{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:36:53Z","timestamp":1742913413928,"version":"3.40.3"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030714994"},{"type":"electronic","value":"9783030715007"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,3,20]],"date-time":"2021-03-20T00:00:00Z","timestamp":1616198400000},"content-version":"vor","delay-in-days":78,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Security attacks present unique challenges to self-adaptive system design due to the adversarial nature of the environment. Game theory approaches have been explored in security to model malicious behaviors and design reliable defense for the system in a mathematically grounded manner. However, modeling the system as a single player, as done in prior works, is insufficient for the system under partial compromise and for the design of fine-grained defensive strategies where the rest of the system with autonomy can cooperate to mitigate the impact of attacks. To deal with such issues, we propose a new self-adaptive framework incorporating Bayesian game theory and model the defender (i.e., the system) at the granularity of<jats:italic>components<\/jats:italic>. Under security attacks, the architecture model of the system is translated into a<jats:italic>Bayesian multi-player game<\/jats:italic>, where each component is explicitly modeled as an independent player while security attacks are encoded as variant types for the components. The optimal defensive strategy for the system is dynamically computed by solving the pure equilibrium (i.e., adaptation response) to achieve the best possible system utility, improving the resiliency of the system against security attacks. We illustrate our approach using an example involving load balancing and a case study on inter-domain routing.<\/jats:p>","DOI":"10.1007\/978-3-030-71500-7_7","type":"book-chapter","created":{"date-parts":[[2021,3,19]],"date-time":"2021-03-19T13:12:14Z","timestamp":1616159534000},"page":"130-151","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Engineering Secure Self-Adaptive Systems with Bayesian Games"],"prefix":"10.1007","author":[{"given":"Nianyu","family":"Li","sequence":"first","affiliation":[]},{"given":"Mingyue","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Eunsuk","family":"Kang","sequence":"additional","affiliation":[]},{"given":"David","family":"Garlan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,3,20]]},"reference":[{"unstructured":"Web server and its types of attacks. https:\/\/www.greycampus.com\/opencampus\/ethical-hacking\/web-server-and-its-types-of-attacks. Accessed: 2010-09-30.","key":"7_CR1"},{"doi-asserted-by":"crossref","unstructured":"Y.\u00a0Al-Nashif, A.\u00a0A. Kumar, S.\u00a0Hariri, Y.\u00a0Luo, F.\u00a0Szidarovsky, and G.\u00a0Qu. Multi-level intrusion detection system (ml-ids). In 2008 International Conference on Autonomic Computing, pages 131\u2013140, 2008.","key":"7_CR2","DOI":"10.1109\/ICAC.2008.25"},{"doi-asserted-by":"crossref","unstructured":"Ofra Amir, Guni Sharon, and Roni Stern. Multi-agent pathfinding as a combinatorial auction. In The Twenty-Ninth AAAI Conference on Artificial Intelligence(AAAI), pages 2003\u20132009, 2015.","key":"7_CR3","DOI":"10.1609\/aaai.v29i1.9427"},{"doi-asserted-by":"crossref","unstructured":"Christopher Bailey, Lionel Montrieux, Rog\u00e9rio de\u00a0Lemos, Yijun Yu, and Michel Wermelinger. Run-time generation, transformation, and verification of access control models for self-protection. In 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2014, Proceedings, Hyderabad, India, June 2-3, 2014, pages 135\u2013144, 2014.","key":"7_CR4","DOI":"10.1145\/2593929.2593945"},{"doi-asserted-by":"crossref","unstructured":"Mike Burmester, Emmanouil Magkos, and Vassilios Chrissikopoulos. Modeling security in cyber-physical systems. Int. J. Crit. Infrastructure Prot., 5(3-4):118\u2013126, 2012.","key":"7_CR5","DOI":"10.1016\/j.ijcip.2012.08.002"},{"doi-asserted-by":"crossref","unstructured":"Javier C\u00e1mara, Gabriel\u00a0A. Moreno, and David Garlan. Stochastic game analysis and latency awareness for proactive self-adaptation. In 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2014, Proceedings, Hyderabad, India, June 