•   When: Thursday, April 28, 2016 from 02:00 PM to 04:00 PM
•   Speakers: Eric Yuan
•   Location: Nguyen Engineering, Room 4801
•   Export to iCal

Abstract

Security is increasingly a principal concern that drives the design and construction of modern software systems. Since conventional software security approaches are often manually developed and statically deployed, they are no longer sufficient against today's sophisticated and evolving cyber security threats. This has motivated the development of self-protecting software that is capable of detecting security threats and mitigating them through runtime adaptation techniques. Much self-protection research to-date, however, has focused on specific system layers (e.g., network, host, or middleware), but lacks the ability to understand the "whole picture" and deploy defensive strategies intelligently.

In this dissertation, I make a case for an architecture-based self-protection (ABSP) approach to address this challenge. In ABSP, detection and mitigation of security threats are informed by an architectural representation of the running system, maintained at runtime. With this approach, it is possible to reason about the impact of a potential security breach on the system, assess the overall security posture of the system, and achieve defense in depth. To demonstrate the feasibility of this approach, I designed and implemented an autonomous self-protection framework called ARMOUR, consisting of three key elements: (1) a class of machine learning techniques to mine a software system's execution history at runtime, in order to develop a probabilistic architectural model that represents the system's normal behavior; (2) a novel anomaly detection algorithm that can detect in near real-time security threats that violate the system usage model; and (3) a set of architectural adaptation patterns that provide intelligent, repeatable threat mitigation against well-known web application security threats. My extensive evaluation of the ARMOUR framework against a real world emergency response system has shown very promising results, showing the framework can effectively detect covert attacks, including insider threats, that may be easily missed by traditional intrusion detection methods, thereby providing an additional line of defense for component-based software systems. The evaluations also demonstrate many practical advantages of the framework, including unsupervised learning with no need for clean training data and potential to detect unknown threats. Finally, I extend the ABSP approach to a deployment topology self-optimization scenario to illustrate that mining architecture-level system behavior models may help improve other quality attributes of a software system beyond security.