Open Systems | Science of Security Virtual Organization

Open Systems

Opens systems historically seemed “immune” to cyber-attacks because hackers used the same software. Increasingly, open systems vulnerabilities are being exploited. The seven articles cited here explore various aspects of open systems security, including resource sharing, software specifications, attack vectors and dependability. The first paper, comparing open and closed systems, was presented at HOT SoS 2014, the Symposium and Bootcamp on the Science of Security (HotSoS), a research event centered on the Science of Security held April 8-9, 2014 in Raleigh, North Carolina.

Joan Feigenbaum, Aaron D. Jaggard, Rebecca N. Wright, “Open vs. Closed Systems for Accountability” 2014 HOT SoS, Symposium and Conference on. Raleigh, NC. (To be published in Journals of the ACM, 2014) (ID#:14-1409) Available at: http://www.hot-sos.org/2014/proceedings/papers.pdf This article explores the correspondence between accountability and identity in online activities by surveying principal directed relationships, system identities (nyms), and actions using the aforementioned nyms. Taking into consideration that punishment correlates with accountability, the authors of this paper devised a utility-theoretic framework to map the parallel between violators and the identities used to perform malicious activity. This paper also explores the correlation between bound identity and accountability. Keywords: Accountability, Identity, Utility, Open Systems, closed systems

Asberg, M.; Nolte, T.; Behnam, M., "Resource Sharing Using The Rollback Mechanism In Hierarchically Scheduled Real-Time Open Systems" Real-Time and Embedded Technology and Applications Symposium (RTAS), 2013 IEEE 19th , vol., no., pp.129,140, 9-11 April 2013. (ID#:14-1410) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6531086&isnumber=6531071 In this paper we present a new synchronization protocol called RRP (Rollback Resource Policy) which is compatible with hierarchically scheduled open systems and specialized for resources that can be aborted and rolled back. We conduct an extensive event-based simulation and compare RRP against all equivalent existing protocols in hierarchical fixed priority preemptive scheduling; SIRAP (Subsystem Integration and Resource Allocation Policy), OPEN-HSRPnP (open systems version of Hierarchical Stack Resource Policy no Payback) and OPEN-HSRPwP (open systems version of Hierarchical Stack Resource Policy with Payback). Our simulation study shows that RRP has better average-case response-times than the state-of-the-art protocol in open systems, i.e., SIRAP, and that it performs better than OPEN-HSRPnP/OPEN-HSRPwP in terms of schedulability of randomly generated systems. The simulations consider both resources that are compatible with rollback as well as resources incompatible with rollback (only abort), such that the resource-rollback overhead can be evaluated. We also measure CPU overhead costs (in VxWorks) related to the rollback mechanism of tasks and resources. We use the eXtremeDB (embedded real-time) database to measure the resource-rollback overhead1. Keywords: open systems; protocols; real-time systems; resource allocation; scheduling; synchronisation; CPU overhead cost; OPEN-HSRPnP protocol; RRP synchronization protocol; SIRAP protocol; average-case response time; embedded realtime database; event-based simulation; hierarchical fixed priority preemptive scheduling; open systems version of hierarchical stack resource policy with payback; realtime open system; resource sharing; resource-rollback overhead; rollback mechanism; rollback resource policy; subsystem integration and resource allocation policy; hierarchical scheduling; open systems; real-time systems; resource sharing; synchronization protocol

Bahtijar Vogel, “Towards Open Architecture System” Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering August 2013 (Pages 731-734) (ID#:14-1411) Available at: http://dl.acm.org/citation.cfm?id=2491411.2492407&coll=DL&dl=GUIDE&CFID=449793911&CFTOKEN=46643839 or http://dx.doi.org/10.1145/2491411.2492407 The use of diverse standards while developing web and mobile technologies brings new challenges when it comes to flexibility, interoperability, customizability and extensibility of the software systems. In addition, such systems in most of the cases are closed, thus make the development and customization process for system designers, developers and end-users a challenging effort. All these developments require further research attention. This work addresses these challenges from open system architecture perspective. The proposed approach is based on practical development efforts, and theoretical research including state of the art projects and definitions related to open architectures that we surveyed. The initial results indicate that a combination of service-oriented approaches with open source components and open standard data formats pave the way towards an open, extensible architecture. The core contribution of this research will be (a) an open architecture model and (b) the developed system itself based on the model, and (c) the benefits of applying open architecture approaches throughout the development processes. Keywords: Open architecture, customizability, evolvability, extensibility, flexibility, model, validation, web and mobile software

