Reinforcement Learning for Generating Secure Configurations

Shuvalaxmi Dass; Akbar Siami Namin

doi:10.3390/electronics10192392

Reinforcement Learning for Generating Secure Configurations

Electronics ◽

10.3390/electronics10192392 ◽

2021 ◽

Vol 10 (19) ◽

pp. 2392

Author(s):

Shuvalaxmi Dass ◽

Akbar Siami Namin

Keyword(s):

Reinforcement Learning ◽

Software Systems ◽

Moving Target ◽

Large Set ◽

Software System ◽

Secure Software ◽

Attack Surface ◽

Diversification Techniques ◽

System Configurations ◽

Attack Surfaces

Many security problems in software systems are because of vulnerabilities caused by improper configurations. A poorly configured software system leads to a multitude of vulnerabilities that can be exploited by adversaries. The problem becomes even more serious when the architecture of the underlying system is static and the misconfiguration remains for a longer period of time, enabling adversaries to thoroughly inspect the software system under attack during the reconnaissance stage. Employing diversification techniques such as Moving Target Defense (MTD) can minimize the risk of exposing vulnerabilities. MTD is an evolving defense technique through which the attack surface of the underlying system is continuously changing. However, the effectiveness of such dynamically changing platform depends not only on the goodness of the next configuration setting with respect to minimization of attack surfaces but also the diversity of set of configurations generated. To address the problem of generating a diverse and large set of secure software and system configurations, this paper introduces an approach based on Reinforcement Learning (RL) through which an agent is trained to generate the desirable set of configurations. The paper reports the performance of the RL-based secure and diverse configurations through some case studies.

Download Full-text

Software Systems Security Vulnerabilities Management by Exploring the Capabilities of Language Models Using NLP

Computational Intelligence and Neuroscience ◽

10.1155/2021/8522839 ◽

2021 ◽

Vol 2021 ◽

pp. 1-19

Author(s):

Raghavendra Rao Althar ◽

Debabrata Samanta ◽

Manjit Kaur ◽

Abeer Ali Alnuaim ◽

Nouf Aljaffan ◽

...

Keyword(s):

Software Development ◽

Data Science ◽

Software Security ◽

Language Modeling ◽

Language Models ◽

Software Systems ◽

Software System ◽

Security Vulnerabilities ◽

Systems Security ◽

Secure Software

Security of the software system is a prime focus area for software development teams. This paper explores some data science methods to build a knowledge management system that can assist the software development team to ensure a secure software system is being developed. Various approaches in this context are explored using data of insurance domain-based software development. These approaches will facilitate an easy understanding of the practical challenges associated with actual-world implementation. This paper also discusses the capabilities of language modeling and its role in the knowledge system. The source code is modeled to build a deep software security analysis model. The proposed model can help software engineers build secure software by assessing the software security during software development time. Extensive experiments show that the proposed models can efficiently explore the software language modeling capabilities to classify software systems’ security vulnerabilities.

Download Full-text

Quantifying & minimizing attack surfaces containing moving target defenses

2015 Resilience Week (RWS) ◽

10.1109/rweek.2015.7287449 ◽

2015 ◽

Cited By ~ 7

Author(s):

Nathaniel Soule ◽

Borislava Simidchieva ◽

Fusun Yaman ◽

Ronald Watro ◽

Joseph Loyall ◽

...

Keyword(s):

Moving Target ◽

Attack Surfaces

Download Full-text

Hitting the Moving Target: Trials and Tribulations of Modeling Quality in Evolving Software Systems

Proceedings. International Conference on Software Maintenance (Cat. No. 98CB36272) ◽

10.1109/icsm.1998.738490 ◽

2005 ◽

Author(s):

P.W. Oman

Keyword(s):

Software Systems ◽

Moving Target

Download Full-text

A Comprehensive Assessment Tool for Patient Registry Software Systems: The CIPROS Checklist

Methods of Information in Medicine ◽

10.3414/me14-02-0026 ◽

2015 ◽

Vol 54 (05) ◽

pp. 447-454 ◽

Cited By ~ 9

Author(s):

