Engineering topology aware adaptive security: preventing requirements violations at runtime

Tsigkanos, Christos; Pasquale, Liliana; Menghi, Claudio; Ghezzi, Carlo and Nuseibeh, Bashar (2014). Engineering topology aware adaptive security: preventing requirements violations at runtime. In: 2014 IEEE 22nd International Requirements Engineering Conference (RE): Proceedings, Institute of Electrical and Electronics Engineers, pp. 203–212.

DOI: https://doi.org/10.1109/RE.2014.6912262

Abstract

Adaptive security systems aim to protect critical assets in the face of changes in their operational environment. We have argued that incorporating an explicit representation of the environment’s topology enables reasoning on the location of assets being protected and the proximity of potentially harmful agents. This paper proposes to engineer topology aware adaptive security systems by identifying violations of security requirementsthat may be caused by topological changes, and selecting a setof security controls that prevent such violations. Our approach focuses on physical topologies; it maintains at runtime a live representation of the topology which is updated when assets or agents move, or when the structure of the physical space is altered. When the topology changes, we look ahead at a subset of the future system states. These states are reachable when the agents move within the physical space. If security requirements can be violated in future system states, a configuration of security controls is proactively applied to prevent the system from reaching those states. Thus, the system continuously adapts to topological stimuli, while maintaining requirements satisfaction. Security requirements are formally expressed using a propositional temporal logic, encoding spatial properties in Computation Tree Logic (CTL). The Ambient Calculus is used to represent the topology of the operational environment - including location of assets and agents - as well as to identify future system states that are reachable from the current one. The approach is demonstrated and evaluated using a substantive example concerned with physical access control.

Viewing alternatives

Metrics

Item Actions

Export

You can export this page using these formats Digital Object Identifier - DOI

About

• Item ORO ID
• 41170
• Item Type
• Conference or Workshop Item
• ISBN
• 1-4799-3031-8, 978-1-4799-3031-9
• Academic Unit or School
• Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
  Faculty of Science, Technology, Engineering and Mathematics (STEM)
• Research Group
• Centre for Research in Computing (CRC)
  International Development & Inclusive Innovation
• Copyright Holders
• © 2014 by the Institute of Electrical and Electronics Engineers
• Depositing User
• Danielle Lilly