Research Team Status

• Names of researchers and position 
  (e.g. Research Scientist, PostDoc, Student (Undergrad/Masters/PhD))
  David Garlan, PI, Professor
  Eunsuk Kang, Professor
  Bradley Schmerl, Principal Systems Scientist
  Ryan Wagner, PhD Student
  Andy Hammer, PhD Student

• Any new collaborations with other universities/researchers?

  No.

Project Goals

• What is the current project goal?

  The overall goal of this project is to develop a methodology for designing computer systems that are resilient, in that during an attack, they are capable of preserving critical services, even if some of the less critical functions of the system are lost.  
   

• How does the current goal factor into the long-term goal of the project?

Accomplishments

• What was done: The focus on Year 1 is on the design-time analysis for architectural resilience. We have developed a prototype tool for the analysis (based on the Alloy Analyzer) that takes as input (1) a description of the system architecture and (2) a set of desired service requirements (e.g., a hospital IT system can provide critical medical support for an ICU). Our analysis tool then automatically analyzes the trust boundaries for the given architecture and service requirements; each trust boundary describes the subset of components in the system that need to be protected in order to satisfy the corresponding service requirement. During the period of Oct-Dec 2024, in addition to our initial case study on a hospital IT system, we have applied our prototype to two additional case studies: (i) an industrial control system for an electric power grid and (ii) a distributed architecture for electric vehicle charging stations. These case studies demonstrate that our analysis is general and scalable enough to be applicable to systems from different domains; we are currently preparing a research submission that summarizes the analysis method and the findings from the case studies.
• Continued work on representing the Alloy formal models as more user-friendly software architecture models, and providing translation of the architecture descriptions with trust boundaries into a formal Alloy models that can be analyzed.
• We have been having regular meetings with NSA personnel to keep them appraised about our research, and to answer any questions that they may have.
• Next steps: In Year 2, we will work on a run-time framework for dynamically adapting and reconfiguring a system architecture to gracefully degrade its functionality and preserve critical services. As the first steps in this direction, we plan to develop a set of architecture design and reconfiguration patterns that can be used to support graceful degradation. These patterns may include, for example, partitioning a database to separate critical data from less critical ones, restricting the flow of certain information over a channel (to remove unnecessary privilege), or adding a redundant component as a standby for a compromised one. By the end of the next quarter, we expect to have developed an initial catalog of patterns and validate their effectiveness over the above case studies. This quarter, we a also improving (a) the fidelity of the Alloy models for representing architectural designs, and (b) the user-facing aspects of the tool to enable automatic translation of architectural descriptions into an Alloy model.

Publications and presentations

• Add publication reference in the publications section below. An authors copy or final should be added in the report file(s) section. This is for NSA's review only.
• Optionally, upload technical presentation slides that may go into greater detail. For NSA's review only.