System Component-Level Self-Adaptations for Security via Bayesian Games

TL;DR

This paper introduces a novel self-adaptive framework for security in systems, modeling components as Bayesian game players to dynamically compute defensive strategies and enhance resilience against attacks.

Contribution

It presents a new Bayesian game-based approach modeling system components individually for fine-grained, adaptive security strategies in self-adaptive systems.

Findings

Improved system resilience against security attacks.

Dynamic computation of defensive strategies.

Component-level modeling enhances security adaptation.

Abstract

Security attacks present unique challenges to self-adaptive system design due to the adversarial nature of the environment. However, modeling the system as a single player, as done in prior works in security domain, is insufficient for the system under partial compromise and for the design of fine-grained defensive strategies where the rest of the system with autonomy can cooperate to mitigate the impact of attacks. To deal with such issues, we propose a new self-adaptive framework incorporating Bayesian game and model the defender (i.e., the system) at the granularity of components in system architecture. The system architecture model is translated into a Bayesian multi-player game, where each component is modeled as an independent player while security attacks are encoded as variant types for the components. The defensive strategy for the system is dynamically computed by solving the pure equilibrium to achieve the best possible system utility, improving the resiliency of the system against security attacks.