2-3, 2014, pages 155\u2013164, 2014.","key":"7_CR6","DOI":"10.1145\/2593929.2593933"},{"doi-asserted-by":"crossref","unstructured":"Javier C\u00e1mara, Gabriel\u00a0A. Moreno, and David Garlan. Reasoning about human participation in self-adaptive systems. In 10th IEEE\/ACM International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS, Florence, Italy, May 18-19, 2015, pages 146\u2013156, 2015.","key":"7_CR7","DOI":"10.1109\/SEAMS.2015.14"},{"doi-asserted-by":"crossref","unstructured":"Javier C\u00e1mara, Gabriel\u00a0A. Moreno, David Garlan, and Bradley\u00a0R. Schmerl. Analyzing latency-aware self-adaptation using stochastic games and simulations. ACM Trans. Auton. Adapt. Syst., 10(4):23:1\u201323:28, 2016.","key":"7_CR8","DOI":"10.1145\/2774222"},{"unstructured":"Betty H.\u00a0C. Cheng and et\u00a0al. Software engineering for self-adaptive systems: A research roadmap. In Software Engineering for Self-Adaptive Systems [outcome of a Dagstuhl Seminar], pages 1\u201326, 2009.","key":"7_CR9"},{"doi-asserted-by":"crossref","unstructured":"Shang-Wen Cheng, David Garlan, and Bradley\u00a0R. Schmerl. Evaluating the effectiveness of the rainbow self-adaptive system. In 2009 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2009, Vancouver, BC, Canada, May 18-19, 2009, pages 132\u2013141, 2009.","key":"7_CR10","DOI":"10.1109\/SEAMS.2009.5069082"},{"doi-asserted-by":"crossref","unstructured":"J. C\u00e1mara, D.\u00a0Garlan, G.A. Moreno, and B.\u00a0Schmerl. Chapter 7 - evaluating trade-offs of human involvement in self-adaptive systems. In Ivan Mistrik, Nour Ali, Rick Kazman, John Grundy, and Bradley Schmerl, editors, Managing Trade-Offs in Adaptable Software Architectures, pages 155 \u2013 180. Morgan Kaufmann, Boston, 2017.","key":"7_CR11","DOI":"10.1016\/B978-0-12-802855-1.00007-1"},{"unstructured":"Rog\u00e9rio de\u00a0Lemos and et\u00a0al. Software engineering for self-adaptive systems: A second research roadmap. In Software Engineering for Self-Adaptive Systems II -International Seminar, Dagstuhl Castle, Germany, October 24-29, 2010 Revised Selected and Invited Papers, pages 1\u201332, 2010.","key":"7_CR12"},{"unstructured":"Premkumar\u00a0T. Devanbu and Stuart\u00a0G. Stubblebine. Software engineering for security: a roadmap. In 22nd International Conference on on Software Engineering, Future of Software Engineering Track, ICSE 2000, Limerick Ireland, June 4-11, 2000, pages 227\u2013239, 2000.","key":"7_CR13"},{"doi-asserted-by":"crossref","unstructured":"Trajce Dimkov, Wolter Pieters, and Pieter\u00a0H. Hartel. Portunes: Representing attack scenarios spanning through the physical, digital and social domain. In Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security - Joint Workshop, ARSPA-WITS 2010, Paphos, Cyprus, March 27-28, 2010. Revised Selected Papers, pages 112\u2013129, 2010.","key":"7_CR14","DOI":"10.1007\/978-3-642-16074-5_9"},{"doi-asserted-by":"crossref","unstructured":"Cuong\u00a0T. Do, Nguyen\u00a0H. Tran, Choong\u00a0Seon Hong, Charles\u00a0A. Kamhoua, Kevin\u00a0A. Kwiat, Erik Blasch, Shaolei Ren, Niki Pissinou, and Sundaraja\u00a0Sitharama Iyengar. Game theory for cyber security and privacy. ACM Comput. Surv., 50(2):30:1\u201330:37, 2017.","key":"7_CR15","DOI":"10.1145\/3057268"},{"doi-asserted-by":"crossref","unstructured":"Dmitry Dudorov, David Stupples, and Martin Newby. Probability analysis of cyber attack paths against business and commercial enterprise systems. In 2013 European Intelligence and Security Informatics Conference, Uppsala, Sweden, August 12-14, 2013, pages 38\u201344, 2013.","key":"7_CR16","DOI":"10.1109\/EISIC.2013.13"},{"unstructured":"Ahmed\u00a0M. Elkhodary and Jon Whittle. A survey of approaches to adaptive application security. In 2007 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2007, Minneapolis Minnesota, USA, May 20-26, 2007, page\u00a016, 2007.","key":"7_CR17"},{"doi-asserted-by":"crossref","unstructured":"Mahsa Emami-Taba. A game-theoretic decision-making framework for engineering self-protecting software systems. In Proceedings of the 39th International Conference on Software Engineering, ICSE 2017, Buenos Aires, Argentina, May 20-28, 2017 -Companion Volume, pages 449\u2013452, 