A Systematic Survey of Self-Protecting Software Systems

Self-protecting software systems are a class of autonomic systems capable of detecting and mitigating security threats at runtime. They are growing in importance, as the stovepipe static methods of securing software systems have been shown to be inadequate for the challenges posed by modern software systems. Self-protection, like other self-* properties, allows the system to adapt to the changing environment through autonomic means without much human intervention, and can thereby be responsive, agile, and cost effective. While existing research has made significant progress towards autonomic and adaptive security, gaps and challenges remain. This article presents a significant extension of our preliminary study in this area. In particular, unlike our preliminary study, here we have followed a systematic literature review process, which has broadened the scope of our study and strengthened the validity of our conclusions. By proposing and applying a comprehensive taxonomy to classify and characterize the state-of-the-art research in this area, we have identified key patterns, trends and challenges in the existing approaches, which reveals a number of opportunities that will shape the focus of future research efforts.

[1]  Hausi A. Müller,et al.  Web Service Assurance: The Notion and the Issues , 2012, Future Internet.

[2]  Ashutosh Saxena,et al.  Danger theory based SYN flood attack detection in autonomic network , 2009, SIN '09.

[3]  D. Paul Benjamin,et al.  Using a Cognitive Architecture to Automate Cyberdefense Reasoning , 2008, 2008 Bio-inspired, Learning and Intelligent Systems for Security.

[4]  William H. Sanders,et al.  Proactive Resilience Revisited: The Delicate Balance Between Resisting Intrusions and Remaining Available , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[5]  Makhlouf Aliouat,et al.  Adaptive security level for data aggregation in Wireless Sensor Networks , 2010, IEEE 5th International Symposium on Wireless Pervasive Computing 2010.

[6]  Laura Semini,et al.  Formalizing an Adaptive Security Infrastructure in Mob-adtl , 2004 .

[7]  A. F. Adams,et al.  The Survey , 2021, Dyslexia in Higher Education.

[8]  Hamed Okhravi,et al.  Creating a cyber moving target for critical infrastructure applications using platform diversity , 2012, Int. J. Crit. Infrastructure Prot..

[9]  Yennun Huang,et al.  Software rejuvenation: analysis, module and applications , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[10]  Jon Whittle,et al.  A Survey of Approaches to Adaptive Application Security , 2007, International Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS '07).

[11]  Michel Dagenais,et al.  Intrusion Response Systems: Survey and Taxonomy , 2012 .

[12]  Ralph E. Johnson,et al.  Organizing Security Patterns , 2007, IEEE Software.

[13]  Salim Hariri,et al.  Application of autonomic agents for global information grid management and security , 2007, SCSC.

[14]  Eugene H. Spafford,et al.  Automated adaptive intrusion containment in systems of interacting services , 2007, Comput. Networks.

[15]  Reijo Savola,et al.  Security-Measurability-Enhancing Mechanisms for a Distributed Adaptive Security Monitoring System , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[16]  Daniel A. Menascé,et al.  Defeating the insider threat via autonomic network capabilities , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[17]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[18]  Leonardo Mariani,et al.  Towards Self-Protecting Enterprise Applications , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[19]  Seyed Masoud Sadjadi,et al.  A Survey of Adaptive Middleware , 2003 .

[20]  David Garlan,et al.  Rainbow: architecture-based self-adaptation with reusable infrastructure , 2004 .

[21]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[22]  Shang Gao,et al.  VASP: virtualization assisted security monitor for cross-platform protection , 2011, SAC.

[23]  Betty H. C. Cheng,et al.  A Taxonomy of Compositional Adaptation , 2004 .

[24]  Salim Hariri,et al.  A proactive wireless self-protection system , 2008, ICPS '08.

[25]  John F. Sowa,et al.  Extending and Formalizing the Framework for Information Systems Architecture , 1992, IBM Syst. J..

[26]  Ashvin Goel,et al.  Application-level isolation and recovery with solitude , 2008, Eurosys '08.

[27]  Bradley R. Schmerl,et al.  Software Engineering for Self-Adaptive Systems: A Second Research Roadmap , 2010, Software Engineering for Self-Adaptive Systems.

[28]  Miguel Correia,et al.  Resilient Intrusion Tolerance through Proactive and Reactive Recovery , 2007 .

