Beyond One-Shot Security: Requirements-driven Run-time Security Adaptation to Reduce Code Patching (SecVolution@Run-time)

Antragsteller Professor Dr. Jan Jürjens; Professor Dr. Kurt Schneider
Fachliche Zuordnung Softwaretechnik und Programmiersprachen
Förderung Förderung von 2012 bis 2021
Projektkennung Deutsche Forschungsgemeinschaft (DFG) - Projektnummer 221328183


Motivation and Context: There is a lot of research on how to construct secure systems. However, changes in the system, environment, or knowledge about the system can compromise security.SecVolution I: The SecVolution approach developed in the first funding period supports secure software evolution at design-time by taking into account various informal and semi-formal sources of changes and deviations between system and knowledge. Natural-language parsing, heuristic identification of security-related changes, and knowledge-based mechanisms for restoring security at design-time were combined and evaluated. It turned out that some types of problems can indeed be fixed at the level of models and development artifacts.New Challenges: However, some challenges cannot be resolved at design-time:* Trade-offs between security and other requirements @ run-time: There are trade-offs, for example between security and usability: A fully secure system requires more precautions, making it less comfortable to use. All the necessary run-time information to resolve the conflict is available only when the system is executed.* Patching security @ run-time: Patching the system to restore security takes time, during which the system stays vulnerable, while turning off the system is often not feasible. * Reactive security @ run-time: In a highly dynamic and evolving system, not all feature interactions, new attacks, and security problems can be foreseen at design-time. When an attack or a problem occurs at run-time, the system should be able to react immediately: Either by selecting the most appropriate of the available security mechanisms, or by restricting a feature identified as vulnerable, or by referring the problem to the design-time mechanisms developed in SecVolution I.* Balancing technical solutions and expert involvement: A new attack may occur in the running system, but be very difficult to spot in static models or code. Socio-technical methods for enabling human experts to identify and share their relevant knowledge effectively and efficiently is essential.Research Vision for SecVolution@Run-Time: We extend the SecVolution approach to run-time, by considering the full spectrum of informal real-world input available at run-time; from user behavior, white hat security experts to formal code analysis. We search for recurring patterns of attacks or vulnerabilities.Key Contributions will include quality models parameterized with security aspects to allow instant adaptation; innovative use of media such as video for capturing new insights, and for conveying and illustrating knowledge in cases that require human involvement.Challenges to be Overcome: Achieving this vision is highly challenging: it requires taking informal sources seriously, while extending the scope of automatic and semi-automatic security adaptation for keeping a running system secure.Planned validation will include the Priority Programme's case-studies CoCoME and PPU.
DFG-Verfahren Schwerpunktprogramme
Teilprojekt zu SPP 1593:  Design for Future - Managed Software Evolution