{"title":"评估基于变化影响的适应","authors":"Sharmin Jahan, Ian Riley, R. Gamble","doi":"10.1109/ACSOS49614.2020.00025","DOIUrl":null,"url":null,"abstract":"When a self-adaptive system alters its functionality to operate in a dynamic environment, it may impact whether the system can remain in compliance with its security requirements. Security assurance cases (SACs) provide confidence in system compliance by expressing security requirements as claims, arguments grounded in deployed mechanisms, and techniques that assure their satisfiability. A security control network (SCN) is comprised of SACs connected through sharing of state variables and conditions that support neighboring claims, as well as shared mechanisms and techniques. When a security mechanism is affected by an adaptation, the effect can propagate across the SCN. A dynamic change impact assessment (CIA) is necessary to select the least impactful adaptation plan from the set of possible plans. Performing a procedural CIA at runtime can be used to maintain system confidence after an adaptation has been applied, yet it remains a significant research challenge. In this paper, we estimate the change impact of an adaptation based on the level influence of the affected nodes in the SCN. The influence of each node is determined by a dependency weight, which is a function of the node’s three centrality measures from network flow analysis: degree, betweenness, and closeness. We demonstrate the applicability of the approach towards providing a dynamic CIA for security requirements without the need for human intervention.","PeriodicalId":310362,"journal":{"name":"2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Assessing Adaptations based on Change Impacts\",\"authors\":\"Sharmin Jahan, Ian Riley, R. Gamble\",\"doi\":\"10.1109/ACSOS49614.2020.00025\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"When a self-adaptive system alters its functionality to operate in a dynamic environment, it may impact whether the system can remain in compliance with its security requirements. Security assurance cases (SACs) provide confidence in system compliance by expressing security requirements as claims, arguments grounded in deployed mechanisms, and techniques that assure their satisfiability. A security control network (SCN) is comprised of SACs connected through sharing of state variables and conditions that support neighboring claims, as well as shared mechanisms and techniques. When a security mechanism is affected by an adaptation, the effect can propagate across the SCN. A dynamic change impact assessment (CIA) is necessary to select the least impactful adaptation plan from the set of possible plans. Performing a procedural CIA at runtime can be used to maintain system confidence after an adaptation has been applied, yet it remains a significant research challenge. In this paper, we estimate the change impact of an adaptation based on the level influence of the affected nodes in the SCN. The influence of each node is determined by a dependency weight, which is a function of the node’s three centrality measures from network flow analysis: degree, betweenness, and closeness. We demonstrate the applicability of the approach towards providing a dynamic CIA for security requirements without the need for human intervention.\",\"PeriodicalId\":310362,\"journal\":{\"name\":\"2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS)\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ACSOS49614.2020.00025\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACSOS49614.2020.00025","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
When a self-adaptive system alters its functionality to operate in a dynamic environment, it may impact whether the system can remain in compliance with its security requirements. Security assurance cases (SACs) provide confidence in system compliance by expressing security requirements as claims, arguments grounded in deployed mechanisms, and techniques that assure their satisfiability. A security control network (SCN) is comprised of SACs connected through sharing of state variables and conditions that support neighboring claims, as well as shared mechanisms and techniques. When a security mechanism is affected by an adaptation, the effect can propagate across the SCN. A dynamic change impact assessment (CIA) is necessary to select the least impactful adaptation plan from the set of possible plans. Performing a procedural CIA at runtime can be used to maintain system confidence after an adaptation has been applied, yet it remains a significant research challenge. In this paper, we estimate the change impact of an adaptation based on the level influence of the affected nodes in the SCN. The influence of each node is determined by a dependency weight, which is a function of the node’s three centrality measures from network flow analysis: degree, betweenness, and closeness. We demonstrate the applicability of the approach towards providing a dynamic CIA for security requirements without the need for human intervention.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
