Multi-paradigm deception modeling for cyber defense

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Security-critical systems demand multiple well-balanced mechanisms to detect ill-intentioned actions and protect valuable assets from damage while keeping costs in acceptable levels. The use of deception to enhance security has been studied for more than two decades. However, deception is still included in the software development process in an ad-hoc fashion, typically realized as single tools or entire solutions repackaged as honeypot machines. We propose a multi-paradigm modeling approach to specify deception tactics during the software development process so that conflicts and risks can be found in the initial phases of the development, reducing costs of ill-planned decisions. We describe a metamodel containing deception concepts that integrates other models, such as a goal-oriented model, feature model, and behavioral UML models to specify static and dynamic aspects of a deception operation. The outcome of this process is a set of deception tactics that is realized by a set of deception components integrated with the system components. The feasibility of this multi-paradigm approach is shown by designing deception defense strategies for a students’ presence control system for the Faculty of Science and Technology of Universidade NOVA de Lisboa.

Original languageEnglish
Pages (from-to)32-51
Number of pages20
JournalJournal of Systems and Software
Volume141
DOIs
Publication statusPublished - 1 Jul 2018

Fingerprint

Software engineering
Costs
Students
Control systems

Keywords

  • Deception
  • Model-driven
  • Security

Cite this

@article{c6af71d7b38b477c8fe7374f6d2d9613,
title = "Multi-paradigm deception modeling for cyber defense",
abstract = "Security-critical systems demand multiple well-balanced mechanisms to detect ill-intentioned actions and protect valuable assets from damage while keeping costs in acceptable levels. The use of deception to enhance security has been studied for more than two decades. However, deception is still included in the software development process in an ad-hoc fashion, typically realized as single tools or entire solutions repackaged as honeypot machines. We propose a multi-paradigm modeling approach to specify deception tactics during the software development process so that conflicts and risks can be found in the initial phases of the development, reducing costs of ill-planned decisions. We describe a metamodel containing deception concepts that integrates other models, such as a goal-oriented model, feature model, and behavioral UML models to specify static and dynamic aspects of a deception operation. The outcome of this process is a set of deception tactics that is realized by a set of deception components integrated with the system components. The feasibility of this multi-paradigm approach is shown by designing deception defense strategies for a students’ presence control system for the Faculty of Science and Technology of Universidade NOVA de Lisboa.",
keywords = "Deception, Model-driven, Security",
author = "{de Faveri}, Cristiano and Ana Moreira and Vasco Amaral",
note = "CAPES foundation (Ref. 0553-14-0) NOVA LINCS Research Laboratory (Ref. UID/CEC/04516/ 2013)",
year = "2018",
month = "7",
day = "1",
doi = "10.1016/j.jss.2018.03.031",
language = "English",
volume = "141",
pages = "32--51",
journal = "Journal of Systems and Software",
issn = "0164-1212",
publisher = "Elsevier Inc.",

}

Multi-paradigm deception modeling for cyber defense. / de Faveri, Cristiano; Moreira, Ana; Amaral, Vasco.

In: Journal of Systems and Software, Vol. 141, 01.07.2018, p. 32-51.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Multi-paradigm deception modeling for cyber defense

AU - de Faveri, Cristiano

AU - Moreira, Ana

AU - Amaral, Vasco

N1 - CAPES foundation (Ref. 0553-14-0) NOVA LINCS Research Laboratory (Ref. UID/CEC/04516/ 2013)

PY - 2018/7/1

Y1 - 2018/7/1

N2 - Security-critical systems demand multiple well-balanced mechanisms to detect ill-intentioned actions and protect valuable assets from damage while keeping costs in acceptable levels. The use of deception to enhance security has been studied for more than two decades. However, deception is still included in the software development process in an ad-hoc fashion, typically realized as single tools or entire solutions repackaged as honeypot machines. We propose a multi-paradigm modeling approach to specify deception tactics during the software development process so that conflicts and risks can be found in the initial phases of the development, reducing costs of ill-planned decisions. We describe a metamodel containing deception concepts that integrates other models, such as a goal-oriented model, feature model, and behavioral UML models to specify static and dynamic aspects of a deception operation. The outcome of this process is a set of deception tactics that is realized by a set of deception components integrated with the system components. The feasibility of this multi-paradigm approach is shown by designing deception defense strategies for a students’ presence control system for the Faculty of Science and Technology of Universidade NOVA de Lisboa.

AB - Security-critical systems demand multiple well-balanced mechanisms to detect ill-intentioned actions and protect valuable assets from damage while keeping costs in acceptable levels. The use of deception to enhance security has been studied for more than two decades. However, deception is still included in the software development process in an ad-hoc fashion, typically realized as single tools or entire solutions repackaged as honeypot machines. We propose a multi-paradigm modeling approach to specify deception tactics during the software development process so that conflicts and risks can be found in the initial phases of the development, reducing costs of ill-planned decisions. We describe a metamodel containing deception concepts that integrates other models, such as a goal-oriented model, feature model, and behavioral UML models to specify static and dynamic aspects of a deception operation. The outcome of this process is a set of deception tactics that is realized by a set of deception components integrated with the system components. The feasibility of this multi-paradigm approach is shown by designing deception defense strategies for a students’ presence control system for the Faculty of Science and Technology of Universidade NOVA de Lisboa.

KW - Deception

KW - Model-driven

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85044574554&partnerID=8YFLogxK

U2 - 10.1016/j.jss.2018.03.031

DO - 10.1016/j.jss.2018.03.031

M3 - Article

VL - 141

SP - 32

EP - 51

JO - Journal of Systems and Software

JF - Journal of Systems and Software

SN - 0164-1212

ER -