Abstract
Self-protecting software systems are a class of autonomic systems capable of detecting and mitigating security threats at runtime. They are growing in importance, as the stovepipe static methods of securing software systems have been shown to be inadequate for the challenges posed by modern software systems. Self-protection, like other self-* properties, allows the system to adapt to the changing environment through autonomic means without much human intervention, and can thereby be responsive, agile, and cost effective. While existing research has made significant progress towards autonomic and adaptive security, gaps and challenges remain. This article presents a significant extension of our preliminary study in this area. In particular, unlike our preliminary study, here we have followed a systematic literature review process, which has broadened the scope of our study and strengthened the validity of our conclusions. By proposing and applying a comprehensive taxonomy to classify and characterize the state-of-the-art research in this area, we have identified key patterns, trends and challenges in the existing approaches, which reveals a number of opportunities that will shape the focus of future research efforts.
- Abie, H. 2009. Adaptive security and trust management for autonomic message-oriented middleware. In Proceedings of the IEEE 6th International Conference on Mobile Adhoc and Sensor Systems (MASS’09). 810--817.Google Scholar
Cross Ref
- Abie, H., Dattani, I., Novkovic, M., Bigham, J., Topham, S., and Savola, R. 2008. GEMOM - Significant and measurable progress beyond the state of the art. In Proceedings of the 3rd International Conference on Systems and Networks Communications (ICSNC’08). 191--196. Google Scholar
Digital Library
- Adnane, A., de Sousa, Jr., R. T., Bidan, C., and Mé, L. 2008. Autonomic trust reasoning enables misbehavior detection in OLSR. In Proceedings of the 2008 ACM Symposium on Applied Computing. ACM, 2006--2013. Google Scholar
Digital Library
- Alampalayam, S. P. and Kumar, A. 2003. Security model for routing attacks in mobile ad hoc networks. In Proceedings of the 58th Vehicular Technology Conference (VTC’03). Vol.3. IEEE, 2122--2126.Google Scholar
- Alia, M. and Lacoste, M. 2008. A QoS and security adaptation model for autonomic pervasive systems. In Proceedings of the 32nd Annual IEEE International Computer Software and Applications (COMPSAC’08). 943--948. Google Scholar
Digital Library
- Alia, M., Lacoste, M., He, R., and Eliassen, F. 2010. Putting together QoS and security in autonomic pervasive systems. In Proceedings of the 6th ACM Workshop on Qos and Security for Wireless and Mobile Networks. ACM, 19--28. Google Scholar
Digital Library
- Al-Nashif, Y., Kumar, A. A., Hariri, S., Qu, G., Luo, Y., and Szidarovsky, F. 2008. Multi-level intrusion detection system (ML-IDS). In Proceedings of the International Conference on Autonomic Computing (ICAC’08). 131--140. Google Scholar
Digital Library
- Anisetti, M., Ardagna, C. A., Damiani, E., Frati, F., Müller, H. A., and Pahlevan, A. 2012. Web service assurance: The notion and the issues. Future Internet 4, 1, 92--109.Google Scholar
Cross Ref
- Atighetchi, M. and Pal, P. 2009. From Auto-adaptive to survivable and self-regenerative systems successes, challenges, and future. In Proceedings of the 8th IEEE International Symposium on Network Computing and Applications (NCA’09). 98--101. Google Scholar
Digital Library
- Atighetchi, M., Pal, P., Webber, F., Schantz, R., Jones, C., and Loyall, J. 2004. Adaptive cyberdefense for survival and intrusion tolerance. IEEE Internet Comput. 8, 6, 25--33. Google Scholar
Digital Library
- Atighetchi, M., Pal, P. P., Jones, C. C. et al. 2003. Building auto-adaptive distributed applications: The QuO-APOD experience. In Proceedings of the 23rd International Conference on Distributed Computing Systems Workshops. 104--109. Google Scholar
Digital Library
- Avižienis, A., Laprie, J.-C., and Randell, B. 2004. Dependability and its threats: A taxonomy. In Building the Information Society, R. Jacquart Ed., Springer, 91--120.Google Scholar
- Balepin, I., Maltsev, S., Rowe, J., and Levitt, K. 2003. Using specification-based intrusion detection for automated response. In Recent Advances in Intrusion Detection, G. Vigna, C. Kruegel, and E. Jonsson Eds., Springer, Berlin, 136--154.Google Scholar
- Ben Mahmoud, M. S., Larrieu, N., Pirovano, A., and Varet, A. 2010. An adaptive security architecture for future aircraft communications. In Proceedings of the 29th Digital Avionics Systems Conference (DASC). IEEE/AIAA, 3.E.2--1--3.E.2--16.Google Scholar
