenberg,et al.  Handbook of Graph Grammars and Computing by Graph Transformations, Volume 1: Foundations , 1997 .

[16]  Hartmut Ehrig,et al.  Fundamental Theory for Typed Attributed Graph Transformation , 2004, ICGT.

[17]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification using Object Constraint Language , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[18]  Detlef Plump,et al.  Hypergraph rewriting: critical pairs and undecidability of confluence , 1993 .

[19]  Giovanni Vigna,et al.  Designing and implementing a family of intrusion detection systems , 2003, ESEC/FSE-11.

[20]  C. Ghezzi,et al.  Towards Self-healing Service Compositions , 2004 .