Skip to main content

Engineering Secure Self-Adaptive Systems with Bayesian Games

  • 1559 Accesses

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 12649)

Abstract

Security attacks present unique challenges to self-adaptive system design due to the adversarial nature of the environment. Game theory approaches have been explored in security to model malicious behaviors and design reliable defense for the system in a mathematically grounded manner. However, modeling the system as a single player, as done in prior works, is insufficient for the system under partial compromise and for the design of fine-grained defensive strategies where the rest of the system with autonomy can cooperate to mitigate the impact of attacks. To deal with such issues, we propose a new self-adaptive framework incorporating Bayesian game theory and model the defender (i.e., the system) at the granularity of components. Under security attacks, the architecture model of the system is translated into a Bayesian multi-player game, where each component is explicitly modeled as an independent player while security attacks are encoded as variant types for the components. The optimal defensive strategy for the system is dynamically computed by solving the pure equilibrium (i.e., adaptation response) to achieve the best possible system utility, improving the resiliency of the system against security attacks. We illustrate our approach using an example involving load balancing and a case study on inter-domain routing.

References

  1. Web server and its types of attacks. https://www.greycampus.com/opencampus/ethical-hacking/web-server-and-its-types-of-attacks. Accessed: 2010-09-30.

  2. Y. Al-Nashif, A. A. Kumar, S. Hariri, Y. Luo, F. Szidarovsky, and G. Qu. Multi-level intrusion detection system (ml-ids). In 2008 International Conference on Autonomic Computing, pages 131–140, 2008.

    Google Scholar 

  3. Ofra Amir, Guni Sharon, and Roni Stern. Multi-agent pathfinding as a combinatorial auction. In The Twenty-Ninth AAAI Conference on Artificial Intelligence(AAAI), pages 2003–2009, 2015.

    Google Scholar 

  4. Christopher Bailey, Lionel Montrieux, Rogério de Lemos, Yijun Yu, and Michel Wermelinger. Run-time generation, transformation, and verification of access control models for self-protection. In 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2014, Proceedings, Hyderabad, India, June 2-3, 2014, pages 135–144, 2014.

    Google Scholar 

  5. Mike Burmester, Emmanouil Magkos, and Vassilios Chrissikopoulos. Modeling security in cyber-physical systems. Int. J. Crit. Infrastructure Prot., 5(3-4):118–126, 2012.

    Google Scholar 

  6. Javier Cámara, Gabriel A. Moreno, and David Garlan. Stochastic game analysis and latency awareness for proactive self-adaptation. In 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2014, Proceedings, Hyderabad, India, June 2-3, 2014, pages 155–164, 2014.

    Google Scholar 

  7. Javier Cámara, Gabriel A. Moreno, and David Garlan. Reasoning about human participation in self-adaptive systems. In 10th IEEE/ACM International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS, Florence, Italy, May 18-19, 2015, pages 146–156, 2015.

    Google Scholar 

  8. Javier Cámara, Gabriel A. Moreno, David Garlan, and Bradley R. Schmerl. Analyzing latency-aware self-adaptation using stochastic games and simulations. ACM Trans. Auton. Adapt. Syst., 10(4):23:1–23:28, 2016.

    Google Scholar 

  9. Betty H. C. Cheng and et al. Software engineering for self-adaptive systems: A research roadmap. In Software Engineering for Self-Adaptive Systems [outcome of a Dagstuhl Seminar], pages 1–26, 2009.

    Google Scholar 

  10. Shang-Wen Cheng, David Garlan, and Bradley R. Schmerl. Evaluating the effectiveness of the rainbow self-adaptive system. In 2009 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2009, Vancouver, BC, Canada, May 18-19, 2009, pages 132–141, 2009.

    Google Scholar 

  11. J. Cámara, D. Garlan, G.A. Moreno, and B. Schmerl. Chapter 7 - evaluating trade-offs of human involvement in self-adaptive systems. In Ivan Mistrik, Nour Ali, Rick Kazman, John Grundy, and Bradley Schmerl, editors, Managing Trade-Offs in Adaptable Software Architectures, pages 155 – 180. Morgan Kaufmann, Boston, 2017.

    Google Scholar 

  12. Rogério de Lemos and et al. Software engineering for self-adaptive systems: A second research roadmap. In Software Engineering for Self-Adaptive Systems II -International Seminar, Dagstuhl Castle, Germany, October 24-29, 2010 Revised Selected and Invited Papers, pages 1–32, 2010.

