Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
survey

A Survey on Self-Adaptive Security for Large-scale Open Environments

Published: 09 October 2018 Publication History

Abstract

Contemporary software systems operate in heterogeneous, dynamic, and distributed environments, where security needs change at runtime. The security solutions for such systems need to be adaptive for the continuous satisfaction of the software systems’ security goals. Whilst the existing research on self-adaptive security has made notable advancement towards designing and engineering self-adaptive security solutions, there exists little work on the taxonomic analysis of the architectures of the reported research and its applicability for open and ultra-large environments. We propose an architecture-centric taxonomy for mapping and comparing the current research and identifying the future research directions in this field. The proposed taxonomy has been used to review the representative work on the architectural characteristics that self-adaptive security systems must maintain for their effective application in large-scale open environments. We reflect on the findings from the taxonomic analysis and discuss the design principles, research challenges and limitations reported in the state of the art and practice. We outline the directions for the future research on architectural level support for self-adaptive security systems for large-scale open environments.

Supplemental Material

ZIP File - a100-tziakouris-apndx.pdf
Supplemental movie, appendix, image and software files for, A Survey on Self-Adaptive Security for Large-scale Open Environments

References

[1]
Habtamu Abie and Ilangko Balasingham. 2012. Risk-based adaptive security for smart IoT in eHealth. In Proceedings of the 7th International Conference on Body Area Networks. 269--275.
[2]
Habtamu Abie, Reijo M. Savola, and Ilesh Dattani. 2009. Robust, secure, self-adaptive and resilient messaging middleware for business critical systems. In Proceedings of the Annual Conference on Future Computing, Service Computation, Cognitive, Adaptive, Content, Patterns (COMPUTATIONWORLD’09). IEEE. 153--160.
[3]
Raian Ali, Alberto Griggio, Anders Franzin, Fabiano Dalpiaz, and Paolo Giorgini. 2012. Optimizing monitoring requirements in self-adaptive systems. In Proceedings of the Enterprise, Business-Process and Information Systems Modeling. Springer, Berlin, 362--377.
[4]
Algirdas Avizienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr. 2004. Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Depend. Sec. Comput. 1, 1 (2004), 11--33.
[5]
Aliya Awais, Muddassar Farooq, and Muhammad Younus Javed. 2008. Attack analysis 8 bio-inspired security framework for IPMultimedia subsystem. In Proceedings of the 10th Annual Conference Companion on Genetic and Evolutionary Computation. 2093--2098.
[6]
Heiko Aydt, Stephen John Turner, Wentong Cai, and Malcolm Yoke Hean Low. 2009. Research issues in symbiotic simulation. In Proceedings of the Winter Simulation Conference. 1213--1222.
[7]
Christopher Bailey, David W. Chadwick, and Rogerio De Lemos. 2011. Self-adaptive authorization framework for policy based RBAC/ABAC models. In Proceedings of the 9th IEEE Conference on Dependable, Autonomic and Secure Computing. IEEE, 182--196.
[8]
Luciano Baresi and Sam Guinea. 2005. Towards dynamic monitoring of WS-BPEL processes. In Proceedings of the International Conference on Service-Oriented Computing. Springer, Berlin, 269--282.
[9]
Yuriy Brun and Nenad Medvidovic. 2007. An architectural style for solving computationally intensive problems on large networks. In Proceedings of Software Engineering for Adaptive and Self-Managing Systems. 26--27.
[10]
Rajkumar Buyya, Chee Shin Yeo, and Srikumar Venugopal. 2008. Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities. In Proceedings of the High Performance Computing and Communications, 2008 (HPCC’08). IEEE, 5--13.
[11]
Michael Carney and Brian Loe. 1998. A comparison of methods for implementing adaptive security policies. In Proceedings of the 7th USENIX Security Symposium. 1--14.
[12]