U. Mansmann ◽

D. Lindoerfer

Keyword(s):

Systematic Review ◽

Critical Appraisal ◽

Assessment Tool ◽

Wide Spectrum ◽

Patient Registry ◽

Software Systems ◽

Software System ◽

Review Of The Literature ◽

Patient Registries ◽

Wide Range

SummaryBackground: Patient registries are an important instrument in medical research. Often their structure is complex and their implementation uses composite software systems to meet the wide spectrum of challenges.Objectives: For the implementation of a registry, there is a wide range of commercial, open source, and self-developed systems available and a minimal standard for the critical appraisal of their architecture is needed.Methods: We performed a systematic review of the literature to define a catalogue of relevant criteria to construct a minimal appraisal standard.Results: The CIPROS list is developed based on 64 papers which were found by our systematic review. The list covers twelve sections and contains 72 items.Conclusions: The CIPROS list supports developers to assess requirements on existing systems and strengthens the reporting of patient registry software system descriptions. It can be a first step to create standards for patient registry software system assessments.

Download Full-text

Securing Software Systems - A Survey

10.36227/techrxiv.12319598 ◽

2020 ◽

Author(s):

Yong Weixiong ◽

Kohei Dozono ◽

Robin Lee ◽

Alvin Kon Soon Seng ◽

Fatima tuz Zahra

Keyword(s):

Development Process ◽

User Behavior ◽

Development Stage ◽

Security And Privacy ◽

Software Systems ◽

Privacy Concerns ◽

Policy Awareness ◽

Secure Software ◽

Different Types ◽

Development Processes

This paper aims to discuss the standard guidelines of the development process of secure software and will give justification on different types and ways of the software development processes. Additionally, a survey is conducted, the aim of which is to observe user behavior towards software system usage, user attitude in terms of privacy and policy awareness, security and privacy concerns. This is followed by discussion on how to secure software systems in development stage.

Download Full-text

Systematic Literature Review of Security Pattern Research

10.20944/preprints202011.0418.v1 ◽

2020 ◽

Author(s):

Hironori Washizaki ◽

Tian Xia ◽

Natsumi Kamata ◽

Yoshiaki Fukazawa ◽

Hideyuki Kanuka ◽

...

Keyword(s):

Literature Review ◽

Systematic Literature Review ◽

System Development ◽

Software System ◽

Security Patterns ◽

Secure Software ◽

Security Pattern ◽

Survey Results ◽

Barriers To Implementation

Security patterns encompass security-related issues in secure software system development and operations that often appear in certain contexts. Since the late 1990s about 500 security patterns have been proposed. Although the technical components are well investigated, the direction, overall picture, and barriers to implementation are not. Here, a systematic literature review of 240 papers is used to devise a taxonomy for security pattern research. Our taxonomy and the survey results should improve communications among practitioners and researchers, standardize the terminology, and increase the effectiveness of security patterns.

Download Full-text

Adversarial Deep Reinforcement Learning Based Adaptive Moving Target Defense

Lecture Notes in Computer Science - Decision and Game Theory for Security ◽

10.1007/978-3-030-64793-3_4 ◽

2020 ◽

pp. 58-79

Author(s):

Taha Eghtesad ◽

Yevgeniy Vorobeychik ◽

Aron Laszka

Keyword(s):

Reinforcement Learning ◽

Moving Target ◽

Moving Target Defense

Download Full-text

An Integrated Method for Improving Remodularization in Software Systems using Probability Method

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i8027.078919 ◽

2019 ◽

Vol 8 (9) ◽

pp. 2662-2668

Keyword(s):

