Modeling for the Design of Adaptive Systems

Abstract

A monitoring and response system (MRS) is a security mechanism intended to help protect an underlying system from attack, or to help identify and reverse compromises when they occur. While an MRS attempts to discover potential threats, which other security mechanisms may not detect, the MRS may have vulnerabilities of its own which go undiscovered. Alternatively, if an adversary can coax a component to provide misleading or distracting information, the MRS may lead security administrators to miss an attack facilitating an adversarys work. The purpose of this report is to summarize a substantial line of work intended to develop principles for analyzing and appraising an MRS either after implementation or during the design stage. In particular, this line of work consists of three separate areas: a grammar-based model for MRS, a graph-based model for MRS, and building assurance cases for MRS. First, we explored how to specify an MRS based on an inventory of the components it comprises; these we specified as a datatype by a context-free grammar. We found that this type of a catalog, while informative, did not emphasize the structure that would allow us to analyze whether its components were performing in a way required by the security architecture of the MRS. This motivated us to reinterpret the MRS descriptions as directed graphs where arrows flow in the same direction as information through the MRS. The derived graph structure bounds the ways that events can have causal effects on the different components of the MRS. We then explored using assurance cases to understand the component-level structure of an MRS since they are a piece of careful informal reasoning that aims to identify the important causal processes that may cause an MRS to fail to meet its security goals. To argue that an MRS resists adverse consequences, it must propose specific responsibilities for components at successive levels of decomposition.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 01, 2021
Accession Number
AD1146445

Entities

People

  • Brian M. Vohaska
  • Cervando A. Ii Banuelos
  • Devon P. Ellis
  • Dirk C. Van Bruggen
  • Joshua D. Guttman
  • Kelley W. Burgin
  • Mike Cheuvront
  • Paul D. Rowe
  • Peter A. Loscocco

Organizations

  • MITRE Corporation
  • National Security Agency

Tags

Communities of Interest

  • C4I
  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Air Force
  • Anti-Virus Software
  • Computer Programs
  • Computers
  • Control Systems
  • Cybersecurity
  • Detection
  • Information Processing
  • Information Systems
  • Intrusion Detection
  • Intrusion Detectors
  • Language
  • Malware
  • Multiagent Systems
  • Software Design
  • Software Development
  • Systems Engineering

Fields of Study

  • Computer science

Readers

  • Artificial Intelligence
  • Military History
  • Systems Analysis and Design