[29]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[30]  Ali R. Hurson,et al.  Boosting-Based Distributed and Adaptive Security-Monitoring through Agent Collaboration , 2007, 2007 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Workshops.

[31]  Eyal de Lara,et al.  The taser intrusion recovery system , 2005, SOSP '05.

[32]  Habtamu Abie Adaptive security and trust management for autonomic message-oriented middleware , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[33]  Prasad Rao,et al.  Automatic management of network security policy , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[34]  Sam Malek,et al.  Self-Architecting Software SYstems (SASSY) from QoS-annotated activity models , 2009, 2009 ICSE Workshop on Principles of Engineering Service Oriented Systems.

[35]  Rogério de Lemos,et al.  Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems , 2012, ICSE 2012.

[36]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[37]  Johnny S. Wong,et al.  A Framework for Cost Sensitive Assessment of Intrusion Response Selection , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[38]  Betty H. C. Cheng,et al.  Using Security Patterns to Model and Analyze Security Requirements , 2012 .

[39]  S. Mnsman,et al.  System or security managers adaptive response tool , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[40]  Pearl Brereton,et al.  Lessons from applying the systematic literature review process within the software engineering domain , 2007, J. Syst. Softw..

[41]  Marc Lacoste,et al.  Applying component-based design to self-protection of ubiquitous systems , 2008, SEPS '08.

[42]  Schahram Dustdar,et al.  A survey on self-healing systems: approaches and systems , 2010, Computing.

[43]  Jesper Andersson,et al.  FORMS: Unifying reference model for formal specification of distributed self-adaptive systems , 2012, TAAS.

[44]  H. Okhravi,et al.  TALENT : Dynamic Platform Heterogeneity for Cyber Survivability of Mission Critical Applications ∗ , 2010 .

[45]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[46]  Jalal Raissi Dynamic Selection of Optimal Cryptographic Algorithms in a Runtime Environment , 2006, 2006 IEEE International Conference on Evolutionary Computation.

[47]  John A. Zinky,et al.  Building auto-adaptive distributed applications: the QuO-APOD experience , 2003, 23rd International Conference on Distributed Computing Systems Workshops, 2003. Proceedings..

[48]  Fabienne Boyer,et al.  Self-Protection in a Clustered Distributed System , 2012, IEEE Transactions on Parallel and Distributed Systems.

[49]  Marc Lacoste,et al.  A QoS and Security Adaptation Model for Autonomic Pervasive Systems , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[50]  Yves Le Traon,et al.  A Model-Based Framework for Security Policy Specification, Deployment and Testing , 2008, MoDELS.

[51]  Marc Lacoste,et al.  A Software Framework for Autonomic Security in Pervasive Environments , 2007, ICISS.

[52]  Hong Shen,et al.  M-AID: An adaptive middleware built upon anomaly detectors for intrusion detection and rational response , 2009, TAAS.

[53]  Gary McGraw,et al.  An automated approach for identifying potential vulnerabilities in software , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[54]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[55]  Rogério de Lemos,et al.  Architecting dependable systems , 2003, J. Syst. Softw..

[56]  Paulo Veríssimo,et al.  Intrusion-tolerant middleware: the road to automatic security , 2006, IEEE Security & Privacy.

[57]  Rüdiger Kapitza,et al.  VM-FIT: Supporting Intrusion Tolerance with Virtualisation Technology , 2007 .

[58]  Marc Lacoste,et al.  A Policy Management Framework for Self-Protection of Pervasive Systems , 2010, 2010 Sixth International Conference on Autonomic and Autonomous Systems.

[59]  Ladan Tahvildari,et al.  Self-adaptive software: Landscape and research challenges , 2009, TAAS.

[60]  Bob Martin,et al.  2010 CWE/SANS Top 25 Most Dangerous Software Errors , 2010 .

[61]  Morton Swimmer Using the danger model of immune systems for distributed defense in modern data networks , 2007, Comput. Networks.

[62]  Deborah A. Frincke,et al.  From intrusion detection to self-protection , 2007, Comput. Networks.

[63]  Hausi A. Müller,et al.  A framework for evaluating quality-driven self-adaptive software systems , 2011, SEAMS '11.

[64]  Brian Randell,et al.  Dependability and its threats - A taxonomy , 2004, IFIP Congress Topical Sessions.

