Engineering Self-protection for Autonomous Systems

  • Manuel Koch
  • Karl Pauls
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3922)


Security violations occur in systems even if security design is carried out or security tools are deployed. Social engineering attacks, vulnerabilities that can not be captured in the relatively abstract design model (as buffer-overflows), or unclear security requirements are only some examples of such unpredictable or unexpected vulnerabilities. One of the aims of autonomous systems is to react to these unexpected events through the system itself. Subsequently, this goal demands further research about how such behavior can be designed and sufficiently supported throughout the software development process. We present an approach to engineer self-protection rules for autonomous systems that is integrated into a model-driven software engineering process and provides concepts to formally verify that a given intrusion response model satisfies certain security requirements.


  1. 1.
    Ahn, G.-J., Sandhu, R.: Role-Based Authorization Constraints Specification. ACM Transactions on Information and System Security 3(4), 207–226, 200Google Scholar
  2. 2.
    Baresi, L., Ghezzi, C., Guinea, S.: Towards Self-healing Compositions of Services. In: Proc. of PRISE 2004, First Conference on PRInciples of Software Engineering, pp. 11–20 (2004)Google Scholar
  3. 3.
    Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: from UML Models to Access Control Infrastructures. Journal of ACM Transactions on Software Engineering and Methodology (2005)Google Scholar
  4. 4.
    Ehrig, H., Prange, U., Taentzer, G.: Fundamental theory for typed attributed graph transformation. In: Ehrig, H., Engels, G., Parisi-Presicce, F., Rozenberg, G. (eds.) ICGT 2004. LNCS, vol. 3256, pp. 161–177. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Frankel, D.S.: Model Driven Architecture: Applying MDA to Enterprise Computing. John Wiley and Sons, Chichester (2003)Google Scholar
  6. 6.
    Horn, P.: Autonomic computing: IBM perspective on the state of information technology. Technical report, IBM T.J. Watson Labs (October 2001)Google Scholar
  7. 7.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)MATHGoogle Scholar
  8. 8.
    Koch, M., Parisi-Presicce, F.: Access Control Policy Specification in UML. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 63–78. Springer, Heidelberg (2002)Google Scholar
  9. 9.
    Koch, M., Pauls, K.: Generation of Role-based Access Control Requirements from UML Diagrams. In: Proc. of SREIS 2005, Symposium on Requirements Engineering for Information Security (2005)Google Scholar
  10. 10.
    Mead, N.R., Stehney, T.: Security Quality Requirements Engineering (SQUARE) Methodology. In: Proc. of Software Engineering for Secure Systems (SESS 2005) (2005)Google Scholar
  11. 11.
    OASIS. XACML 1.1 Specification (August 2003)Google Scholar
  12. 12.
    Interactive Objects. Arcstyler (2005),
  13. 13.
    OMG. OCL 2.0 Specification, Version 2.0 OMG (2005)Google Scholar
  14. 14.
    Pillai, M.M.: An approach to implement a network intrusion detection system using genetic algorithms. In: SAICSIT 2004: Proceedings of the 2004 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries. Republic of South Africa, pp. 221–221. South African Institute for Computer Scientists and Information Technologists (2004)Google Scholar
  15. 15.
    Plump, D.: Hypergraph Rewriting: Critical Pairs and Undecidability of Confluence. In: Sleep, M., Plasmeijer, M., van Eekelen, M.C. (eds.) Term Graph Rewriting, pp. 201–214. Wiley, Chichester (1993)Google Scholar
  16. 16.
    Priebe, T., Dobmeier, W., Muschall, B., Pernul, G.: ABAC – Ein Referenzmodell für attributbasierte Zugriffskontrolle. In: Proc. of Sicherheit 2005. Lecture Notes in Informatics GI–Edition, pp. 285–296 (2005)Google Scholar
  17. 17.
    Rozenberg, G.: Handbook of Graph Grammars and Computing by Graph Transformation. Foundations, vol. 1. World Scientific, Singapore (1997)CrossRefGoogle Scholar
  18. 18.
    Sterritt, R.: Autonomic computing. Innovations in Systems and Software Engineering - A NASA Journal 1(1) (2005)Google Scholar
  19. 19.
    Stillerman, M., Marceau, C., Stillman, M.: Intrusion Detection for Distributed Applications. Communications of the ACM 42(7), 62–69 (1999)CrossRefGoogle Scholar
  20. 20.
    Taentzer, G., Ermel, C., Rudolf, M.: Handbook of Graph Grammars and Computing by Graph Transformation. In: The AGG Approach: Language and Tool Environment, vol. 2, World Scientific, Singapore (1999)Google Scholar
  21. 21.
    Vigna, G., Valeur, F., Kemmerer, R.A.: Designing and implementing a family of intrusion detection systems. In: ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering, pp. 88–97. ACM Press, New York (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Manuel Koch
    • 1
  • Karl Pauls
    • 1
  1. 1.Institut für InformatikFreie Universität BerlinBerlinGermany

Personalised recommendations