TY - GEN
T1 - On the role of primary and secondary assets in adaptive security
T2 - 7th ACM/IEEE International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2012
AU - Pasquale, Liliana
AU - Salehie, Mazeiar
AU - Ali, Raian
AU - Omoronyia, Inah
AU - Nuseibeh, Bashar
PY - 2012
Y1 - 2012
N2 - Adaptive security aims to protect valuable assets managed by a system, by applying a varying set of security controls. Engineering adaptive security is not an easy task. A set of effective security countermeasures should be identified. These countermeasures should not only be applied to (primary) assets that customers desire to protect, but also to other (secondary) assets that can be exploited by attackers to harm the primary assets. Another challenge arises when assets vary dynamically at runtime. To accommodate these variabilities, it is necessary to monitor changes in assets, and apply the most appropriate countermeasures at runtime. The paper provides three main contributions for engineering adaptive security. First, it proposes a modeling notation to represent primary and secondary assets, along with their variability. Second, it describes how to use the extended models in engineering security requirements and designing required monitoring functions. Third, the paper illustrates our approach through a set of adaptive security scenarios in the customer domain of a smart grid. We suggest that modeling secondary assets aids the deployment of countermeasures, and, in combination with a representation of assets variability, facilitates the design of monitoring functions.
AB - Adaptive security aims to protect valuable assets managed by a system, by applying a varying set of security controls. Engineering adaptive security is not an easy task. A set of effective security countermeasures should be identified. These countermeasures should not only be applied to (primary) assets that customers desire to protect, but also to other (secondary) assets that can be exploited by attackers to harm the primary assets. Another challenge arises when assets vary dynamically at runtime. To accommodate these variabilities, it is necessary to monitor changes in assets, and apply the most appropriate countermeasures at runtime. The paper provides three main contributions for engineering adaptive security. First, it proposes a modeling notation to represent primary and secondary assets, along with their variability. Second, it describes how to use the extended models in engineering security requirements and designing required monitoring functions. Third, the paper illustrates our approach through a set of adaptive security scenarios in the customer domain of a smart grid. We suggest that modeling secondary assets aids the deployment of countermeasures, and, in combination with a representation of assets variability, facilitates the design of monitoring functions.
KW - Adaptive security
KW - Adaptive software
KW - Assets
KW - Smart grid
UR - http://www.scopus.com/inward/record.url?scp=84865138919&partnerID=8YFLogxK
U2 - 10.1109/SEAMS.2012.6224403
DO - 10.1109/SEAMS.2012.6224403
M3 - Conference contribution
AN - SCOPUS:84865138919
SN - 9781467317870
T3 - ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems
SP - 165
EP - 170
BT - 2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2012 - Proceedings
PB - IEEE Computer Society
Y2 - 4 June 2012 through 5 June 2012
ER -