Slide 1

Dustin Gardner 9/22/15 A Systematic Survey of Self- Protecting Software Systems E. Yuan and S. Malek, A taxonomy and survey of self-protecting software systems, ICSE Work. Softw. Eng. Adapt. Self-Managing Syst., vol. 8, no. 4, pp. 109118, 2012. Slide 2 Overview Autonomic Computing Defining Self-Protection Survey Process followed Process applied Interesting observations Slide 3 Autonomic Computing Self Managed Systems Joseph J. and Fellenstein C., Autonomic Computing - http://flylib.com/books/en/1.414.1.36/1/http://flylib.com/books/en/1.414.1.36/1/ Slide 4 Autonomic Element MAPE-K O. Jeffrey and M. David, The Vision of Autonomic Computing, IEEE Comput., vol. 36, no. January, pp. 4150, 2003. Slide 5 What are self-protecting software systems? Software Systems that detect and mitigate threats at runtime, not statically. Two main perspectives on protection systems Reactive system automatically defends against attacks Proactive system anticipates attacks and takes steps to mitigate them O. Jeffrey and M. David, The Vision of Autonomic Computing, IEEE Comput., vol. 36, no. January, pp. 4150, 2003. Pg 17:1 Slide 6 Why Self-Protecting Software Systems? Increasing Cyber Threats Conficker worm Stuxnet worm Static security solutions insufficient Software is increasingly dynamic at runtime Why shouldnt security measures? Pg 17:2 & 17:3 Slide 7 Self-Protection - Defined Differ from ITS & IRS Not intrusion-centric & perimeter based Local (Base) & Global (Meta) loops Example: Upon sensing an unusual data retreival pattern from a windows server, the global loop shuts down the server and redirects all traffic to a backup Linux server. Pg 17:5 Slide 8 Moving to the bread and butter Survey & Taxonomy 1030 papers selected 107 papers made the cut Systematic Pg 17:2 & 17:29 Slide 9 The Systematic System Pg 17:29 Slide 10 Taxonomy (RQ1) Pg 17:9 & 17:10 Slide 11 Taxonomy Applied (1)(RQ2) Pg 17:32 Slide 12 Taxonomy Applied (2) (RQ2) Pg 17:33 Slide 13 Taxonomy Applied (3) (RQ2) Pg 17:34 Slide 14 Observations From (WHAT)(RQ3) Self-Protection Levels Depths-of-Defense Layers Protection Goals Pg 17:15-18 Slide 15 Self-Protection & Depths-of-Defense Need for research applying to attack prediction and prevention Pg 17:16 Depths-of-Defense Layers Self-Protection Levels Slide 16 Protection Goal Observations Most focus on one or two, but not all three goals. Small confidentiality & availability overlap expected E.G. host-based intrusion, restart server Confidentiality & Integrity Preserved Not availability! Pg 17:18 Slide 17 Observations from (HOW)(RQ3) Control Topology Response Timing Enforcement Locale Pg 17:18-21 Slide 18 A Chart of All Three Reactive paradigm still norm, but proactive approaches catching up Why are these so skewed? Traditional focus on perimeter Pg 17:22 Slide 19 Observations from Approach Quality Validation Method Repeatability Applicability Pg 17:26 Slide 20 Charts of all Three Extremely low repeatability (12%) High Applicability (60%) Why? High percent of applicable implementations, prototypes, tools, etc. not available to public Pg 17:26 Slide 21 What are the applications of all this? The paper presents numerous great areas of research to focus See the page referenced Combine both reactive and proactive mechanisms for overall system protection and monitoring Leverage the techniques and communities from ID, IR, IT and others toward achieving a common goal Pg 17:28 Slide 22 Conclusion Self-Protection is increasingly important Faces many challenges This survey was a great starting point for my research Slide 23 Questions?