[65]  Feiyi Wang,et al.  SITAR: a scalable intrusion-tolerant architecture for distributed services , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[66]  Bradley R. Schmerl,et al.  Rainbow: architecture-based self-adaptation with reusable infrastructure , 2004, International Conference on Autonomic Computing, 2004. Proceedings..

[67]  Lois M. L. Delcambre,et al.  SAM: Security Adaptation Manager , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[68]  Carlos Maziero,et al.  Protecting host-based intrusion detectors through virtual machines , 2007, Comput. Networks.

[69]  Nicola Mazzocca,et al.  Self-optimization of secure web services , 2008, Comput. Commun..

[70]  Peter G. Neumann,et al.  Experience with EMERALD to Date , 1999, Workshop on Intrusion Detection and Network Monitoring.

[71]  Alexander Romanovsky,et al.  Architecting Dependable Systems II , 2004, Lecture Notes in Computer Science.

[72]  Levente Buttyán,et al.  Duqu: Analysis, Detection, and Lessons Learned , 2012 .

[73]  Michael Atighetchi,et al.  Survivability architecture of a mission critical system: the DPASA example , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[74]  Hausi A. Müller,et al.  DYNAMICO: A Reference Model for Governing Control Objectives and Context Relevance in Self-Adaptive Software Systems , 2010, Software Engineering for Self-Adaptive Systems.

[75]  Bashar Nuseibeh,et al.  Requirements-driven adaptive security: Protecting variable assets at runtime , 2012, 2012 20th IEEE International Requirements Engineering Conference (RE).

[76]  Eugene H. Spafford,et al.  Active Defense of a Computer System using Autonomous Agents , 1995 .

[77]  George Spanoudakis,et al.  Formal Certification and Compliance for Run-Time Service Environments , 2012, 2012 IEEE Ninth International Conference on Services Computing.

[78]  Erol Gelenbe,et al.  A self-aware approach to denial of service defence , 2007, Comput. Networks.

[79]  Bernhard Jansen,et al.  Architecting Dependable and Secure Systems Using Virtualization , 2007, WADS.

[80]  Bradley R. Schmerl,et al.  Architecture-based self-adaptation in the presence of multiple objectives , 2006, SEAMS '06.

[81]  Arun K. Sood,et al.  A Comparison of Intrusion-Tolerant System Architectures , 2011, IEEE Security & Privacy.

[82]  Antony I. T. Rowstron,et al.  Vigilante: End-to-end containment of Internet worm epidemics , 2006, TOCS.

[83]  Sam Malek,et al.  A taxonomy and survey of self-protecting software systems , 2012, 2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[84]  Marc Lacoste,et al.  Virtual Security Kernel: A Component-Based OS Architecture for Self-Protection , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[85]  Cornel Klein,et al.  A Survey of Context Adaptation in Autonomic Computing , 2008, Fourth International Conference on Autonomic and Autonomous Systems (ICAS'08).

[86]  Karl N. Levitt,et al.  The design and implementation of an intrusion tolerant system , 2002, Proceedings International Conference on Dependable Systems and Networks.

[87]  Matt Bishop,et al.  Supporting reconfigurable security policies for mobile programs , 2000, Comput. Networks.

[88]  Zhenkai Liang,et al.  Fast and automated generation of attack signatures: a basis for building self-protecting servers , 2005, CCS '05.

[89]  Ig Ibert Bittencourt,et al.  A survey of security in multi-agent systems , 2012, Expert Syst. Appl..

[90]  Rogério de Lemos,et al.  Software Engineering for Self-Adaptive Systems [outcome of a Dagstuhl Seminar] , 2009, Software Engineering for Self-Adaptive Systems.

[91]  Arun K. Sood,et al.  Closing cluster attack windows through server redundancy and rotations , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[92]  Aad P. A. van Moorsel,et al.  Runtime Security Adaptation Using Adaptive SSL , 2008, 2008 14th IEEE Pacific Rim International Symposium on Dependable Computing.

[93]  Liang Xiao An adaptive security model using agent-oriented MDA , 2009, Inf. Softw. Technol..

[94]  Jeff Magee,et al.  Self-Managed Systems: an Architectural Challenge , 2007, Future of Software Engineering (FOSE '07).

[95]  Steve R. White,et al.  Anatomy of a Commercial-Grade Immune System , 1999 .

