Compositional Framework for System Security with Multi-metric Optimization”
Ivanov, Vladimir I
Baras, John, S.
Date: March 31 - April 01, 2010
The objective of the proposed research is to develop a compositional framework and methods for performance vs security tradeoffs via multi-criteria optimization of system security, and therefore it aligns with problem statement 2: “Security Framework.” We propose to study a top-down approach for optimizing (1) the security metric(s) of a composite system viewed as a bivariate function of its subsystems’ security and performance metrics under given constraints and (2) the composition of subsystems that provides higher system security than that of the composition of the same subsystems driven solely by performance maximization. In this way, we reconcile the trade-off between security and performance by introducing a holistic, multi-objective solution that satisfies both the performance and the security requirements for the system, by overcoming the problem of compartmentalized security solutions and thus achieving the “best value” of the system. Our framework delineates methods for achieving provably secure composition of secure subsystems and system components – a critical problem area where almost all current results demonstrate infeasibility of achieving compositional security.