- Bencsáth, B., Pék, G., Buttyán, L., and Félegyházi, M. 2012. DUQU: Analysis, detection, and lessons learned. In Proceedings of the ACM European Workshop on System Security (EuroSec).Google Scholar
- Benjamin, D. P., Pal, P., Webber, F., Rubel, P., and Atigetchi, M. 2008. Using a cognitive architecture to automate cyberdefense reasoning. In Proceedings of the ECSIS Symposium on Bio-inspired Learning and Intelligent Systems for Security (BLISS’08). 58--63. Google Scholar
Digital Library
- Bijani, S. and Robertson, D. 2012. A review of attacks and security approaches in open multi-agent systems. Artif. Intell. Rev., 1--30.Google Scholar
- Blount, J. J., Tauritz, D. R., and Mulder, S. A. 2011. Adaptive rule-based malware detection employing learning classifier systems: A proof of concept. In Proceedings of the 35th Annual IEEE Computer Software and Applications Conference Workshops (COMPSACW). 110 --115. Google Scholar
Digital Library
- Brereton, P., Kitchenham, B. A., Budgen, D., Turner, M., and Khalil, M. 2007. Lessons from applying the systematic literature review process within the software engineering domain. J. Syst. Softw. 80, 4, 571--583. Google Scholar
Digital Library
- Burns, J., Cheng, A., Gurung, P. et al. 2001. Automatic management of network security policy. In Proceedings of the DARPA Information Survivability Conference Exposition II (DISCEX’01). Vol. 2. 12--26.Google Scholar
- Casola, V., Mancini, E. P., Mazzocca, N., Rak, M., and Villano, U. 2008. Self-optimization of secure web services. Comput. Commun. 31, 18, 4312--4323. Google Scholar
Digital Library
- Castro, M. and Liskov, B. 2002. Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20, 4, 398--461. Google Scholar
Digital Library
- Cavalcante, R. C., Bittencourt, I. I., da Silva, A. P., Silva, M., Costa, E., and Santos, R. 2012. A survey of security in multi-agent systems. Expert Syst. Appl. 39, 5, 4835--4846. Google Scholar
Digital Library
- Cheng, B. H. C., Lemos, R., Giese, H. et al. 2009. Software engineering for self-adaptive systems: A research roadmap. In Software Engineering for Self-Adaptive Systems, B. H. C. Cheng, R. Lemos, H. Giese, P. Inverardi, and J. Magee Eds., Springer, Berlin, 1--26. Google Scholar
Digital Library
- Cheng, P. C., Rohatgi, P., Keser, C., et al. 2007. Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). 222--230. Google Scholar
Digital Library
- Cheng, S.-W., Garlan, D., and Schmerl, B. 2006. Architecture-based self-adaptation in the presence of multiple objectives. In Proceedings of the International Workshop on Self-Adaptation and Self-Managing Systems. ACM, 2--8. Google Scholar
Digital Library
- Chess, D. M., Palmer, C. C., and White, S. R. 2003. Security in an autonomic computing environment. IBM Syst. J. 42, 1, 107--118. Google Scholar
Digital Library
- Chigan, C., Li, L., and Ye, Y. 2005. Resource-aware self-adaptive security provisioning in mobile ad hoc networks. In Proceedings of the Wireless Communications and Networking Conference. Vol. 4. IEEE, 2118--2124.Google Scholar
- Chong, J., Pal, P., Atigetchi, M., Rubel, P., and Webber, F. 2005. Survivability architecture of a mission critical system: The DPASA example. In Proceedings of the 21st Annual Computer Security Applications Conference. Google Scholar
Digital Library
- Costa, M., Crowcroft, J., Castro, M. et al. 2008. Vigilante: End-to-end containment of Internet worm epidemics. ACM Trans. Comput. Syst. 26, 4, 9:1--9:68. Google Scholar
Digital Library
- Cowan, C., Pu, C., Maier, D. et al. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th Conference on USENIX Security Symposium. Vol. 7, USENIX Association, 5--5. Google Scholar
Digital Library
- Cox, D. P., Al-Nashif, Y., and Hariri, S. 2007. Application of autonomic agents for global information grid management and security. In Proceedings of the Summer Computer Simulation Conference. Society for Computer Simulation International, 1147--1154. Google Scholar
Digital Library
- Crosbie, M. and Spafford, G. 1995. Active defense of a computer system using autonomous agents. Tech. rep. 95-008, COAST Group, Department of Computer Sciences, Purdue University, West Lafayette, IN.Google Scholar
- Debar, H., Thomas, Y., Cuppens, F., and Cuppens-Boulahia, N. 2007. Enabling automated threat response through the use of a dynamic security policy. J. Comput. Virol. 3, 3, 195--210.Google Scholar
Cross Ref
- de Oliveira, T. R., de Oliveira, S., Macedo, D. F., and Nogueira, J. M. 2011. An adaptive security management model for emergency networks. In Proceedings of the 7th Latin American Network Operations and Management Symposium (LANOMS), 1--4.Google Scholar
- De Palma, N., Hagimont, D., Boyer, F., and Broto, L. 2012. Self-protection in a clustered distributed system. IEEE Trans. Parall. Distrib. Syst. 23, 2, 330--336. Google Scholar
