SEAMS 2019
Sat 25 - Sun 26 May 2019 Montreal, QC, Canada
co-located with ICSE 2019
Sun 26 May 2019 11:00 - 11:25 at Duluth - Security Chair(s): David Garlan

As any software system, a self-adaptive system is subject to security threats. However, applying self-adaptation may introduce additional threats. So far, little research has been devoted to this important problem. In this paper, we propose an approach for vulnerability analysis of architecture-based adaptations in self-adaptive systems using threat modeling and analysis techniques. To this end, we specify components’ vulnerabilities and the system architecture formally and generate an attack model that describes the attacker’s strategies to attack the system when adaptation is applied by exploiting different vulnerabilities. We use a set of security metrics to quantitatively assess the security risks of adaptations based on the produced attack model which enables the system to consider security aspects while choosing an adaptation to apply to the system. We automate and incorporate our approach into the Rainbow framework, allowing for secure architectural adaptations at runtime.To evaluate the effectiveness of our approach, we apply it on a simple document storage system and on the ZNN system.

Sun 26 May

seams-2019-papers
11:00 - 12:30: SEAMS 2019 - Security at Duluth
Chair(s): David GarlanCarnegie Mellon University
seams-2019-papers11:00 - 11:25
Talk
Narges KhakpourLinnaeus University, Charilaos SkandylasLinnaeus University, Goran Saman NarimanUniversity of Human Development , Danny WeynsLinnaeus University, Sweden
seams-2019-papers11:25 - 11:50
Talk
Jessica JonesArizona State University, Jason HiserUniversity of Virginia, Jack DavidsonUniversity of Virginia, Stephanie ForrestArizona State University
seams-2019-papers11:50 - 12:10
Talk
Sotirios LiaskosYork University, Bo WangYork University, Nahid AlimohammadiYork University
seams-2019-papers12:10 - 12:30
Talk
Byron DevriesGrand Valley State University, Betty H.C. ChengMichigan State University