A taxonomy and survey of self-protecting software systems

Abstract

Self-protecting software systems are a class of autonomic systems capable of detecting and mitigating security threats at runtime. They are growing in importance, as the stovepipe static methods of securing software systems have shown inadequate for the challenges posed by modern software systems. While existing research has made significant progress towards autonomic and adaptive security, gaps and challenges remain. In this paper, we report on an extensive study and analysis of the literature in this area. The crux of our contribution is a comprehensive taxonomy to classify and characterize research efforts in this arena. We also describe our experiences with applying the taxonomy to numerous existing approaches. This has shed light on several challenging issues and resulted in interesting observations that could guide the future research.