[96]  Karl N. Levitt,et al.  Using Specification-Based Intrusion Detection for Automated Response , 2003, RAID.

[97]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[98]  Paddy Nixon,et al.  Towards self-protecting ubiquitous systems: monitoring trust-based interactions , 2005, Personal and Ubiquitous Computing.

[99]  John Bigham,et al.  GEMOM - Significant and Measurable Progress beyond the State of the Art , 2008, 2008 Third International Conference on Systems and Networks Communications.

[100]  Charles C. Palmer,et al.  Security in an autonomic computing environment , 2003, IBM Syst. J..

[101]  MalekSam,et al.  A Systematic Survey of Self-Protecting Software Systems , 2014 .

[102]  Liang Xiao,et al.  An Adaptive Security Model for Multi-agent Systems and Application to a Clinical Trials Environment , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[103]  Brice Morin,et al.  Security-driven model-based dynamic adaptation , 2010, ASE '10.

[104]  Daniel A. Menascé,et al.  The Insider Threat Security Architecture: A Framework for an Integrated, Inseparable, and Uninterrupted Self-Protection Mechanism , 2009, 2009 International Conference on Computational Science and Engineering.

[105]  Jeffrey M. Voas,et al.  Inoculating software for survivability , 1999, CACM.

[106]  Bashar Nuseibeh,et al.  On the role of primary and secondary assets in adaptive security: An application in smart grids , 2012, 2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[107]  Joshua D. Guttman,et al.  Rigorous automated network security management , 2005, International Journal of Information Security.

[108]  Franklin Webber,et al.  The DPASA Survivable JBI — A High-Water Mark in Intrusion-Tolerant Systems , 2007 .

[109]  Ferenc Szidarovszky,et al.  Multi-Level Intrusion Detection System (ML-IDS) , 2008, 2008 International Conference on Autonomic Computing.

[110]  Daniel F. Macedo,et al.  An adaptive security management model for emergency networks , 2011, 2011 7th Latin American Network Operations and Management Symposium.

[111]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[112]  Miguel Correia,et al.  Resilient Intrusion Tolerance through Proactive and Reactive Recovery , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[113]  Johnny S. Wong,et al.  A Cost-Sensitive Model for Preemptive Intrusion Response Systems , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[114]  Karl N. Levitt,et al.  Intrusion Detection Inter-component Adaptive Negotiation , 1999, Recent Advances in Intrusion Detection.

[115]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[116]  Aad P. A. van Moorsel,et al.  Adaptive SSL: Design, Implementation and Overhead Analysis , 2007, First International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2007).

[117]  Nora Cuppens-Boulahia,et al.  Enabling automated threat response through the use of a dynamic security policy , 2007, Journal in Computer Virology.

[118]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[119]  Jeffrey O. Kephart,et al.  Blueprint for a Computer Immune System , 1999 .

[120]  Daniel A. Menascé,et al.  Countering Network-Centric Insider Threats through Self-Protective Autonomic Rule Generation , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability.

[121]  Thomas Weigert,et al.  An adaptive automatically tuning intrusion detection system , 2008, TAAS.

[122]  Youki Kadobayashi,et al.  Toward cost-sensitive self-optimizing anomaly detection and response in autonomic networks , 2011, Comput. Secur..

[123]  John A. Clark,et al.  Dynamic security policy learning , 2009, WISG '09.

[124]  Renè Jacquart,et al.  Building the Information Society , 2004, IFIP International Federation for Information Processing.

[125]  Arun K. Sood,et al.  Combining intrusion detection and recovery for enhancing system dependability , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[126]  E. Michael Maximilien,et al.  Toward autonomic web services trust and selection , 2004, ICSOC '04.

[127]  Gulshan Kumar,et al.  The use of artificial intelligence based techniques for intrusion detection: a review , 2010, Artificial Intelligence Review.

[128]  Ronald D. Williams,et al.  Taxonomies of attacks and vulnerabilities in computer systems , 2008, IEEE Communications Surveys & Tutorials.

[129]  Stephen S. Yau,et al.  Development and Runtime Support for Situation-Aware Security in Autonomic Computing , 2006, ATC.

[130]  Daniel A. Menascé,et al.  Policy-Based Enforcement of Database Security Configuration through Autonomic Capabilities , 2008, Fourth International Conference on Autonomic and Autonomous Systems (ICAS'08).