Digital Library
- Dittmann, J., Karpuschewski, B., Fruth, J., Petzel, M., and M”under, R. 2010. An exemplary attack scenario: Threats to production engineering inspired by the Conficker worm. In Proceedings of the 1st International Workshop on Digital Engineering. ACM, 25--32. Google Scholar
Digital Library
- Dragoni, N., Massacci, F., and Saidane, A. 2009. A self-protecting and self-healing framework for negotiating services and trust in autonomic communication systems. Comput. Netw. 53, 10, 1628--1648. Google Scholar
Digital Library
- Elkhodary, A. and Whittle, J. 2007. A survey of approaches to adaptive application security. In Proceedings of the Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS’07). 16. Google Scholar
Digital Library
- English, C., Terzis, S., and Nixon, P. 2006. Towards self-protecting ubiquitous systems: Monitoring trust-based interactions. Pers. Ubiq. Comput. 10, 1, 50--54. Google Scholar
Digital Library
- Erlingsson, U. and Schneider, F. B. 2000. SASI enforcement of security policies: A retrospective. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX’00). Vol. 2. 287--295.Google Scholar
- Fayssal, S., Alnashif, Y., Kim, B., and Hariri, S. 2008. A proactive wireless self-protection system. In Proceedings of the 5th International Conference on Pervasive Services. ACM, 11--20. Google Scholar
Digital Library
- Feiertag, R., Rho, S., Benzinger, L. et al. 2000. Intrusion detection inter-component adaptive negotiation. Comput. Netw. 34, 4, 605--621. Google Scholar
Digital Library
- Foo, B., Wu, Y. S., Mao, Y. C., Bagchi, S., and Spafford, E. 2005a. ADEPTS: Adaptive intrusion response using attack graphs in an e-commerce environment. In Proceedings of the International Conference on Dependable Systems and Networks (DSN’05). 508--517. Google Scholar
Digital Library
- Foo, B., Wu, Y.-S., Mao, Y.-C., Bagchi, S., and Spafford, E. 2005b. ADEPTS: Adaptive intrusion response using attack graphs in an e-commerce environment. In Proceedings of the International Conference on Dependable Systems and Networks (DSN’05). 508--517. Google Scholar
Digital Library
- Foster, H., Spanoudakis, G., and Mahbub, K. 2012. Formal certification and compliance for run-time service environments. In Proceedings of the IEEE 9th International Conference on Services Computing (SCC). 17--24. Google Scholar
Digital Library
- Frincke, D., Wespi, A., and Zamboni, D. 2007. From intrusion detection to self-protection. Comput. Netw. 51, 5, 1233--1238. Google Scholar
Digital Library
- Garlan, D., Cheng, S.-W., Huang, A.-C., Schmerl, B., and Steenkiste, P. 2004. Rainbow: Architecture-based self-adaptation with reusable infrastructure. Computer 37, 10, 46--54. Google Scholar
Digital Library
- Gelenbe, E. and Loukas, G. 2007. A self-aware approach to denial of service defence. Comput. Netw. 51, 5, 1299--1314. Google Scholar
Digital Library
- Ghosh, A. K. and Voas, J. M. 1999. Inoculating software for survivability. Commun. ACM 42, 7, 38--44. Google Scholar
Digital Library
- Ghosh, A. K., O’Connor, T., and McGraw, G. 1998. An automated approach for identifying potential vulnerabilities in software. In Proceedings of the IEEE Symposium on Security and Privacy. 104--114.Google Scholar
Cross Ref
- Goel, A., Po, K., Farhadi, K., Li, Z., and de Lara, E. 2005. The taser intrusion recovery system. SIGOPS Oper. Syst. Rev. 39, 5, 163--176. Google Scholar
Digital Library
- Guttman, J. D. and Herzog, A. L. 2005. Rigorous automated network security management. Int. J. Inf. Sec. 4, 1, 29--48. Google Scholar
Digital Library
- Hafiz, M., Adamczyk, P., and Johnson, R. E. 2007. Organizing security patterns. IEEE Softw. 24, 4, 52--60. Google Scholar
Digital Library
- Hashii, B., Malabarba, S., Pandey, R., and Bishop, M. 2000. Supporting reconfigurable security policies for mobile programs. Comput. Netw. 33, 1--6, 77--93. Google Scholar
Digital Library
- He, R. and Lacoste, M. 2008a. Applying component-based design to self-protection of ubiquitous systems. In Proceedings of the 3rd ACM Workshop on Software Engineering for Pervasive Services. ACM, 9--14. Google Scholar
Digital Library
- He, R. and Lacoste, M. 2008b. Applying component-based design to self-protection of ubiquitous systems. In Proceedings of the 3rd ACM Workshop on Software Engineering for Pervasive Services. 9--14. Google Scholar
Digital Library
- He, R., Lacoste, M., and Leneutre, J. 2010a. A policy management framework for self-protection of pervasive systems. In Proceedings of the 6th International Conference on Autonomic and Autonomous Systems (ICAS). 104--109. Google Scholar
Digital Library
