Autonomic Defense of Distributed Information Security in Dynamic and Adversarial Environments

Abstract

The security and robustness of software systems is essential for modern information infrastructures, such as those underlying Navy#s mission successes. These systems often run in a distributed, dynamic, and adversarial environment, where diverse and evolving security attacks make information assurance a daunting task. Given this nature of the environment, a human-­in-­the-­loop assurance solution, which commonly characterizes the paradigm of existing approaches, would not scale. Yet without human intervention or guidance,current approaches may not sustain their capa­bilities against the evolution of the environment# in addition, they are generally not designed with adversarial robustness in mind, while suffering from scalability issues with industry-­scale systems. This project aims to address the problem of securing run­time information flow in industry-­scale distributed software systems, a fundamental facet in assuring modern information infrastructures. The central objective is to develop an autonomic defense framework for distributedinformation security assurance that instantiates a novel paradigm and methodology of dynamic analysis, which is underlain by a new conceptual foundation of self-­adaptive program analysis while guided by dual, collaborative reinforcement learning processes. Accordingly, we propose multiple innovative approaches summarized below. The conceptual foundation is realized through an environment harvesting infrastructure that enables the separation of core analysis algorithms from the provisioning of data required by the analysis, hence a learnable control of analysis cost­-effectiveness through built­-in cost-­benefit modeling. Empowered by this establishedinfrastructure, a reinforcement dynamic information flow analysis will be developed to achieve and maintain scalability and optimalcost­-effectiveness with respect to a given resource budget (e.g., a time cost upper bound) by self­-adapting its algorithm (through analysis configuration learning and effectuation) to the dynamic environment. Then, leveraging the results of this novel information flow analysis, a deep reinforcement learning guided process will continuously detect information flow vulnerabilities exercised in the system execution and adversarial attacks in the environment, and respond by enforcing respective countermeasures. A new information flow security representation, referred to as information flow health profile, is introduced to model the security state of thesystem, which transforms the autonomic detection­-countermeasure loop of our framework to a deep reinforcement adaptation problem. The capability of the new dynamic information flow analysis in computing and updating this state on the fly with respect to a specified budget will essentially provide a guarantee of timely responses to both explicit attacks (e.g., denial of service) and latent attacks exploiting the information flow vulnerabilities.These innovations will bring significant new knowledge and insights about run­time information assurance, as key research outcomes of this project. Such outcomes will have immediate impacts on cybersecurity research and practice. As the strength and robustness of Navy#s mission capabilities rely on information flow security of the distributed software systems in its cyberspace, this work has strong relevance to Navy#s future mission successes. The central theme of autonomic defense of information security also well fits the main directions of Navy#s basic research programs.Keywords: autonomic defense, information security, dynamic environment, adversarial attacks, vulnerabilities, distributed execution, self-­adaptation, dual reinforcement learning

Document Details

Document Type

DoD Grant Award

Publication Date

Apr 10, 2025

Source ID

N000142512252

Entities

Tags