School of Computing

Jun 15
11:00 - 12:00
Evaluating Self-Adaptive Authorisation Infrastructures through Gamification
School of Computing - Cyber Security Group Seminar
Speaker: Dr Rogério de Lemos (University of Kent, internal talk)

Abstract: Self-adaptive systems are able to modify their behaviour and/or structure in response to changes that occur to the system itself, its environment, or even its goals. In terms of authorisation infrastructures, self-adaptation has been shown to provide runtime capabilities for specifying and enforcing access control policies and subject access privileges, with a goal to mitigate insider threat. The evaluation of self-adaptive authorisation infrastructures, particularly, in the context of insider threats, is challenging because simulation of malicious behaviour can only demonstrate a fraction of the types of abuse that is representative of the real-world. In this talk, we present an innovative approach based on an ethical game of hacking, protected by an authorisation infrastructure.  A key feature of the approach is the ability to observe user activity pre- and post-adaptation when evaluating runtime consequences of self-adaptation. Our live experiments captured a wide range of unpredictable changes, including malicious behaviour related to the exploitation of known vulnerabilities. As an outcome, we demonstrated the ability of our self-adaptive authorisation infrastructure to handle malicious behaviour given the existence of real and intelligent users, in addition to capturing how users responded to adaptation.

Location

SW101,
Cornwallis Southwest,
University of Kent,
Canterbury,
Kent,
CT2 7NF
United Kingdom
Map

Details

Open to All,

Contact: Budi Arief
E: b.arief@kent.ac.uk
T: +44 (0)1227 82 3816
School of Computing

School of Computing, University of Kent, Canterbury, Kent, CT2 7NF

Enquiries: +44 (0)1227 824180 or contact us.

Last Updated: 14/08/2015