•   When: Tuesday, November 14, 2023 from 02:30 PM to 04:30 PM
•   Speakers: Sarah Alhozaimy
•   Location: Virtual - Zoom
•   Export to iCal

Modern computer systems have become more complex over time and traditional resilience mechanisms built around static configurations may no longer adequately protect them against cyberattacks and failures. To address these limitations, systems have to become more dynamic to increase their resilience and adaptability to environmental changes. Adaptation through dynamic reconfiguration can improve quality of service, increase fault-tolerance, help recover from failures, prevent and recover from cyberattacks. A major challenge of dynamic reconfiguration is the performance and availability degradation that may occur during system reconfiguration. Dynamic reconfiguration is primarily a mechanism that reconfigures one or more of a system's resources. Although multiple dynamic reconfiguration techniques have been described in the literature, there is no comprehensive method to quantify their tradeoffs due to reconfiguration overhead. Therefore, a quantification framework for dynamic reconfiguration is needed to formally analyze and optimize performance tradeoffs.

This dissertation formalizes the problem of dynamic reconfiguration and demonstrates several theorems regarding the use of dynamic reconfiguration to reduce the incidence of cyberattacks and protect from failures. This work defines functions that capture the effect of dynamic reconfigurations on a system's resilience to cyberattacks and failures.

Metrics are also developed that capture the impact of reconfigurations on a system's execution time and on the probability of cyberattacks and failure. This work also derives analytic models for predicting the effect of dynamic reconfigurations on execution time and resilience to cyberattacks and failures. Several theorems regarding the tradeoff between resilience, performance, and availability are presented. An optimization problem is defined, and formalized with the help of these theorems, to determine the optimal reconfiguration frequency to meet performance-resilience tradeoffs.

This dissertation also applied an approach inspired by Moving Target Defense (MTDs) to increase workflow-based applications robustness to cyberattacks. This approach is based on dynamic reconfigurations of workflow tasks to reduce an attacker's probability of succeeding in completing the reconnaissance phase of a workflow before launching an attack.  To determine the impact of task reconfigurations on a workflow's execution time and resilience against cyberattacks, this work designed recursive algorithms for computing the execution time of a workflow and the reconnaissance function of a workflow, and derived an analytic model that captures the tradeoff between security and execution time of workflow-based applications. To validate the result the experiments used a trace-driven simulation analysis of 6,000 workflows from the Workflow Trace Archive consisting of real-life workflow traces from three different domains: scientific computing, engineering, and industrial.