Curtis Carver, John M. D. Hill, John R. Surdu, and Udo W. Pooch. 2000. A methodology for using intelligent agents to provide automated intrusion response. In Proceedings of the IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop. 110--116.
[13]
Chunxiao Chigan, Leiyuan Li, and Yinghua Ye. 2005. Resource-aware self-adaptive security provisioning in mobile ad hoc networks. In Proceedings of the IEEE Wireless Communications and Networking Conference, vol. 4. 2118--2124.
[14]
Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Usenix Security Conference, vol. 98. 63--78.
[15]
Yevgeniy Dodis, Amit Sahai, and Adam Smith. 2001. On perfect and adaptive security in exposure-resilient cryptography. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, 301--324.
[16]
Falko Dressler. 2005. Bio-inspired mechanisms for efficient and adaptive network security mechanisms. In Proceedings of the Dagstuhl Seminar. Schloss Dagstuhl-Leibniz-Zentrum for Informatik.
[17]
Juan Du, Nidhi Shah, and Xiaohui Gu. 2011. Adaptive data-driven service integrity attestation for multi-tenant cloud systems. In Proceedings of the 19th International Workshop on Quality of Service. IEEE, 29.
[18]
Ahmed Elkhodary and Jon Whittle. 2007. A survey of approaches to adaptive application security. In Proceedings of the 2007 International Workshop on Software Engineering for Adaptive and Self-Managing Systems. 16.
[19]
Ahmed Elkhodary, Naeem Esfahani, and Sam Malek. 2010. FUSION: A framework for engineering self-tuning self-adaptive software systems. In Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 7--16.
[20]
Antti Evesti and Eila Ovaska. 2013. Comparison of adaptive information security approaches. ISRN Artificial Intelligence, vol. 2013. 18.
[21]
Antti Evesti, Jani Suomalainen, and Eila Ovaska. 2013. Architecture and knowledge-driven self-adaptive security in smart space. Computers 2, 1 (2013), 34--66.
[22]
Dewan Md Farid and Mohammad Zahidur Rahman. 2010. Anomaly network intrusion detection based on improved self adaptive bayesian algorithm. J. Comput. 5, 1 (2010), 23--31.
[23]
Bingrui Foo, Yu-Sung Wu, Yu-Chun Mao, Saurabh Bagchi, and Eugene Spafford. 2005. ADEPTS: Adaptive intrusion response using attack graphs in an e-commerce environment. In Proceedings of the International Conference on Dependable Systems and Networks (DSN’05). IEEE, 508--517.
[24]
Yun Fu, Jeffrey Chase, Brent Chun, Stephen Schwab, and Amin Vahdat. 2003. SHARP: An architecture for secure resource peering. ACM SIGOPS Operat. Syst. Rev. 37, 5 (2003), 133--148.
[25]
David Garlan and Bradley Schmerl. 2002. Model-based adaptation for self-healing systems. In Proceedings of the 1st Workshop on Self-healing Systems. ACM, 27--32.
[26]
John C. Georgas, Andr van der Hoek, and Richard N. Taylor. 2005. Architectural runtime configuration management in support of dependable self-adaptive software. ACM SIGSOFT Softw. Eng. Not. 30, 4 (2005), 1--6.
[27]
Ioannis Georgiadis, Jeff Magee, and Jeff Kramer. 2002. Self-organising software architectures for distributed systems. In Proceedings of the 1st Workshop on Self-healing Systems. ACM, 33--38.
[28]
Debanjan Ghosh, Raj Sharman, H. Raghav Rao, and Shambhu Upadhyaya. 2007. Self-healing systems survey and synthesis. Decision Support Syst. 42, 4 (2007), 2164--2185.
[29]
Heather J. Goldsby, Pete Sawyer, Nelly Bencomo, Betty H. C. Cheng, and Danny Hughes. 2008. Goal-based modeling of dynamically adaptive system requirements. In Proceedings of the Engineering of Computer Based Systems. IEEE, 36--45.
[30]
Paul K. Harmer, Paul D. Williams, Gregg H. Gunsch, and Gary B. Lamont. 2002. An artificial immune system architecture for computer security applications. IEEE Trans. Evol. Comput. 6, 3 (2002), 252--280.
[31]
Razouki Hassan and Hair Abdellatif. 2014. Self-adaptive security for mobiles agents. Int. J. Comput. Appl. 94, 13 (2014), 24--29.
[32]
Meng-Yen Hsieh, Yueh-Min Huang, and Han-Chieh Chao. 2007. Adaptive security design with malicious node detection in cluster-based sensor networks. In Proceedings of the Computer Communications, no. 11. 2385--2400.
[33]
Markus C. Huebscher and Julie A. McCann. 2008. A survey of autonomic computing degrees, models, and applications. ACM Comput. Surv. 40, 3 (2008), 7.
[34]