- He, R., Lacoste, M., and Leneutre, J. 2010b. Virtual security kernel: A component-based OS architecture for self-protection. In Proceedings of the IEEE 10th International Conference on Computer and Information Technology (CIT). 851--858. Google Scholar
Digital Library
- Hinton, H., Cowan, C., Delcambre, L., and Bowers, S. 1999. SAM: Security adaptation manager. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC’99). 361--370. Google Scholar
Digital Library
- Huang, Y., Arsenault, D., and Sood, A. 2006. Closing cluster attack windows through server redundancy and rotations. In Proceedings of the 6th IEEE International Symposium on Cluster Computing and the Grid (CCGRID’06). 12--21. Google Scholar
Digital Library
- Huang, Y., Kintala, C., Kolettis, N., and Fulton, N. D. 1995. Software rejuvenation: Analysis, module and applications. In Proceedings of the 25th International Symposium on Fault-Tolerant Computing (FTCS-25). 381--390. Google Scholar
Digital Library
- Huebscher, M. C. and McCann, J. A. 2008. A survey of autonomic computing - degrees, models, and applications. ACM Comput. Surv. 40, 3, 7:1--7:28. Google Scholar
Digital Library
- Igure, V. and Williams, R. 2008. Taxonomies of attacks and vulnerabilities in computer systems. IEEE Commun. Surv. Tutor. 10, 1, 6--19. Google Scholar
Digital Library
- Jabbour, G. G. and Menasee, D. A. 2008. Policy-based enforcement of database security configuration through autonomic capabilities. In Proceedings of the 4th International Conference on Autonomic and Autonomous Systems (ICAS’08). 188--197. Google Scholar
Digital Library
- Jabbour, G. and Menasce, D. A. 2009. The insider threat security architecture: A framework for an integrated, inseparable, and uninterrupted self-protection mechanism. In Proceedings of the International Conference on Computational Science and Engineering (CSE’09). 244--251. Google Scholar
Digital Library
- Jain, S., Shafique, F., Djeric, V., and Goel, A. 2008. Application-level isolation and recovery with solitude. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems. ACM, 95--107. Google Scholar
Digital Library
- Jansen, B., Ramasamy, H., Schunter, M., and Tanner, A. 2008. Architecting dependable and secure systems using virtualization. In Architecting Dependable Systems V, R. de Lemos, F. Di Giandomenico, C. Gacek, H. Muccini, and M. Vieira Eds., Springer, Berlin, 124--149. Google Scholar
Digital Library
- Jean, E., Jiao, Y., Hurson, A. R., and Potok, T. E. 2007. Boosting-based distributed and adaptive security-monitoring through agent collaboration. In Proceedings of the IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology Workshops. 516--520. Google Scholar
Digital Library
- Kephart, J. O. and Chess, D. M. 2003. The vision of autonomic computing. Computer 36, 1, 41--50. Google Scholar
Digital Library
- Kephart, J. O., Sorkin, G. B., Swimmer, M., and White, S. R. 1997. Blueprint for a computer immune system. In Proceedings of the Virus Bulletin International Conference. San Francisco, CA.Google Scholar
- Kitchenham, B. 2004. Procedures for Performing Systematic Reviews. Keele University, Keele, UK.Google Scholar
- Klein, C., Schmid, R., Leuxner, C., Sitou, W., and Spanfelner, B. 2008. A survey of context adaptation in autonomic computing. In Proceedings of the 4th International Conference on Autonomic and Autonomous Systems (ICAS’08). 106--111. Google Scholar
Digital Library
- Konrad, S., Cheng, B. H. C., Campbell, L. A., and Wassermann, R. 2003. Using security patterns to model and analyze security requirements. In Proceedings of the Symposium on Requirements Engineering for High Assurance Systems (RHAS’03). 11.Google Scholar
- Kramer, J. and Magee, J. 2007. Self-managed systems: An architectural challenge. In Proceedings of the Symposium on the Future of Software Engineering (FOSE’07). 259--268. Google Scholar
Digital Library
- Kumar, G., Kumar, K., and Sachdeva, M. 2010. The use of artificial intelligence based techniques for intrusion detection: A review. Artif. Intell. Rev. 34, 4, 369--387. Google Scholar
Digital Library
- Labraoui, N., Gueroui, M., Aliouat, M., and Petit, J. 2010. Adaptive security level for data aggregation in wireless sensor networks. In Proceedings of the 5th IEEE International Symposium on Wireless Pervasive Computing (ISWPC). 325--330. Google Scholar
Digital Library
- Lamprecht, C. J. and van Moorsel, A. P. A. 2007. Adaptive SSL: Design, implementation and overhead analysis. In Proceedings of the 1st International Conference on Self-Adaptive and Self-Organizing Systems (SASO’07). 289--294. Google Scholar
Digital Library
- Lamprecht, C. J. and van Moorsel, A. P. A. 2008. Runtime security adaptation using adaptive SSL. In Proceedings of the 14th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC’08). 305--312. Google Scholar
