-
Reasoning about Moving Target Defense in Attack Modeling Formalisms
Authors:
Gabriel Ballot,
Vadim Malvone,
Jean Leneutre,
Etienne Borde
Abstract:
Since 2009, Moving Target Defense (MTD) has become a new paradigm of defensive mechanism that frequently changes the state of the target system to confuse the attacker. This frequent change is costly and leads to a trade-off between misleading the attacker and disrupting the quality of service. Optimizing the MTD activation frequency is necessary to develop this defense mechanism when facing reali…
▽ More
Since 2009, Moving Target Defense (MTD) has become a new paradigm of defensive mechanism that frequently changes the state of the target system to confuse the attacker. This frequent change is costly and leads to a trade-off between misleading the attacker and disrupting the quality of service. Optimizing the MTD activation frequency is necessary to develop this defense mechanism when facing realistic, multi-step attack scenarios. Attack modeling formalisms based on DAG are prominently used to specify these scenarios. Our contribution is a new DAG-based formalism for MTDs and its translation into a Price Timed Markov Decision Process to find the best activation frequencies against the attacker's time/cost-optimal strategies. For the first time, MTD activation frequencies are analyzed in a state-of-the-art DAG-based representation. Moreover, this is the first paper that considers the specificity of MTDs in the automatic analysis of attack modeling formalisms. Finally, we present some experimental results using Uppaal Stratego to demonstrate its applicability and relevance.
△ Less
Submitted 28 June, 2022;
originally announced June 2022.
-
Online Cycle Detection for Models with Mode-Dependent Input and Output Dependencies
Authors:
Heejong Park,
Arvind Easwaran,
Etienne Borde
Abstract:
In the fields of co-simulation and component-based modelling, designers import models as building blocks to create a composite model that provides more complex functionalities. Modelling tools perform instantaneous cycle detection (ICD) on the composite models having feedback loops to reject the models if the loops are mathematically unsound and to improve simulation performance. In this case, the…
▽ More
In the fields of co-simulation and component-based modelling, designers import models as building blocks to create a composite model that provides more complex functionalities. Modelling tools perform instantaneous cycle detection (ICD) on the composite models having feedback loops to reject the models if the loops are mathematically unsound and to improve simulation performance. In this case, the analysis relies heavily on the availability of dependency information from the imported models. However, the cycle detection problem becomes harder when the model's input to output dependencies are mode-dependent, i.e. changes for certain events generated internally or externally as inputs. The number of possible modes created by composing such models increases significantly and unknown factors such as environmental inputs make the offline (statical) ICD a difficult task. In this paper, an online ICD method is introduced to address this issue for the models used in cyber-physical systems. The method utilises an oracle as a central source of information that can answer whether the individual models can make mode transition without creating instantaneous cycles. The oracle utilises three types of data-structures created offline that are adaptively chosen during online (runtime) depending on the frequency as well as the number of models that make mode transitions. During the analysis, the models used online are stalled from running, resulting in the discrepancy with the physical system. The objective is to detect an absence of the instantaneous cycle while minimising the stall time of the model simulation that is induced from the analysis. The benchmark results show that our method is an adequate alternative to the offline analysis methods and significantly reduces the analysis time.
△ Less
Submitted 3 February, 2021;
originally announced February 2021.
-
A Survey on Time-Sensitive Resource Allocation in the Cloud Continuum
Authors:
Saravanan Ramanathan,
Nitin Shivaraman,
Seima Suryasekaran,
Arvind Easwaran,
Etienne Borde,
Sebastian Steinhorst
Abstract:
Artificial Intelligence (AI) and Internet of Things (IoT) applications are rapidly growing in today's world where they are continuously connected to the internet and process, store and exchange information among the devices and the environment. The cloud and edge platform is very crucial to these applications due to their inherent compute-intensive and resource-constrained nature. One of the forem…
▽ More
Artificial Intelligence (AI) and Internet of Things (IoT) applications are rapidly growing in today's world where they are continuously connected to the internet and process, store and exchange information among the devices and the environment. The cloud and edge platform is very crucial to these applications due to their inherent compute-intensive and resource-constrained nature. One of the foremost challenges in cloud and edge resource allocation is the efficient management of computation and communication resources to meet the performance and latency guarantees of the applications. The heterogeneity of cloud resources (processors, memory, storage, bandwidth), variable cost structure and unpredictable workload patterns make the design of resource allocation techniques complex. Numerous research studies have been carried out to address this intricate problem. In this paper, the current state-of-the-art resource allocation techniques for the cloud continuum, in particular those that consider time-sensitive applications, are reviewed. Furthermore, we present the key challenges in the resource allocation problem for the cloud continuum, a taxonomy to classify the existing literature and the potential research gaps.
△ Less
Submitted 29 April, 2020;
originally announced April 2020.
-
Architecture Models Refinements for Software Development of Critical Real-time Embedded Systems
Authors:
Etienne Borde
Abstract:
Cyber Physical Systems are systems controlled or monitored by computer-based programs, tightly integrated networks, sensors, and actuators. Software development of CPS has become so difficult that it represents most of the cost of CPS production. In addition, it is interesting to note that the integration, verification and validation of software in CPS require more efforts than the analysis, desig…
▽ More
Cyber Physical Systems are systems controlled or monitored by computer-based programs, tightly integrated networks, sensors, and actuators. Software development of CPS has become so difficult that it represents most of the cost of CPS production. In addition, it is interesting to note that the integration, verification and validation of software in CPS require more efforts than the analysis, design, and implementation activities. The main reason is that these activities are conducted late in the development process and issues discovered at this stage of the process will require to rework artifacts produced in the previous activities (i.e. analysis, design and/or implementation). In this document, we present our work aiming to improve the reliability of software development in the domain of CPS. In this context, we define the reliability of the development process as its capacity to deliver intermediate artifacts for which the rework effort would be as small as possible. This problem is very difficult for general purpose software (i.e. used on desktop computers or servers), and even more difficult for software in CPS. The main reason is that software in CPS is often critical, real-time and embedded on domain specific execution platforms. As a consequence, non-functional properties (also called quality attributes) of software applications in CPS are often as important and difficult to satisfy as the logical correctness of these applications. In order to the improve the reliability of software development in the domain of CPS, we propose a Model Driven Engineering (MDE) method based on step-wise refinements of software architecture descriptions. The results obtained with this method are summarized in this habilitation thesis.
△ Less
Submitted 23 November, 2019;
originally announced November 2019.