A semantic model for action-based adaptive security

This paper presents a semantic model to represent topology-based security requirements, recommend measures to address any possible security violations, and thus make the underlying systems compliant with its security requirements. The proposed action-based model is capable of adaptively adjusting the topological model of a given system in response to changes in the structure of its operational environment. The proposed framework benefits from non-monotonic reasoning to reason about possible execution paths and hence recommend actions to prevent security requirements violations. The results of our case studies show that using the proposed approach to enforce security measures, not only can we detect possible security violations caused by changes in the structure of operational environment, but also recommend actions to address possible violations.

[1]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[2]  Martin Gebser,et al.  clasp : A Conflict-Driven Answer Set Solver , 2007, LPNMR.

[3]  Wolfgang Faber,et al.  Semantics and complexity of recursive aggregates in answer set programming , 2011, Artif. Intell..

[4]  Gang Wu,et al.  Quartet based phylogeny reconstruction with answer set programming , 2004, 16th IEEE International Conference on Tools with Artificial Intelligence.

[5]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[6]  Enrico Giunchiglia,et al.  Nonmonotonic causal theories , 2004, Artif. Intell..

[7]  Carlo Ghezzi,et al.  Engineering topology aware adaptive security: Preventing requirements violations at runtime , 2014, 2014 IEEE 22nd International Requirements Engineering Conference (RE).

[8]  Dhouha Ayed,et al.  Analysis of XACML policies with ASP , 2015, 2015 7th International Conference on New Technologies, Mobility and Security (NTMS).

[9]  Wolfgang Faber,et al.  The DLV system for knowledge representation and reasoning , 2002, TOCL.

[10]  Raymond Reiter,et al.  A Logic for Default Reasoning , 1987, Artif. Intell..

[11]  Michael Gelfond,et al.  Towards Answer Set Programming with Sorts , 2013, LPNMR.

[12]  Frank Piessens,et al.  Runtime Enforcement of Security Policies on Black Box Reactive Programs , 2015, POPL.

[13]  Carlo Ghezzi,et al.  Topology aware adaptive security , 2014, SEAMS 2014.

[14]  Martin Gebser,et al.  Repair and Prediction (under Inconsistency) in Large Biological Networks with Answer Set Programming , 2010, KR.

[15]  Sara Sartoli,et al.  Adaptive Reasoning for Context-Sensitive Access Controls , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[16]  Martin Gebser,et al.  GrinGo : A New Grounder for Answer Set Programming , 2007, LPNMR.

[17]  Gail-Joon Ahn,et al.  Representing and Reasoning about Web Access Control Policies , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference.

[18]  Mary Shaw,et al.  Engineering Self-Adaptive Systems through Feedback Loops , 2009, Software Engineering for Self-Adaptive Systems.

[19]  Flemming Nielson,et al.  XACML 3.0 in Answer Set Programming , 2012, LOPSTR.

[20]  Wolfgang Faber Answer Set Programming , 2013, Reasoning Web.