Clustering Algorithm ◽

Software Systems ◽

Probability Method ◽

Software System ◽

Integrated Method ◽

Software Modularization ◽

Estimation Of Distribution ◽

Automatic Software ◽

Structural Connections ◽

Genetic Clustering

Effective software system must advance to stay pertinent, however this procedure of development can cause the product design to rot and prompt essentially diminished efficiency and even dropped projects. Remodularization tasks can be performed to fix the structure of a software system and evacuate the disintegration brought about by programming advancement. Software remodularization comprises in rearranging software entities into modules to such an extent that sets of substances having a place with similar modules are more comparable than those having a place with various modules.However, re-modularizing systems automatically is challenging in order to enhance their sustainability. In this paper, we have introduced a procedure of automatic software remodularization that helps software maintainers to enhance the software modularization quality by assessing the coupling and attachment among programming components. For precision coupling measures, the proposed technology uses structural coupling measurements. The proposed methodology utilizes tallying of class' part capacities utilized by a given class as a basic coupling measure among classes. The interaction between class files measures structural connections between software elements (classes). In this paper, probability based remodularization (PBR) approach has been proposed to remodularize the software systems. The file ordering process is done by performing probability based approach and remodularization is done based on the dependency strength or connectivity among the files. The proposed technique is experimented on seven software systems. The efficiency is measured by utilizing Turbo Modularization Quality (MQ) that promotes edge weighing module dependence graph (MDG). It very well may be presumed that when comparing performance with the subsisting techniques, for instance, Bunch – GA (Genetic Algorithm), DAGC (Development of Genetic Clustering Algorithm) and Estimation of Distribution Algorithm (EDA), the proposed methodology has greater Turbo MQ value and lesser time complexity with Bunch-GA in the software systems assessed

Download Full-text

Requirements Engineering for Software Systems: A Systematic Literature Review

PROGRAMMNAYA INGENERIA ◽

10.17587/prin.12.339-349 ◽

2021 ◽

Vol 12 (7) ◽

pp. 339-349

Author(s):

A. A. Kodubets ◽

◽

I. L. Artemieva ◽

Keyword(s):

Literature Review ◽

Requirements Engineering ◽

Language Processing ◽

Systematic Literature Review ◽

Large Scale ◽

Development Process ◽

Research Question ◽

Software Systems ◽

Software System ◽

Requirements Development

This article contains a systematic literature review of requirements engineering for software systems. The literature published within last 5 years was included into the review. A research question was defined as requirements development process of large scale software system (with thousands of requirements) and an interaction problem during this process (communication, coordination and control). The problem is caused by the fact that large-scale software system requirements process is a cross-disciplinary task and it involves multiple parties — stakeholders, domain experts, and suppliers with own goals and constrains, and thus, the interaction between them seriously slows down the overall requirements development process than writing the requirements specification itself. The research papers were classified by several research directions: Natural Language Processing for Requirements Engineering (NLP4RE), Requirement Prioritization, Requirements Traceability, Quality of Software Requirements, Non-functional Requirements and Requirements Elicitation. Motivation and intensity of each direction was described. Each direction was structured and represented with the key references. A contribution of each research direction into the research question was analyzed and summarized including potential further steps. It was identified that some researchers had met a part of the described problem in different forms during their researches. At the end, other researches were described additionally in a short overview. To approach the research question further potential direction was described.

Download Full-text

Innovative Strategies for Secure Software Development

Software Design and Development ◽

10.4018/978-1-4666-4301-7.ch097 ◽

2014 ◽

pp. 2099-2119

Author(s):

Punam Bedi ◽

Vandana Gandotra ◽

Archana Singhal

Keyword(s):

Fuzzy Logic ◽

Security Requirements ◽

Software Systems ◽

Hybrid Technique ◽

Security Measures ◽

Failed State ◽

Innovative Strategies ◽

Secure Software ◽

Attack Trees ◽

Secure Software Development

This chapter discusses adoption of some proactive strategies in threat management for security of software systems. Security requirements play an important role for secure software systems which arise due to threats to the assets from malicious users. It is therefore imperative to develop realistic and meaningful security requirements. A hybrid technique has been presented in this chapter evolved by overlapping the strengths of misuse cases and attack trees for elicitation of flawless security requirements. This chapter also discusses an innovative technique using fuzzy logic as a proactive step to break the jinx of brittleness of present day security measures based on binary principle. In this mechanism, partially secure state evolved between safe state and failed state using fuzzy logic provides an alert signal to take appropriate additional preventive measures to save the system from entering into the failed state to the extent possible.

Download Full-text