Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
This paper describes an approach for more comprehensively and systematically evaluating the effect of adverse cyber events (ACEs) on system performance of software-intensive systems as compared to conventional testing approaches. Traditional operationally-oriented testing, such as the use of cyber red teams, typically only explores a small portion of the system attack surface subject to ACEs, including malicious adversary action. Our approach involves making automated, minimally intrusive, and fully reversible modifications to a software system to be tested. The modifications introduce “operational test points” that allow a test manager to induce availability and integrity effects at runtime. During testing, observers can monitor system, user, and defender performance as the effects of ACEs unfold; such information provides in-sights into the resilience of the system to ACE effects. As a complement to traditional cyber-related testing, we estimate via a model that the approach allows for more comprehensive operational testing of a system over a full range of ACEs.
Recommended Citation
Llanso, Thomas and Mcneil, Martha, "Increasing Test Coverage via Mediated Activation of Adverse Cyber Events in Software-Intensive Systems" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 3.
https://aisel.aisnet.org/hicss-57/st/cybersecurity_and_sw_assurance/3
Increasing Test Coverage via Mediated Activation of Adverse Cyber Events in Software-Intensive Systems
Hilton Hawaiian Village, Honolulu, Hawaii
This paper describes an approach for more comprehensively and systematically evaluating the effect of adverse cyber events (ACEs) on system performance of software-intensive systems as compared to conventional testing approaches. Traditional operationally-oriented testing, such as the use of cyber red teams, typically only explores a small portion of the system attack surface subject to ACEs, including malicious adversary action. Our approach involves making automated, minimally intrusive, and fully reversible modifications to a software system to be tested. The modifications introduce “operational test points” that allow a test manager to induce availability and integrity effects at runtime. During testing, observers can monitor system, user, and defender performance as the effects of ACEs unfold; such information provides in-sights into the resilience of the system to ACE effects. As a complement to traditional cyber-related testing, we estimate via a model that the approach allows for more comprehensive operational testing of a system over a full range of ACEs.
https://aisel.aisnet.org/hicss-57/st/cybersecurity_and_sw_assurance/3