[131]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[132]  Michael Atighetchi,et al.  Adaptive cyberdefense for survival and intrusion tolerance , 2004, IEEE Internet Computing.

[133]  Michael Rowley,et al.  Understanding SCA (Service Component Architecture) , 2009 .

[134]  Michael Atighetchi,et al.  From Auto-adaptive to Survivable and Self-Regenerative Systems Successes, Challenges, and Future , 2009, 2009 Eighth IEEE International Symposium on Network Computing and Applications.

[135]  James C. Reynolds,et al.  On-line intrusion detection and attack prevention using diversity, generate-and-test, and generalization , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[136]  Benjamin Livshits,et al.  Ripley: automatically securing web 2.0 applications through replicated execution , 2009, CCS.

[137]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.

[138]  Frank Eliassen,et al.  Putting together QoS and security in autonomic pervasive systems , 2010, Q2SWinet '10.

[139]  Alain Pirovano,et al.  An adaptive security architecture for future aircraft communications , 2010, 29th Digital Avionics Systems Conference.

[140]  David Stuart Robertson,et al.  A review of attacks and security approaches in open multi-agent systems , 2012, Artificial Intelligence Review.

[141]  Barbara Kitchenham,et al.  Procedures for Performing Systematic Reviews , 2004 .

[142]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[143]  Huiqiang Wang,et al.  A Method for Software Security Growth Based on the Real-Time Monitor Algorithm and Software Hot-Swapping , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[144]  Xiao Ma,et al.  AutoISES: Automatically Inferring Security Specification and Detecting Violations , 2008, USENIX Security Symposium.

[145]  Mary Shaw,et al.  Software Engineering for Self-Adaptive Systems: A Research Roadmap , 2009, Software Engineering for Self-Adaptive Systems.

[146]  A. Kumar,et al.  Security model for routing attacks in mobile ad hoc networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[147]  George Spanoudakis,et al.  Towards security monitoring patterns , 2007, SAC '07.

[148]  Fabio Massacci,et al.  A self-protecting and self-healing framework for negotiating services and trust in autonomic communication systems , 2009, Comput. Networks.

[149]  RobertsonDavid,et al.  A review of attacks and security approaches in open multi-agent systems , 2014 .

[150]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[151]  Herbert Bos,et al.  SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots , 2007, Comput. Networks.

[152]  Shunzheng Yu,et al.  A Dynamic and Self-Adaptive Network Security Policy Realization Mechanism , 2008, 2008 IFIP International Conference on Network and Parallel Computing.

[153]  Rafael Timóteo de Sousa Júnior,et al.  Autonomic trust reasoning enables misbehavior detection in OLSR , 2008, SAC '08.

[154]  Rüdiger Kapitza,et al.  Hypervisor-Based Efficient Proactive Recovery , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[155]  Julie A. McCann,et al.  A survey of autonomic computing—degrees, models, and applications , 2008, CSUR.

[156]  Yinghua Ye,et al.  Resource-aware self-adaptive security provisioning in mobile ad hoc networks , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[157]  Jana Dittmann,et al.  An exemplary attack scenario: threats to production engineering inspired by the Conficker worm , 2010, IWDE '10.

[158]  Miguel Correia,et al.  Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery , 2010, IEEE Transactions on Parallel and Distributed Systems.

[159]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[160]  Jun Zou,et al.  Architecture and fuzzy adaptive security algorithm in intelligent firewall , 2002, MILCOM 2002. Proceedings.

[161]  Alberto Ferrante,et al.  Run-time selection of security algorithms for networked devices , 2009, Q2SWinet '09.

[162]  Tomás E. Uribe,et al.  Automatic analysis of firewall and network intrusion detection system configurations , 2004, FMSE '04.

[163]  Michael Weber,et al.  Towards context adaptive privacy decisions in ubiquitous computing , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[164]  Magnus Almgren,et al.  An Architecture for an Adaptive Intrusion-Tolerant Server , 2002, Security Protocols Workshop.

[165]  Arnaud Gotlieb,et al.  Improving Constraint-Based Testing with Dynamic Linear Relaxations , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[166]  Sam Malek,et al.  SASSY: A Framework for Self-Architecting Service-Oriented Systems , 2011, IEEE Software.