    Google Scholar 

  13. Premkumar T. Devanbu and Stuart G. Stubblebine. Software engineering for security: a roadmap. In 22nd International Conference on on Software Engineering, Future of Software Engineering Track, ICSE 2000, Limerick Ireland, June 4-11, 2000, pages 227–239, 2000.

    Google Scholar 

  14. Trajce Dimkov, Wolter Pieters, and Pieter H. Hartel. Portunes: Representing attack scenarios spanning through the physical, digital and social domain. In Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security - Joint Workshop, ARSPA-WITS 2010, Paphos, Cyprus, March 27-28, 2010. Revised Selected Papers, pages 112–129, 2010.

    Google Scholar 

  15. Cuong T. Do, Nguyen H. Tran, Choong Seon Hong, Charles A. Kamhoua, Kevin A. Kwiat, Erik Blasch, Shaolei Ren, Niki Pissinou, and Sundaraja Sitharama Iyengar. Game theory for cyber security and privacy. ACM Comput. Surv., 50(2):30:1–30:37, 2017.

    Google Scholar 

  16. Dmitry Dudorov, David Stupples, and Martin Newby. Probability analysis of cyber attack paths against business and commercial enterprise systems. In 2013 European Intelligence and Security Informatics Conference, Uppsala, Sweden, August 12-14, 2013, pages 38–44, 2013.

    Google Scholar 

  17. Ahmed M. Elkhodary and Jon Whittle. A survey of approaches to adaptive application security. In 2007 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2007, Minneapolis Minnesota, USA, May 20-26, 2007, page 16, 2007.

    Google Scholar 

  18. Mahsa Emami-Taba. A game-theoretic decision-making framework for engineering self-protecting software systems. In Proceedings of the 39th International Conference on Software Engineering, ICSE 2017, Buenos Aires, Argentina, May 20-28, 2017 -Companion Volume, pages 449–452, 2017.

    Google Scholar 

  19. Sadegh Farhang and Jens Grossklags. Flipleakage: A game-theoretic approach to protect against stealthy attackers in the presence of information leakage. In Decision and Game Theory for Security - 7th International Conference, GameSec 2016, New York, NY, USA, November 2-4, 2016, Proceedings, pages 195–214, 2016.

    Google Scholar 

  20. Marcel Frigault, Lingyu Wang, Anoop Singhal, and Sushil Jajodia. Measuring network security using dynamic bayesian network. In Proceedings of the 4th ACM Workshop on Quality of Protection, QoP 2008, Alexandria, VA, USA, October 27, 2008, pages 23–30, 2008.

    Google Scholar 

  21. Drew Fudenberg and Jean Tirole. Game Theory. MIT press, 1991.

    Google Scholar 

  22. David Garlan, Robert T. Monroe, and David Wile. Acme: an architecture description interchange language. In Proceedings of the 1997 conference of the Centre for Advanced Studies on Collaborative Research, November 10-13, 1997, Toronto, Ontario, Canada, page 7, 1997.

    Google Scholar 

  23. Thomas J. Glazier and David Garlan. An automated approach to management of a collection of autonomic systems. In IEEE 4th International Workshops on Foundations and Applications of Self* Systems, FAS*W@SASO/ICCAC 2019, Umea, Sweden, June16-20, 2019, pages 110–115, 2019.

    Google Scholar 

  24. M. Hajizadeh, T. V. Phan, and T. Bauschert. Probability analysis of successful cyber attacks in sdn-based networks. In 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pages 1–6, 2018.

    Google Scholar 

  25. John C Harsanyi. Games with incomplete information played by bayesian players, i-iii. Management Science, 50(12):1804–1817, 2004.

    Google Scholar 

  26. Charles A. Kamhoua, Niki Pissinou, Alan Busovaca, and Kia Makki. Belief-free equilibrium of packet forwarding game in ad hoc network sunder imperfect monitoring. In 29th International Performance Computing and Communications Conference, IPCCC 2010, 9-11 December 2010, Albuquerque, NM, USA, pages 315–324, 2010.

    Google Scholar 

  27. Jeffrey O. Kephart and David M. Chess. The vision of autonomic computing. IEEE Computer, 36(1):41–50, 2003.

    Google Scholar 

  28. Cody Kinneer, Ryan Wagner, Fei Fang, Claire Le Goues, and David Garlan. Modeling observability in adaptive systems to defend against advanced persistent threats. In Proceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for System Design, MEMOCODE 2019, La Jolla, CA, USA, October 9-11, 2019, pages 10:1–10:11, 2019.