Digital Library
- Langner, R. 2011. Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Secur. Privacy 9, 3, 49--51. Google Scholar
Digital Library
- Laureano, M., Maziero, C., and Jamhour, E. 2007. Protecting host-based intrusion detectors through virtual machines. Comput. Netw. 51, 5, 1275--1283. Google Scholar
Digital Library
- Lee, W., Miller, M., Stolfo, S. J., Fan, W., and Zadok, E. 2002. Toward cost-sensitive modeling for intrusion detection and response. J. Comput. Secur. 10, 2002. Google Scholar
Digital Library
- Lemos, R., Giese, H., Müller, H. A., et al. 2013. Software engineering for self-adaptive systems: A second research roadmap. In Software Engineering for Self-Adaptive Systems II, R. Lemos, H. Giese, H.A. Müller, and M. Shaw Eds., Springer, Berlin, Heidelberg, 1--32.Google Scholar
- Liang, Z. and Sekar, R. 2005. Fast and automated generation of attack signatures: A basis for building self-protecting servers. In Proceedings of the 12th ACM Conference on Computer and Communications Security. 213--222. Google Scholar
Digital Library
- Lim, Y. T., Cheng, P.-C., Rohatgi, P., and Clark, J. A. 2009. Dynamic security policy learning. In Proceedings of the 1st ACM Workshop on Information Security Governance. ACM, 39--48. Google Scholar
Digital Library
- Lorenzoli, D., Mariani, L., and Pezze, M. 2007. Towards self-protecting enterprise applications. In Proceedings of the 18th IEEE International Symposium on Software Reliability (ISSRE’07). 39--48. Google Scholar
Digital Library
- Malek, S., Esfahani, N., Menasce, D. A., Sousa, J. P., and Gomaa, H. 2009. Self-Architecting Software SYstems (SASSY) from QoS-annotated activity models. In Proceedings of the ICSE Workshop on Principles of Engineering Service Oriented Systems (PESOS’09), 62--69. Google Scholar
Digital Library
- Marino, J. and Rowley, M. 2010. Understanding SCA (Service Component Architecture). Pearson Education. Google Scholar
Digital Library
- Maximilien, E. M. and Singh, M. P. 2004. Toward autonomic web services trust and selection. In Proceedings of the 2nd International Conference on Service Oriented Computing, ACM, 212--221. Google Scholar
Digital Library
- McKinley, P. K., Sadjadi, S. M., Kasten, E. P., and Cheng, B. H. C. 2004. A taxonomy of compositional adaptation. Report MSU-CSE-04-17, Michigan State University.Google Scholar
- Menasce, D., Gomaa, H., Malek, S., and Sousa, J. 2011. SASSY: A framework for self-architecting service-oriented systems. IEEE Softw. 28, 6, 78--85. Google Scholar
Digital Library
- MITRE. 2011. CWE - 2011 CWE/SANS Top 25 Most Dangerous Software Errors. 2011 CWE/SANS Top 25 Most Dangerous Software Errors. http://cwe.mitre.org/top25/.Google Scholar
- Montangero, C. and Semini, L. 2004. Formalizing an adaptive security infrastructure in mobadtl. In Proceedings of the FCS’04, 301.Google Scholar
- Morin, B., Mouelhi, T., Fleurey, F., Le Traon, Y., Barais, O., and Jézéquel, J.-M. 2010. Security-driven model-based dynamic adaptation. In Proceedings of the IEEE/ACM International Conference on Automated software engineering, ACM, 205--214. Google Scholar
Digital Library
- Mouelhi, T., Fleurey, F., Baudry, B., and Le Traon, Y. 2008. A model-based framework for security policy specification, deployment and testing. In Model Driven Engineering Languages and Systems, K. Czarnecki, I. Ober, J.-M. Bruel, A. Uhl and M. Völter Eds., Springer, Berlin, 537--552. Google Scholar
Digital Library
- Musman, S. and Flesher, P. 2000. System or security managers adaptive response tool. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX’00). Vol. 2, 56--68.Google Scholar
- Nagarajan, A., Nguyen, Q., Banks, R., and Sood, A. 2011. Combining intrusion detection and recovery for enhancing system dependability. In Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), 25--30. Google Scholar
Digital Library
- Neumann, P. G. and Porras, P. A. 1999. Experience with EMERALD to date. In Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, 73--80. Google Scholar
Digital Library
- Nguyen, Q. L. and Sood, A. 2011. A comparison of intrusion-tolerant system architectures. IEEE Secur. Priv. 9, 4, 24--31. Google Scholar
Digital Library
- Okhravi, H., Comella, A., Robinson, E., and Haines, J. 2012. Creating a cyber moving target for critical infrastructure applications using platform diversity. Int. J. Crit. Infrastruct. Protection 5, 1, 30--39.Google Scholar
Cross Ref
- Okhravi, H., Robinson, E. I., Yannalfo, S., Michaleas, P. W., Haines, J., and Comella, A. 2010. TALENT: Dynamic platform heterogeneity for cyber survivability of mission critical applications. In Proceedings of the Secure and Resilient Cyber Architecture Conftrence (SCRA’10).Google Scholar
