Beyond One-Shot Security: Requirements-driven Run-time Security Adaptation to Reduce Code Patching (SecVolution@Run-Time)
Motivation and Context: There is a lot of research on how to construct secure systems. However, changes in the system, environment, or knowledge about the system can compromise security.
SecVolution I: The SecVolution approach developed in the first funding period supports secure software evolution at design-time by taking into account various informal and semi-formal sources of changes and deviations between system and knowledge. Natural language parsing, heuristic identification of security-related changes, and knowledge-based mechanisms for restoring security at design-time were combined and evaluated. It turned out that some types of problems can indeed be fixed at the level of models and development artifacts.
New Challenges: However, some challenges cannot be resolved at design-time:
- Trade-offs between security and other requirements @ run-time: There are trade-offs, for example between security and usability: A fully secure system requires more pre-cautions, making it less comfortable to use. All the necessary run-time information to resolve the conflict is available only when the system is executed.
- Patching security @ run-time: Patching the system to restore security takes time, during which the system stays vulnerable, while turning off the system is often not feasible.
- Reactive security @ run-time: In a highly dynamic and evolving system, not all feature interactions, new attacks, and security problems can be foreseen at design-time. When an attack or a problem occurs at run-time, the system should be able to react immediately: Either by selecting the most appropriate of the available security mech
- anisms, or by restricting a feature identified as vulnerable, or by referring the problem to the design-time mechanisms developed in SecVolution I.
- Balancing technical solutions and expert involvement: A new attack may occur in the running system, but be very difficult to spot in static models or code. Socio-technical methods for enabling human experts to identify and share their relevant knowledge effectively and efficiently is essential. Research Vision for SecVolution@Run-Time: We extend the SecVolution approach to run-time, by considering the full spectrum of informal real-world input available at run-time; from user behavior, white hat security experts to formal code analysis. We search for recur-ring patterns of attacks or vulnerabilities.
Key Contributions will include quality models parameterized with security aspects to allow instant adaptation; innovative use of media such as video for capturing new insights, and for conveying and illustrating knowledge in cases that require human involvement.
Challenges to be Overcome: Achieving this vision is highly challenging: it requires taking informal sources seriously, while extending the scope of automatic and semi-automatic security adaptation for keeping a running system secure.
Planned validation will include the Priority Programme's case studies CoCoME and PPU.
Predecessor Project
The project SecVolution@Run-Time is part of the 2nd funding period of the priority programme. It is the successor project of SecVolution which has been part of the 1st funding period.