    Google Scholar 

  29. Marta Kwiatkowska, Gethin Norman, and David Parker. Probabilistic Model Checking: Advances and Applications, pages 73–121. Springer International Publishing, Cham, 2018.

    Google Scholar 

  30. Hagay Levin, Michael Schapira, and Aviv Zohar. Interdomain routing and games. In Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada, May 17-20, 2008, pages 57–66, 2008.

    Google Scholar 

  31. Hagay Levin, Michael Schapira, and Aviv Zohar. Interdomain routing and games. SIAM J. Comput., 40(6):1892–1912, 2011.

    Google Scholar 

  32. Nianyu Li, Sridhar Adepu, Eunsuk Kang, and David Garlan. Explanations for human-on-the-loop: A probabilistic model checking approach. In Proceedings of the 15th International Symposium on Software Engineering for Adaptive and Self-managing Systems (SEAMS), 2020. To appear.

    Google Scholar 

  33. Wyatt Lloyd, Michael J. Freedman, Michael Kaminsky, and David G. Andersen. Stronger semantics for low-latency geo-replicated storage. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013, Lombard, IL, USA, April 2-5, 2013, pages 313–328, 2013.

    Google Scholar 

  34. Davide Lorenzoli, Leonardo Mariani, and Mauro Pezzè. Towards self-protecting enterprise applications. In ISSRE 2007, The 18th IEEE International Symposium on Software Reliability, Trollhättan, Sweden, 5-9 November 2007, pages 39–48, 2007.

    Google Scholar 

  35. Richard D. McKelvey, Andrew M. McLennan, and Theodore L. Turocy. Gambit: Software tools for game theory, version 16.0.1, 2018-02. http://www.gambit-project.org.

  36. Martin J. Osborne and Ariel Rubinstein. A course in game theory. MIT Press Books, 1, 1994.

    Google Scholar 

  37. Lloyd S Shapley. A value for n-person games. In Contributions to the Theory of Games, vol. 2, 1953.

    Google Scholar 

  38. Yoav Shoham and Kevin Leyton-Brown. Multiagent systems: Algorithmic, game-theoretic, and logical foundations. Cambridge University Press, 2008.

    Google Scholar 

  39. Roykrong Sukkerd, Reid Simmons, and David Garlan. Tradeoff-focused contrastive explanation for mdp planning, 2020.

    Google Scholar 

  40. Milind Tambe. Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, 2012.

    Google Scholar 

  41. Christos Tsigkanos, Liliana Pasquale, Carlo Ghezzi, and Bashar Nuseibeh. On the interplay between cyber and physical spaces for adaptive security. IEEE Trans. Dependable Secur. Comput., 15(3):466–480, 2018.

    Google Scholar 

  42. Marten van Dijk, Ari Juels, Alina Oprea, and Ronald L. Rivest. Flipit: The game of “stealthy takeover”. J. Cryptology, 26(4):655–713, 2013.

    Google Scholar 

  43. Danny Weyns, M. Usman Iftikhar, and Joakim Söderlund. Do external feedback loops improve the design of self-adaptive systems? a controlled experiment. In Proceedings of the 8th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2013, San Francisco, CA, USA, May 20-21, 2013, pages 3–12, 2013.

    Google Scholar 

  44. Youngmin Jung and Mokdong Chung. Adaptive security management model in the cloud computing environment. In 2010 The 12th International Conference on Advanced Communication Technology (ICACT), volume 2, pages 1664–1669, 2010.

    Google Scholar 

Download references

Acknowledgements

The research is partially supported by the National Natural Science Foundation of China under Grant Nos. 61620106007 and 61751210, award N00014172899 from the Office of Naval Research and the NSA under Award No. H9823018D0008.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Nianyu Li .

Editor information

Editors and Affiliations

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and Permissions

Copyright information

© 2021 The Author(s)

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Li, N., Zhang, M., Kang, E., Garlan, D. (2021). Engineering Secure Self-Adaptive Systems with Bayesian Games. In: Guerra, E., Stoelinga, M. (eds) Fundamental Approaches to Software Engineering. FASE 2021. Lecture Notes in Computer Science(), vol 12649. Springer, Cham. https://doi.org/10.1007/978-3-030-71500-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-71500-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-71499-4

  • Online ISBN: 978-3-030-71500-7

  • eBook Packages: Computer ScienceComputer Science (R0)