Grants and Contributions:

Back to search

Title:

A Context-Aware Framework for Adaptive Software Security

Agreement Number:

RGPIN

Agreement Value:

$130,000.00

Agreement Date:

May 10, 2017 -

Organization:

Natural Sciences and Engineering Research Council of Canada

Location:

Ontario, CA

Reference Number:

GC-2017-Q1-02021

Agreement Type:

Grant

Report Type:

Grants and Contributions

Additional Information:

Grant or Award spanning more than one fiscal year. (2017-2018 to 2022-2023)

Recipient's Legal Name:

Tahvildari, Ladan (University of Waterloo)

Program:

Discovery Grants Program - Individual

Program Purpose:

Dynamically changing environments and threat landscapes require adaptive software that enables the change and modification of security mechanisms at runtime. Research has been conducted with two different emphases in this area: context-awareness and self-protection. Research focused on context-awareness is more concerned with how to model, process, and manage contextual information, but is limited in its understanding of how a system adapts itself in response to unanticipated security changes in the context information. On the other hand, research into self-protection focuses more on how to adapt the system's structure and/or behavior in response to requirements and/or unanticipated security changes, but pays less attention to how the context is modeled, processed, and managed.

The long-term goal of the proposed research program is to gain full-awareness of cyber attacks at application-layers. In the next five years, the goal is to investigate, design, and develop a novel framework that supports consideration of context-awareness and adaptive security in an integrated manner. The specific objectives are: (1) to design an adaptive model for context recognition, (2) to design a set of requirements and runtime models for context comprehension, and (3) a set of algorithms to handle context projection and resolution.

Existing approaches in literature lack the reasoning and learning capabilities required to gain context-awareness for cyber defense. However, the recent PI’s preliminary work on modeling the interactions between the attacker and the adaptation manager as a Markov game suggests incorporating context in adaptive security to handle application-layer attacks. The PI will propose a set of integrated models and methods for monitoring, detecting attack-type uncertainty, and applying adaptation decisions in cyber space that are currently unachievable with existing techniques.

This research program will create high-quality research capabilities. It will open a new research direction that significantly reduces the cost impact of cyber security threats for more than 1,300 Canadian software companies, and improves Canada’s competitiveness in this vital sector. Industry will benefit from the findings of this program in two areas. The provision of a superior context-aware framework will allow for the development and implementation of sophisticated machine learning algorithms and methods for adaptive security at runtime, and the adaptive software security modeling techniques will help companies to employ effective methods to keep self-protecting systems up-to-date during their evolution and maintenance. This research program will train High Qualified Personnel (HQP) to work in the field of software engineering and adaptive security. The HQP will acquire a unique blend of interdisciplinary knowledge and apply that knowledge to improve adaptive software security.