- Ostrovsky, R. and Yung, M. 1991. How to withstand mobile virus attacks (extended abstract). In Proceedings of the 10th Annual ACM Symposium on Principles of Distributed Computing. ACM, 51--59. Google Scholar
Digital Library
- Pal, P., Webber, F., and Schantz, R. 2007. The DPASA survivable JBI-a high-water mark in intrusion-tolerant systems. In Proceedings of the WRAITS 2007.Google Scholar
- Pasquale, L., Salehie, M., Ali, R., Omoronyia, I., and Nuseibeh, B. 2012. On the role of primary and secondary assets in adaptive security: An application in smart grids. In Proceedings of the 2012 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), 165--170.Google Scholar
- Perrin, C. 2008. The CIA Triad. http://www.techrepublic.com/blog/security/the-cia-triad/488.Google Scholar
- Porras, P. A. and Neumann, P. G. 1997. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In Proceedings of the 20th National Information Systems Security Conference, 353--365.Google Scholar
- Portokalidis, G. and Bos, H. 2007. SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots. Comput. Netw. 51, 5, 1256--1274. Google Scholar
Digital Library
- Psaier, H. and Dustdar, S. 2011. A survey on self-healing systems: Approaches and systems. Computing 91, 1, 43--73. Google Scholar
Digital Library
- Raissi, J. 2006. Dynamic selection of optimal cryptographic algorithms in a runtime environment. In Proceedings of the IEEE Congress on Evolutionary Computation (CEC’06). 184--191.Google Scholar
Cross Ref
- Rawat, S. and Saxena, A. 2009. Danger theory based SYN flood attack detection in autonomic network. In Proceedings of the 2nd International Conference on Security of Information and Networks. ACM, 213--218. Google Scholar
Digital Library
- Reiser, H. P. and Kapitza, R. 2007a. VM-FIT: Supporting intrusion tolerance with virtualisation technology. In Proceedings of the 1st Workshop on Recent Advances on Intrusion-Tolerant Systems (in conjunction with Eurosys 2007).Google Scholar
- Reiser, H. P. and Kapitza, R. 2007b. Hypervisor-based efficient proactive recovery. In Proceedings of the 26th IEEE International Symposium on Reliable Distributed Systems (SRDS’07), 83--92. Google Scholar
Digital Library
- Reynolds, J., Just, J., Lawson, E., Clough, L., Maglich, R., and Levitt, K. 2002. The design and implementation of an intrusion tolerant system. In Proceedings of the International Conference on Dependable Systems and Networks (DSN’02). 285--290. Google Scholar
Digital Library
- Reynolds, J. C., Just, J., Clough, L., and Maglich, R. 2003. On-line intrusion detection and attack prevention using diversity, generate-and-test, and generalization. In Proceedings of the 36th Annual Hawaii International Conference on System Sciences. Google Scholar
Digital Library
- Sadjadi, S. M. 2003. A survey of adaptive middleware. Michigan State University Report MSU-CSE-03-35.Google Scholar
- Salehie, M., Pasquale, L., Omoronyia, I., Ali, R., and Nuseibeh, B. 2012. Requirements-driven adaptive security: Protecting variable assets at runtime. In Proceedings of the 20th IEEE International Requirements Engineering Conference (RE). 111--120. IEEE. Google Scholar
Digital Library
- Salehie, M. and Tahvildari, L. 2009. Self-adaptive software: Landscape and research challenges. ACM Trans. Auton. Adapt. Syst. 4, 2, 14:1--14:42. Google Scholar
Digital Library
- Savola, R. M. and Heinonen, P. 2010. Security-measurability-enhancing mechanisms for a distributed adaptive security monitoring system. In Proceedings of the 4th International Conference on Emerging Security Information Systems and Technologies (SECURWARE). 25--34. Google Scholar
Digital Library
- Saxena, A., Lacoste, M., Jarboui, T., Lücking, U., and Steinke, B. 2007. A software framework for autonomic security in pervasive environments. In Information Systems Security, P. McDaniel and S. Gupta Eds., Springer, Berlin, 91--109. Google Scholar
Digital Library
- Schaub, F., Konings, B., Weber, M., and Kargl, F. 2012. Towards context adaptive privacy decisions in ubiquitous computing. In Proceedings of the 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops). 407--410.Google Scholar
- Schneider, F. B. 2003. Enforceable security policies. Foundations of Intrusion Tolerant Systems, {Organically Assured and Survivable Information Systems}, 117--137.Google Scholar
- Shameli-Sendi, A., Ezzati-Jivan, N., Jabbarifar, M., and Dagenais, M. 2012. Intrusion response systems: Survey and taxonomy. Int. J. Comput. Sci. Netw. Secur. 12, 1, 1--14.Google Scholar
- Sibai, F. M. and Menasce, D. A. 2011. Defeating the insider threat via autonomic network capabilities. In Proceedings of the 3rd International Conference on Communication Systems and Networks (COMSNETS). 1--10.Google Scholar
