System Component-Level Self-Adaptations for Security via Bayesian Games
This work addresses security challenges in self-adaptive systems for domains requiring resilience against adversarial attacks, representing an incremental advancement by refining modeling granularity.
The paper tackles the problem of designing self-adaptive systems for security by addressing the insufficiency of single-player models in handling partial compromises and enabling fine-grained defensive strategies. The result is a new framework that models system components as independent players in a Bayesian game, dynamically computing defensive strategies to improve system resiliency against attacks.
Security attacks present unique challenges to self-adaptive system design due to the adversarial nature of the environment. However, modeling the system as a single player, as done in prior works in security domain, is insufficient for the system under partial compromise and for the design of fine-grained defensive strategies where the rest of the system with autonomy can cooperate to mitigate the impact of attacks. To deal with such issues, we propose a new self-adaptive framework incorporating Bayesian game and model the defender (i.e., the system) at the granularity of components in system architecture. The system architecture model is translated into a Bayesian multi-player game, where each component is modeled as an independent player while security attacks are encoded as variant types for the components. The defensive strategy for the system is dynamically computed by solving the pure equilibrium to achieve the best possible system utility, improving the resiliency of the system against security attacks.