David Irwin, Jeffrey Chase, Laura Grit, Aydan Yumerefendi, David Becker, and Ken Yocum. 2006. Sharing Networked Resources with Brokered Leases. In Proceedings of the USENIX Annual Technical Conference. 199--212.
[35]
Youngmin Jung and Mokdong Chung. 2010. Adaptive security management model in the cloud computing environment. In Proceedings of the 12th International Conference on Advanced Communication Technology. 1664--1669.
[36]
Jiejun Kong, Haiyun Luo, Kaixin Xu, Daniel Lihui Gu, Mario Gerla, and Songwu Lu. 2002. Adaptive security for multilevel ad hoc networks. In Proceedings of the Wireless Communications and Mobile Computing, no. 5. 533--547.
[37]
Vadim Kotov. 1997. Systems of systems as communicating structures. Hewlett Packard Laboratories.
[38]
Satoshi Kurosawa, Hidehisa Nakayama, Nei Kato, Abbas Jamalipour, and Yoshiaki Nemoto. 2005. A self-adaptive intrusion detection method for AODV-based mobile ad hoc networks. In Proceedings of the IEEE International Conference on Mobile Adhoc and Sensor Systems. 773--780.
[39]
Bo-Luen Lai and Long-Wen Chang. 2006. Adaptive data hiding for images based on harr discrete wavelet transform. In Proceedings of the Pacific-Rim Symposium on Image and Video Technology. Springer, Berlin, 1085--1093.
[40]
Kevin Lai, Lars Rasmusson, Eytan Adar, Li Zhang, and Bernardo A. Huberman. 2005. Tycoon: An implementation of a distributed, market-based resource allocation system. Multiagent Grid Syst. 1, 3 (2005), 169--182.
[41]
Emmanuel Letier and Axel Van Lamsweerde. 2004. Reasoning about partial goal satisfaction for requirements and design engineering. In Proceedings of the ACM SIGSOFT Software Engineering Notes, vol. 29, no. 6. 53--62.
[42]
Jianxin Li, Bo Li, Tianyu Wo, Chunming Hu, Jinpeng Huai, Lu Liu, and K. P. Lam. 2012. CyberGuarder: A virtualization security assurance architecture for green cloud computing. Fut. Generation Comput. Syst. 28, 2 (2012), 379--390.
[43]
Michael E. Locasto, Ke Wang, Angelos D. Keromytis, and Salvatore J. Stolfo. 2005. Flips: Hybrid adaptive intrusion prevention. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer, Berlin, 82--101.
[44]
Shunan Ma and Yazhe Wang. 2013. Self-adaptive access control model based on feedback loop. In Proceedings of the Cloud Computing and Big Data. IEEE. 597--602.
[45]
Steven Mazur, Erik Blasch, Yu Chen, and Victor Skormin. 2011. Mitigating cloud computing security risks using a self-monitoring defensive scheme. In Proceedings of the 2011 IEEE National Aerospace and Electronics Conference (NAECON’11). IEEE, 39--45.
[46]
Julie A. McCann, Rogerio De Lemos, Markus Huebscher, Omer F. Rana, and Andreas Wombacher. 2006. Can self-managed systems be trusted? Some views and trends. Knowl. Eng. Rev. 21, 3 (2006), 239--248.
[47]
Harald Psaier, Lukasz Juszczyk, Florian Skopik, Daniel Schall, and Schahram Dustdar. 2011. Runtime behaviour monitoring and self-adaptation in service-oriented systems. In Proceedings of the Socially Enhanced Services Computing. Springer Vienna, 117--138.
[48]
Paul Robertson and Robert Laddaga. 2012. Adaptive security and trust. In Proceedings of the Self-Adaptive and Self-Organizing Systems Workshop. 55--60.
[49]
Paul Ruth, Junghwan Rhee, Dongyan Xu, Rick Kennell, and Sebastien Goasguen. 2006. Autonomic live adaptation of virtual computational environments in a multi-domain infrastructure. In Proceedings of the International Conference on Autonomic Computing. IEEE, 5--14.
[50]
El Safy, Hala Zayed, and El Dessouki. 2009. An adaptive steganographic technique based on integer wavelet transform. In Proceedings of the Networking and Media Convergence. 111--117.
[51]
Mazeiar Salehie and Ladan Tahvildari. 2009. Self-adaptive software: Landscape and research challenges. ACM Trans. Auton. Adapt. Syst. 4, 2 (2009), 14.
[52]
Mazeiar Salehie, Liliana Pasquale, Inah Omoronyia, Raian Ali, and Bashar Nuseibeh. 2012. Requirements-driven adaptive security: Protecting variable assets at runtime. In Proceedings of the 20th IEEE International Requirements Engineering Conference. 111--120.
[53]
Anshuman Saxena, Marc Lacoste, Tahar Jarboui, Ulf Lucking, and Bernd Steinke. 2007. A software framework for autonomic security in pervasive environments. In Proceedings of the International Conference on Information Systems Security. Springer, Berlin, 91--109.