- Sibai, F. M. and Menasce, D. A. 2012. Countering network-centric insider threats through self-protective autonomic rule generation. In Proceedings of the IEEE 6th International Conference on Software Security and Reliability (SERE). 273--282. Google Scholar
Digital Library
- Sousa, P., Bessani, A. N., Correia, M., Neves, N. F., and Verissimo, P. 2007. Resilient intrusion tolerance through proactive and reactive recovery. In Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing (PRDC’07). 373--380. Google Scholar
Digital Library
- Sousa, P., Bessani, A. N., Correia, M., Neves, N. F., and Verissimo, P. 2010. Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Trans. Parall. Distrib. Syst. 21, 4, 452--465. Google Scholar
Digital Library
- Sousa, P., Neves, N. F., Verissimo, P., and Sanders, W. H. 2006. Proactive resilience revisited: The delicate balance between resisting intrusions and remaining available. In Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems (SRDS’06). 71--82. Google Scholar
Digital Library
- Sowa, J. F. and Zachman, J. A. 1992. Extending and formalizing the framework for information systems architecture. IBM Syst. J. 31, 3, 590--616. Google Scholar
Digital Library
- Spanoudakis, G., Kloukinas, C., and Androutsopoulos, K. 2007. Towards security monitoring patterns. In Proceedings of the ACM Symposium on Applied Computing, ACM. 1518--1525. Google Scholar
Digital Library
- Stakhanova, N., Basu, S., and Wong, J. 2007a. A taxonomy of intrusion response systems. Int. J. Inf. Comput. Sec. 1, 1, 169--184. Google Scholar
Digital Library
- Stakhanova, N., Basu, S., and Wong, J. 2007b. A cost-sensitive model for preemptive intrusion response systems. In Proceedings of the 21st International Conference on Advanced Information Networking and Applications (AINA’07). 428--435. Google Scholar
Digital Library
- Strasburg, C., Stakhanova, N., Basu, S., and Wong, J. S. 2009. A framework for cost sensitive assessment of intrusion response selection. In Proceedings of the 33rd Annual IEEE International Computer Software and Applications Conference (COMPSAC’09). 355--360. Google Scholar
Digital Library
- Sundaram, A. 1996. An introduction to intrusion detection. Crossroads 2, 4, 3--7. Google Scholar
Digital Library
- Swiderski, F. and Snyder, W. 2004. Threat Modeling. Microsoft Press, Redmond, WA. Google Scholar
Digital Library
- Swimmer, M. 2007. Using the danger model of immune systems for distributed defense in modern data networks. Comput. Netw. 51, 5, 1315--1333. Google Scholar
Digital Library
- Taddeo, A. V. and Ferrante, A. 2009. Run-time selection of security algorithms for networked devices. In Proceedings of the 5th ACM Symposium on QoS and Security for Wireless and Mobile Networks. ACM, 92--96. Google Scholar
Digital Library
- Tan, L., Zhang, X., Ma, X., Xiong, W., and Zhou, Y. 2008. AutoISES: Automatically inferring security specifications and detecting violations. In Proceedings of the 17th Conference on Security Symposium. 379--394. Google Scholar
Digital Library
- Tang, C. and Yu, S. 2008. A dynamic and self-adaptive network security policy realization mechanism. In Proceedings of the IFIP International Conference on Network and Parallel Computing (NPC’08). 88--95. Google Scholar
Digital Library
- Uribe, T. E. and Cheung, S. 2004. Automatic analysis of firewall and network intrusion detection system configurations. In Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering. 66--74. Google Scholar
Digital Library
- Valdes, A., Almgren, M., Cheung, S. et al. 2004. An architecture for an adaptive intrusion-tolerant server. In Security Protocols, B. Christianson, B. Crispo, J. Malcolm, and M. Roe Eds., Springer, Berlin, 569--574.Google Scholar
- Verissimo, P. E., Neves, N. F., Cachin, C. et al. 2006. Intrusion-tolerant middleware: The road to automatic security. IEEE Secur. Priv. 4, 4, 54--62. Google Scholar
Digital Library
- Vikram, K., Prateek, A., and Livshits, B. 2009. Ripley: Automatically securing web 2.0 applications through replicated execution. In Proceedings of the 16th ACM Conference on Computer and Communications Security, ACM, 173--186. Google Scholar
Digital Library
- Villegas, N. M., Müller, H. A., Tamura, G., Duchien, L., and Casallas, R. 2011. A framework for evaluating quality-driven self-adaptive software systems. In Proceedings of the 6th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, ACM, 80--89. Google Scholar
Digital Library
- Villegas, N. M., Tamura, G., Müller, H. A., Duchien, L., and Casallas, R. 2013. DYNAMICO: A reference model for governing control objectives and context relevance in self-adaptive software systems. In Software Engineering for Self-Adaptive Systems II, R. Lemos, H. Giese, H. A. Müller, and M. Shaw Eds., Springer Berlin, 265--293.Google Scholar