2017.","key":"7_CR18","DOI":"10.1109\/ICSE-C.2017.43"},{"doi-asserted-by":"crossref","unstructured":"Sadegh Farhang and Jens Grossklags. Flipleakage: A game-theoretic approach to protect against stealthy attackers in the presence of information leakage. In Decision and Game Theory for Security - 7th International Conference, GameSec 2016, New York, NY, USA, November 2-4, 2016, Proceedings, pages 195\u2013214, 2016.","key":"7_CR19","DOI":"10.1007\/978-3-319-47413-7_12"},{"doi-asserted-by":"crossref","unstructured":"Marcel Frigault, Lingyu Wang, Anoop Singhal, and Sushil Jajodia. Measuring network security using dynamic bayesian network. In Proceedings of the 4th ACM Workshop on Quality of Protection, QoP 2008, Alexandria, VA, USA, October 27, 2008, pages 23\u201330, 2008.","key":"7_CR20","DOI":"10.1145\/1456362.1456368"},{"unstructured":"Drew Fudenberg and Jean Tirole. Game Theory. MIT press, 1991.","key":"7_CR21"},{"unstructured":"David Garlan, Robert\u00a0T. Monroe, and David Wile. Acme: an architecture description interchange language. In Proceedings of the 1997 conference of the Centre for Advanced Studies on Collaborative Research, November 10-13, 1997, Toronto, Ontario, Canada, page\u00a07, 1997.","key":"7_CR22"},{"doi-asserted-by":"crossref","unstructured":"Thomas\u00a0J. Glazier and David Garlan. An automated approach to management of a collection of autonomic systems. In IEEE 4th International Workshops on Foundations and Applications of Self* Systems, FAS*W@SASO\/ICCAC 2019, Umea, Sweden, June16-20, 2019, pages 110\u2013115, 2019.","key":"7_CR23","DOI":"10.1109\/FAS-W.2019.00038"},{"doi-asserted-by":"crossref","unstructured":"M.\u00a0Hajizadeh, T.\u00a0V. Phan, and T.\u00a0Bauschert. Probability analysis of successful cyber attacks in sdn-based networks. In 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pages 1\u20136, 2018.","key":"7_CR24","DOI":"10.1109\/NFV-SDN.2018.8725664"},{"doi-asserted-by":"crossref","unstructured":"John\u00a0C Harsanyi. Games with incomplete information played by bayesian players, i-iii. Management Science, 50(12):1804\u20131817, 2004.","key":"7_CR25","DOI":"10.1287\/mnsc.1040.0270"},{"doi-asserted-by":"crossref","unstructured":"Charles\u00a0A. Kamhoua, Niki Pissinou, Alan Busovaca, and Kia Makki. Belief-free equilibrium of packet forwarding game in ad hoc network sunder imperfect monitoring. In 29th International Performance Computing and Communications Conference, IPCCC 2010, 9-11 December 2010, Albuquerque, NM, USA, pages 315\u2013324, 2010.","key":"7_CR26","DOI":"10.1109\/PCCC.2010.5682295"},{"doi-asserted-by":"crossref","unstructured":"Jeffrey\u00a0O. Kephart and David\u00a0M. Chess. The vision of autonomic computing. IEEE Computer, 36(1):41\u201350, 2003.","key":"7_CR27","DOI":"10.1109\/MC.2003.1160055"},{"doi-asserted-by":"crossref","unstructured":"Cody Kinneer, Ryan Wagner, Fei Fang, Claire Le Goues, and David Garlan. Modeling observability in adaptive systems to defend against advanced persistent threats. In Proceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for System Design, MEMOCODE 2019, La Jolla, CA, USA, October 9-11, 2019, pages 10:1\u201310:11, 2019.","key":"7_CR28","DOI":"10.1145\/3359986.3361208"},{"doi-asserted-by":"crossref","unstructured":"Marta Kwiatkowska, Gethin Norman, and David Parker. Probabilistic Model Checking: Advances and Applications, pages 73\u2013121. Springer International Publishing, Cham, 2018.","key":"7_CR29","DOI":"10.1007\/978-3-319-57685-5_3"},{"doi-asserted-by":"crossref","unstructured":"Hagay Levin, Michael Schapira, and Aviv Zohar. Interdomain routing and games. In Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada, May 17-20, 2008, pages 57\u201366, 2008.","key":"7_CR30","DOI":"10.1145\/1374376.1374388"},{"doi-asserted-by":"crossref","unstructured":"Hagay Levin, Michael Schapira, and Aviv Zohar. Interdomain routing and games. SIAM J. Comput., 40(6):1892\u20131912, 2011.","key":"7_CR31","DOI":"10.1137\/080734017"},{"unstructured":"Nianyu Li, Sridhar Adepu, Eunsuk Kang, and David Garlan. Explanations for human-on-the-loop: A probabilistic model checking approach. In Proceedings of the 15th International Symposium on Software Engineering for Adaptive and Self-managing Systems (SEAMS), 2020. To appear.","key":"7_CR32"},{"unstructured":"Wyatt Lloyd, Michael\u00a0J. Freedman, Michael Kaminsky, and David\u00a0G. Andersen. Stronger semantics for low-latency geo-replicated storage. