Abstract | ||
---|---|---|
Monitoring security properties of cyber systems at runtime is necessary if the preservation of such properties cannot be guaranteed by formal analysis of their specification. It is also necessary if the runtime interactions between their components that are distributed over different types of local and wide area networks cannot be fully analyzed before putting the systems in operation. The effectiveness of runtime monitoring depends on the trustworthiness of the runtime system events, which are analyzed by the monitor. In this paper, we describe an approach for assessing the trustworthiness of such events. Our approach is based on the generation of possible explanations of runtime events based on a diagnostic model of the system under surveillance using abductive reasoning, and the confirmation of the validity of such explanations and the runtime events using belief based reasoning. The assessment process that we have developed based on this approach has been implemented as part of the EVEREST runtime monitoring framework and has been evaluated in a series of simulations that are discussed in the paper. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1016/j.cose.2013.03.011 | Computers and Security |
Keywords | Field | DocType |
cyber system monitoring,abductive reasoning,event trustworthiness,cybercrime,belief based reasoning | Computer science,Computer security,Trustworthiness,Cybercrime,Runtime verification,Abductive reasoning,Security properties,Runtime system | Journal |
Volume | Issue | ISSN |
38 | 1 | 0167-4048 |
Citations | PageRank | References |
0 | 0.34 | 218 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Theocharis Tsigkritis | 1 | 2 | 1.38 |
George Spanoudakis | 2 | 1057 | 108.40 |