Computational Vulnerability Analysis for Information Survivability

Authors

Howard Shrobe

Massachusetts Institute of Technology

Proceedings:

Book One

Volume

Issue:

Proceedings of the AAAI Conference on Artificial Intelligence, 18

Track:

Emerging Applications

Downloads:

Download PDF

Abstract:

The Infrastructure of modern society is controlled by software systems. These systems are vulnerable to attacks; several such attacks, launched by "recreation hackers" have already led to severe disruption. However, a concerted and planned attack whose goal is to reap harm could lead to catastrophic results (for example, by disabling the computers that control the electrical power grid for a sustained period of time). The survivability of such information systems in the face of attacks is therefore an area of extreme importance to society. This paper is set in the context of self-adaptive survivable systems: software that judges the trustworthiness of the computational resources in its environment and which chooses how to achieve its goals in light of this trust model. Each self-adaptive survivable system detects and diagnoses compromises of its resources, taking whatever actions are necessary to recover from attack. In addition, a long-term monitoring system collects evidence from intrusion detectors, fire-walls and all the self-adaptive components, building a composite trust-model used by each component. Self-adaptive surviable systems contain models of their intended behavior, models of the required computational resources, models of the ways in which these resources may be compromised and finally, models of the ways in which a system may be attacked and how such attacks can lead to compromises of the computational resources. In this paper we focus on Computational Vulnerability Analysis: a system that, given a description of a computational environment, deduces all of the attacks that are possible. In particular its goal is to develop multi-stage attack models in which the compromise of one resource is used to facilitate the compromise of other, more valuable resources. Although our ultimate aim is to use these models online as part of a self-adaptive system, there are other offline uses as well which we are deploying first to help system administrators assess the vulnerabilitities of their computing environment.

AAAI

Proceedings of the AAAI Conference on Artificial Intelligence, 18

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.