[54]
Phyllis Schneck and Karsten Schwan. 1998. Dynamic authentication for high-performance networked applications. In Proceedings of the Quality of Service. IEEE, 127--136.
[55]
Howard Shrobe, Robert Laddaga, Bob Balzer, Neil Goldman, Dave Wile, Marcelo Tallis, Tim Hollebeek, and Alexander Egyed. 2007. Self-Adaptive systems for information survivability: PMOP and AWDRAT. In Proceedings of the First International Conference on Self-Adaptive and Self-Organizing Systems (SASO’07). IEEE, 332--335.
[56]
Johanneke Siljee, Ivor Bosloper, Jos Nijhuis, and Dieter Hammer. 2005. DySOA: Making service systems self-adaptive. In Proceedings of the International Conference on Service-Oriented Computing. Springer, Berlin, 255--268.
[57]
Sang Hyuk Son, Robert Zimmerman, and Jurgen Hansson. 2000. An adaptable security manager for real-time transactions. In Proceedings of the Real-Time Systems. IEEE, 63--70.
[58]
Anna Cinzia Squicciarini, Giuseppe Petracca, and Elisa Bertino. 2013. Adaptive data protection in distributed systems. In Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy. 365--376.
[59]
Gianni Tedesco and Uwe Aickelin. 2006. An immune inspired network intrusion detection system utilising correlation context. arXiv preprint arXiv:0910.3124.
[60]
Alessandra Toninelli, Rebecca Montanari, Lalana Kagal, and Ora Lassila. 2006. A semantic context-aware access control framework for secure collaborations in pervasive computing environments. In Proceedings of the International Semantic Web Conference. Springer, Berlin, 473--486.
[61]
Christos Tsigkanos, Liliana Pasquale, Claudio Menghi, Carlo Ghezzi, and Bashar Nuseibeh. 2014. Engineering topology aware adaptive security: Preventing requirements violations at runtime. In Proceedings of the IEEE 22nd International Requirements Engineering Conference (RE’14). 203--212.
[62]
Giannis Tziakouris, Carlos Joseph Mera Gomez, and Rami Bahsoon. 2014. Securing cloud users at runtime via a market mechanism: A case for federated identity. In Proceedings of the High Performance Computing and Communications Conference. IEEE, 221--228.
[63]
Giannis Tziakouris. 2017. Economics-Driven Approach Self-Securing Assetx in the Cloud. Ph.D. thesis, University of Birmingham, United Kingdom.
[64]
Ramkumar M. Venkatesan and Sourav Bhattacharya. 1997. Threat-adaptive security policy. In Proceedings of the Performance, Computing, and Communications Conference (IPCCC’97). IEEE. 525--531.
[65]
Chong Wang and Jing-you Chen. 2014. Implementation of GRE over IPsec VPN enterprise network based on Cisco packet tracer. In Proceedings of the 2nd International Conference on Soft Computing in Information Communication Technology. Atlantis Press.
[66]
Yiqiao Wang, Sheila A. Mcilraith, Yijun Yu, and John Mylopoulos. 2009. Monitoring and diagnosing software requirements. Automat. Softw. Eng. 16, 1 (2009), 3--35.
[67]
Jon Whittle, Pete Sawyer, Nelly Bencomo, Betty H. C. Cheng, and Jean-Michel Bruel. 2009. Relax: Incorporating uncertainty into the specification of self-adaptive systems. In Proceedings of the International Requirements Engineering Conference. IEEE, 79--88.
[68]
Jia Xu, Jia Yan, Liang He, Purui Su, and Dengguo Feng. 2010. CloudSEC: A cloud architecture for composing collaborative security services. In Proceedings of the Cloud Computing Technology and Science. IEEE, 703--711.
[69]
Chan Gaik Yee, Wong Hui Shin, and G. S. Rao. 2007. An adaptive intrusion detection and prevention (ID/IP) framework for web services. In Proceedings of the Convergence Information Technology. IEEE, 528--534.
[70]
Eric Yuan and Sam Malek. 2012. A taxonomy and survey of self-protecting software systems. In Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems. IEEE, 109--118.
[71]
Eric Yuan, Naeem Esfahani, and Sam Malek. 2014. A systematic survey of self-protecting software systems. ACM Trans. Auton. Adapt. Syst. 8, 4 (2014), 17.
[72]
Jun Zou, Kaining Lu, and Zhigang Jin. 2002. Architecture and fuzzy adaptive security algorithm in intelligent firewall. In Proceedings of the Military Communications Conference (MILCOM’02). vol. 2. IEEE, 1145--1149.

