Skip to main content

Malicious Changeload for the Resilience Evaluation of Self-adaptive Authorisation Infrastructures

Bailey, Christopher, de Lemos, Rogério (2020) Malicious Changeload for the Resilience Evaluation of Self-adaptive Authorisation Infrastructures. Future Generation Computer Systems, 113 . pp. 113-131. ISSN 0167-739X. (doi:10.1016/j.future.2020.06.045) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:81860)

PDF Author's Accepted Manuscript
Language: English

Restricted to Repository staff only until 30 June 2021.

Contact us about this Publication
[thumbnail of FGCS_Revised (3).pdf]
Official URL
https://doi.org/10.1016/j.future.2020.06.045

Abstract

Self-adaptive systems are able to modify their behaviour and/or structure in response to changes that occur to the system, its environment, or even its goals. In terms of authorisation infrastructures, self-adaptation has shown to be a promising solution for enforcing access control policies and subject access privileges when mitigating insider threat. This paper describes the resilience evaluation of a self-adaptive authorisation infrastructure by simulating a case study related to insider threats. As part of this evaluation, a malicious changeload has been formally defined in order to describe scenarios of abuse in access control. This malicious changeload was then used to stimulate self-adaptation within a federated authorisation infrastructure.

The evaluation confirmed the resilience of a self-adaptive authorisation infrastructure in handling abuse of access under repeatable conditions by consistently mitigating abuse under normal and high loads. The evaluation has also shown that self-adaptation had a minimal impact on the authorisation infrastructure, even when adapting authorisation policies while mitigating abuse of access.

Item Type: Article
DOI/Identification number: 10.1016/j.future.2020.06.045
Uncontrolled keywords: self-protecting systems, authorisation infrastructures, changeload, insider threats, autonomic computing, access control
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.76 Computer software
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Rogerio de Lemos
Date Deposited: 25 Jun 2020 06:16 UTC
Last Modified: 16 Feb 2021 14:13 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/81860 (The current URI for this page, for reference purposes)
de Lemos, Rogério: https://orcid.org/0000-0002-0281-6308
  • Depositors only (login required):

Downloads

Downloads per month over past year