- Wang, F., Jou, F., Gong, F., Sargor, C., Goseva-Popstojanova, K., and Trivedi, K. 2003. SITAR: A scalable intrusion-tolerant architecture for distributed services. In Foundations of Intrusion Tolerant Systems {Organically Assured and Survivable Information Systems}, 359--367.Google Scholar
- Wang, H., Dong, X., and Wang, H. 2009. A method for software security growth based on the real-time monitor algorithm and software hot-swapping. In Proceedings of the 8th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC’09). 137--142. Google Scholar
Digital Library
- Weyns, D., Malek, S., and Andersson, J. 2012. FORMS: Unifying reference model for formal specification of distributed self-adaptive systems. ACM Trans. Autonom. Adapt. Syst. 7, 1, 1--61. Google Scholar
Digital Library
- White, S. R., Swimmer, M., Pring, E. J., Arnold, W. C., Chess, D. M., and Morar, J. F. 1999. Anatomy of a commercial-grade immune system. IBM Research White Paper.Google Scholar
- Wu, Y.-S., Foo, B., Mao, Y.-C., Bagchi, S., and Spafford, E. H. 2007. Automated adaptive intrusion containment in systems of interacting services. Comput. Netw. 51, 5, 1334--1360. Google Scholar
Digital Library
- Xiao, L. 2008. An adaptive security model using agent-oriented MDA. Inf. Softw. Tech. 51, 5, 933--955. Google Scholar
Digital Library
- Xiao, L., Peet, A., Lewis, P. et al. 2007. An adaptive security model for multi-agent systems and application to a clinical trials environment. In Proceedings of the 31st Annual International Computer Software and Applications Conference (COMPSAC’07). 261--268. Google Scholar
Digital Library
- Yau, S. S., Yao, Y., and Yan, M. 2006. Development and runtime support for situation-aware security in autonomic computing. In Proceedings of the 3rd International Conference on Autonomic and Trusted Computing, Springer-Verlag, 173--182. Google Scholar
Digital Library
- Yu, Z., Tsai, J. J. P., and Weigert, T. 2007. An automatically tuning intrusion detection system. IEEE Trans. Syst. Man Cybernet., Part B: Cybernetics 37, 2, 373--384. Google Scholar
Digital Library
- Yu, Z., Tsai, J. J. P., and Weigert, T. 2008. An adaptive automatically tuning intrusion detection system. ACM Trans. Auton. Adapt. Syst. 3, 3, 10:1--10:25. Google Scholar
Digital Library
- Yuan, E. and Malek, S. 2012. A taxonomy and survey of self-protecting software systems. In Proceedings of the 2012 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS). 109--118.Google Scholar
- Zhang, Z., Naït-Abdesselam, F., Ho, P.-H., and Kadobayashi, Y. 2011. Toward cost-sensitive self-optimizing anomaly detection and response in autonomic networks. Comput. Secur. 30, 6--7, 525--537.Google Scholar
Digital Library
- Zhang, Z. and Shen, H. 2009. M-AID: An adaptive middleware built upon anomaly detectors for intrusion detection and rational response. ACM Trans. Auton. Adapt. Syst. 4, 4, 24:1--24:35. Google Scholar
Digital Library
- Zhu, M., Yu, M., Xia, M. et al. 2011. VASP: Virtualization assisted security monitor for cross-platform protection. In Proceedings of the 2011 ACM Symposium on Applied Computing, ACM, 554--559. Google Scholar
Digital Library
- Zou, J., Lu, K., and Jin, Z. 2002. Architecture and fuzzy adaptive security algorithm in intelligent firewall. In Proceedings of the MILCOM’02. Vol. 2, 1145--1149.Google Scholar
Index Terms
A Systematic Survey of Self-Protecting Software Systems
Recommendations
A taxonomy and survey of self-protecting software systems
SEAMS '12: Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing SystemsSelf-protecting software systems are a class of autonomic systems capable of detecting and mitigating security threats at runtime. They are growing in importance, as the stovepipe static methods of securing software systems have shown inadequate for the ...
Autonomic specification of self-protection for distributed MARF with ASSL
C3S2E '09: Proceedings of the 2nd Canadian Conference on Computer Science and Software EngineeringThis paper presents practical results of our endeavor towards formal specification and code generation of the Autonomic Distributed Modular Audio Recognition Framework (AD-MARF) system. We used the Autonomic System Specification Language (ASSL) to ...
A review on architecture and models for autonomic software systems
AbstractAutonomic computing was the term coined by IBM in 2001. The term autonomic computing was used to define the self-adaptable nature of the human body. According to IBM, the same self-adaptable feature was the need to be incorporated in the software ...






Comments