Cited By

View all
  • (2025)A Review on Secure Authentication Mechanisms for Mobile SecuritySensors10.3390/s2503070025:3(700)Online publication date: 24-Jan-2025
  • (2024)Deep-Reinforcement-Learning-Based Self-Evolving Moving Target Defense Approach Against Unknown AttacksIEEE Internet of Things Journal10.1109/JIOT.2024.342302211:20(33027-33039)Online publication date: 15-Oct-2024
  • (2024)On Achieving Cyber Resilience in Digitalized Rail Transit Control Systems2024 International Conference on Information and Communication Technologies for Disaster Management (ICT-DM)10.1109/ICT-DM62768.2024.10798948(1-7)Online publication date: 19-Nov-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys
ACM Computing Surveys  Volume 51, Issue 5
September 2019
791 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3271482
  • Editor:
  • Sartaj Sahni
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 October 2018
Accepted: 01 June 2018
Revised: 01 May 2018
Received: 01 October 2016
Published in CSUR Volume 51, Issue 5

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Self-adaptive systems
  2. ultra-large environments

Qualifiers

  • Survey
  • Research
  • Refereed

Data Availability

a100-tziakouris-apndx.pdf: Supplemental movie, appendix, image and software files for, A Survey on Self-Adaptive Security for Large-scale Open Environments https://dl.acm.org/doi/10.1145/3234148#tziakouris.zip

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)53
  • Downloads (Last 6 weeks)5
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)A Review on Secure Authentication Mechanisms for Mobile SecuritySensors10.3390/s2503070025:3(700)Online publication date: 24-Jan-2025
  • (2024)Deep-Reinforcement-Learning-Based Self-Evolving Moving Target Defense Approach Against Unknown AttacksIEEE Internet of Things Journal10.1109/JIOT.2024.342302211:20(33027-33039)Online publication date: 15-Oct-2024
  • (2024)On Achieving Cyber Resilience in Digitalized Rail Transit Control Systems2024 International Conference on Information and Communication Technologies for Disaster Management (ICT-DM)10.1109/ICT-DM62768.2024.10798948(1-7)Online publication date: 19-Nov-2024
  • (2024)Comprehensive systematic review of intelligent approaches in UAV-based intrusion detection, blockchain, and network securityComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2023.110140239:COnline publication date: 12-Apr-2024
  • (2023)Design and Analysis of Self-protection: Adaptive Security for Software-Intensive Systemsundefined10.15626/LUD.497.2023Online publication date: 18-Aug-2023
  • (2022)ASSERT: A Blockchain-Based Architectural Approach for Engineering Secure Self-Adaptive IoT SystemsSensors10.3390/s2218684222:18(6842)Online publication date: 9-Sep-2022
  • (2021)Toward a Self-Adaptive Cyberdefense Framework in OrganizationSage Open10.1177/215824402098885511:1Online publication date: 23-Jan-2021
  • (2021)Threat modeling at run time: the case for reflective and adaptive threat management (NIER track)2021 International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)10.1109/SEAMS51251.2021.00034(203-209)Online publication date: May-2021
  • (2020)Guardauto: A Decentralized Runtime Protection System for Autonomous DrivingIEEE Transactions on Computers10.1109/TC.2020.3018329(1-1)Online publication date: 2020
  • (2020)RUEGAN: Embracing a Self-Adversarial Agent for Building a Defensible Edge Security ArchitectureIEEE INFOCOM 2020 - IEEE Conference on Computer Communications10.1109/INFOCOM41043.2020.9155501(904-913)Online publication date: 6-Jul-2020
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media