Research Team Status

• Names of researchers and position 
  David Garlan, PI, Professor
  Eunsuk Kang, Professor
  Bradley Schmerl, Principal Systems Scientist
  Ryan Wagner, PhD Student
   
• Any new collaborations with other universities/researchers?

Project Goals

• What is the current project goal?

  The current goal of this project is to develop a new approach for designing a network-based computer system that is resilient against attacks, in that it is capable of preserving critical functions even if some of its components are compromised. This approach, which we call Adaptive Security Architecture, will be achieved through a combination of (1) a design-time, model-based analysis for computing the resiliency of a system architecture as a security metric (i.e. the amount of functionality that it is capable of preserving given a particular attack) and (2) a run-time adaptation method that reconfigures the system architecture and temporarily degrade system functionality to prevent the propagation of an on-going attack. This quarter's activities have been primarily focused on fleshing out an exemplar system. 
   

• How does the current goal factor into the long-term goal of the project?

  The identification of an exemplar system will allow early demonstration of our techniques for resilience.

Accomplishments

We have been working on using Alloy/AlloyMax to model the architecture of a system to compute the trust boundary for a given requirement. For a system, the Alloy model involves the components, their connections, the services (interfaces) of each component, and the input/output data of each service. Then, a requirement is expressed as a set of service calls. Specifically, for a system under attack, i.e., a set of components are compromised, a requirement is available if: for any of its service calls, there exists a non-compromised component providing that service. Then, the trust boundary is computed by finding the minimal set of components that shouldn't be compromised in order for a requirement to be safely available. Moreover, other than computing trust boundaries, the model can also: (1) generate a new architecture (close to the original one) such that a set of requirements can continue being available under attack; (2) generate a redesign of the system (close to the original one) such that there are no overlaps between trust boundaries (so that the resilience is improved).
 

• Impact of research
  • Internal to the university (coursework/curriculum)
  • External to the university (transition to industry/government (local/federal); patents, start-ups, software, etc.)
  • Any acknowledgements, awards, or references in media?

Publications and presentations

• Add publication reference in the publications section below. An authors copy or final should be added in the report file(s) section. This is for NSA's review only.
• Optionally, upload technical presentation slides that may go into greater detail. For NSA's review only.