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013, Lombard, IL, USA, April 2-5, 2013, pages 313\u2013328, 2013.","key":"7_CR33"},{"doi-asserted-by":"crossref","unstructured":"Davide Lorenzoli, Leonardo Mariani, and Mauro Pezz\u00e8. Towards self-protecting enterprise applications. In ISSRE 2007, The 18th IEEE International Symposium on Software Reliability, Trollh\u00e4ttan, Sweden, 5-9 November 2007, pages 39\u201348, 2007.","key":"7_CR34","DOI":"10.1109\/ISSRE.2007.21"},{"unstructured":"Richard\u00a0D. McKelvey, Andrew\u00a0M. McLennan, and Theodore\u00a0L. Turocy. Gambit: Software tools for game theory, version 16.0.1, 2018-02. http:\/\/www.gambit-project.org.","key":"7_CR35"},{"unstructured":"Martin\u00a0J. Osborne and Ariel Rubinstein. A course in game theory. MIT Press Books, 1, 1994.","key":"7_CR36"},{"doi-asserted-by":"crossref","unstructured":"Lloyd\u00a0S Shapley. A value for n-person games. In Contributions to the Theory of Games, vol. 2, 1953.","key":"7_CR37","DOI":"10.1515\/9781400881970-018"},{"doi-asserted-by":"crossref","unstructured":"Yoav Shoham and Kevin Leyton-Brown. Multiagent systems: Algorithmic, game-theoretic, and logical foundations. Cambridge University Press, 2008.","key":"7_CR38","DOI":"10.1017\/CBO9780511811654"},{"doi-asserted-by":"crossref","unstructured":"Roykrong Sukkerd, Reid Simmons, and David Garlan. Tradeoff-focused contrastive explanation for mdp planning, 2020.","key":"7_CR39","DOI":"10.1109\/RO-MAN47096.2020.9223614"},{"doi-asserted-by":"crossref","unstructured":"Milind Tambe. Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, 2012.","key":"7_CR40","DOI":"10.1109\/Allerton.2012.6483443"},{"doi-asserted-by":"crossref","unstructured":"Christos Tsigkanos, Liliana Pasquale, Carlo Ghezzi, and Bashar Nuseibeh. On the interplay between cyber and physical spaces for adaptive security. IEEE Trans. Dependable Secur. Comput., 15(3):466\u2013480, 2018.","key":"7_CR41","DOI":"10.1109\/TDSC.2016.2599880"},{"unstructured":"Marten van Dijk, Ari Juels, Alina Oprea, and Ronald\u00a0L. Rivest. Flipit: The game of \u201cstealthy takeover\u201d. J. Cryptology, 26(4):655\u2013713, 2013.","key":"7_CR42"},{"doi-asserted-by":"crossref","unstructured":"Danny Weyns, M.\u00a0Usman Iftikhar, and Joakim S\u00f6derlund. Do external feedback loops improve the design of self-adaptive systems? a controlled experiment. In Proceedings of the 8th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2013, San Francisco, CA, USA, May 20-21, 2013, pages 3\u201312, 2013.","key":"7_CR43","DOI":"10.1109\/SEAMS.2013.6595487"},{"unstructured":"Youngmin Jung and Mokdong Chung. Adaptive security management model in the cloud computing environment. In 2010 The 12th International Conference on Advanced Communication Technology (ICACT), volume\u00a02, pages 1664\u20131669, 2010.","key":"7_CR44"}],"container-title":["Lecture Notes in Computer Science","Fundamental Approaches to Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-71500-7_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,22]],"date-time":"2022-12-22T00:02:45Z","timestamp":1671667365000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-71500-7_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030714994","9783030715007"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-71500-7_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"20 March 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FASE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Fundamental Approaches to Software Engineering","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg City","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 March 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 April 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fase2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/etaps.org\/2021\/fase","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"31% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5,5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference changed to an online format due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}