Galina M. Antonova , “Simulation of Information Flow on Transport Layer of Open System Interconnection-Model “ EUROSIM '13 Proceedings of the 2013 8th EUROSIM Congress on Modelling and Simulation September 2013 (Pages 567-572) (ID#:14-1412) Available at: http://dl.acm.org/citation.cfm?id=2547778.2547818&coll=DL&dl=GUIDE&CFID=449793911&CFTOKEN=46643839 or http://dx.doi.org/10.1109/EUROSIM.2013.100 Network protocols on transport layer of Open System Interconnection (OSI) model of data transmission solve very difficult problems for delivery all messages in necessary places at designated time. There are no accurate mathematical methods for searching of solution for different problems of optimization for dynamical network characteristics. Some problems may be successfully solved by means of modeling, simulation optimization and other methods of modern cybernetics. The dynamical character of network causes problem of sufficient traffic capacity of data transmission system and admissible time delay because of variable volume of information flow or variable channel load. Sometimes the quantity of users may be so large, that network operation system may give a refuse and a set of messages may be lost. It is very important task to test network for stability work in case of different kinds of noise both amplitude and a distribution density. The main goal of the paper is consideration of one of the numerous ways for preliminary testing of network work with taking into account its dynamical features. Keywords: Modeling, Monte-Carlo simulation, Information technologies, algorithm , Open Systems

Walt Scacchi, Thomas A. Alspaugh, “Processes in Securing Open Architecture Software Systems” Proceedings of the 2013 International Conference on Software and System Process May 2013 (Pages 126-135) (ID#:14-1413) Available at: http://dl.acm.org/citation.cfm?id=2486046.2486068&coll=DL&dl=GUIDE&CFID=449793911&CFTOKEN=46643839 or http://doi.acm.org/10.1145/2486046.2486068 Our goal is to identify and understand issues that arise in the development and evolution processes for securing open architecture (OA) software systems. OA software systems are those developed with a mix of closed source and open source software components that are configured via an explicit system architectural specification. Such a specification may serve as a reference model or product line model for a family of concurrently sustained OA system versions/variants. We employ a case study focusing on an OA software system whose security must be continually sustained throughout its ongoing development and evolution. We limit our focus to software processes surrounding the architectural design, continuous integration, release deployment, and evolution found in the OA system case study. We also focus on the role automated tools, software development support mechanisms, and development practices play in facilitating or constraining these processes through the case study. Our purpose is to identify issues that impinge on modeling (specification) and integration of these processes, and how automated tools mediate these processes, as emerging research problems areas for the software process research community. Finally, our study is informed by related research found in the prescriptive versus descriptive practice of these processes and tool usage in studies of conventional and open source software development projects. Keywords: Open architecture, configuration, continuous software development, process integration, process modeling, security

Igino Corona, Giorgio Giacinto, Fabio Roli, “Adversarial Attacks Against Intrusion Detection Systems: Taxonomy, Solutions And Open Issues” Information Sciences: an International Journal archive Volume 239, August, 2013 (Pages 201-225). (ID#:14-1414) Available at: http://dl.acm.org/citation.cfm?id=2479999.2480270&coll=DL&dl=GUIDE&CFID=449793911&CFTOKEN=46643839 or http://dx.doi.org/10.1016/j.ins.2013.03.022 Intrusion Detection Systems (IDSs) must be protected. This paper conducts a study of various attacks. Keywords: Adversarial environment, Computer security, Intrusion detection system, open systems

Yokote, Y.; Nagayama, T., "Dependability of open systems," Software Reliability Engineering Workshops (ISSREW), 2013 IEEE International Symposium on, vol., no., pp.25,35, 4-7 Nov. 2013. (ID#:14-1415) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6688859&isnumber=6688826 This presentation demonstrates an innovative way to build a target system maintaining its dependability in an open system environment, where the boundary of the target system is blurred in the sense that interaction with its surrounding environment is always altered due to several environmental changes such as business objectives, stakeholders' requirements, regulations, and performance requirements. What we call open systems is inherently providing such a nature, and recent IT systems particularly including cloud-based services are categorized in it. Keywords: cloud computing; open systems; software maintenance; software reliability; IT systems; business objectives; cloud-based services; dependability maintenance; open system dependability; performance requirements; Business; Databases; Educational institutions; Industries; Open systems; Safety; Standards

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.