Research Team Status
Names of researchers and position
(e.g. Research Scientist, PostDoc, Student (Undergrad/Masters/PhD))
David Garlan, PI, Professor
Eunsuk Kang, Professor
Bradley Schmerl, Principal Systems Scientist
Ryan Wagner, PhD Student
Andy Hammer, PhD StudentAny new collaborations with other universities/researchers?
Yes. Vick Dini was a visiting PhD student from Politecnico di Milano, working on EV Charging Station infrastructure, and we were understanding whether/how to include this as a case study system.
Project Goals
What is the current project goal?
The overall goal of this project is to develop a methodology for designing computer systems that are resilient, in that during an attack, they are capable of preserving critical services, even if some of the less critical functions of the system are lost.
- How does the current goal factor into the long-term goal of the project?
Accomplishments
- What was done, The overall goal of this project is to develop a methodology for designing computer systems that are resilient, in that during an attack, they are capable of preserving critical services, even if some of the less critical functions of the system are lost. The focus on Year 1 was on the design-time analysis for architectural resilience against security attacks. We have developed a prototype tool for the analysis (based on the Alloy Analyzer) that takes as input (1) a formal model of the system architecture and (2) a specification of a service requirement (e.g., a hospital IT system can provide critical medical support for an ICU). Our tool then automatically analyzes the trust boundary for the given architecture, describing a minimal subset of components in the system that need to be protected to satisfy the requirement.
- During the period of January-March 2024, we performed the following tasks:
- We completed a case study on the application of the resilience analysis to a distributed EV-charging network, identifying weaknesses where a compromise to a single component within the system might undermine a critical requirement (e.g., provide charging services).
- We prepared and submitted a conference paper on the resilience analysis tool (see below on the publication list).
- We developed an extension to the tool to enable a more fine-grained analysis and comparison of trust boundaries, by incorporating the notion of security labels into the underlying architecture formalism.
- We have begun developing a translator from the Acme architecture description language to Alloy, to improve the usability of the tool by allowing the user to specify an architecture using a higher-level language.
- The plan for Year 2 is to develop a run-time framework for dynamically adapting and reconfiguring a system architecture to gracefully degrade its functionality. As the first steps in this direction, we plan to develop a set of architecture design and reconfiguration patterns that can be used to support graceful degradation. These patterns may include, for example, partitioning a database to separate critical data from less critical ones, restricting the flow of certain information over a channel (to remove unnecessary privilege), or adding a redundant component as a standby for a compromised one. By the end of the next quarter, we expect to have developed an initial catalog of patterns and validate their effectiveness over multiple case studies.
Research Impact
- Eunsuk has taken on a new role as a head of a robotics security initiative in Cylab (a large lab in CMU), with participants from many schools at CMU
- We have engaged with several people at NSA to keep them aware of current progress and get feedback from them
Publications and presentations
- Submitted for review: Analysis of Architectural Robustness Against Security Attacks. Abigail Hammer, Changjiang Zhang, Vick Dini, Ryan Wagner, Eunsuk Kang, Bradley Schmerl and David Garlan. European Conference on Software Architecture (ECSA), 2025
- Eunsuk presented at the NSA lablet meeting in January