Location

Hilton Hawaiian Village, Honolulu, Hawaii

Event Website

https://hicss.hawaii.edu/

Start Date

3-1-2024 12:00 AM

End Date

6-1-2024 12:00 AM

Description

This paper describes an approach for more comprehensively and systematically evaluating the effect of adverse cyber events (ACEs) on system performance of software-intensive systems as compared to conventional testing approaches. Traditional operationally-oriented testing, such as the use of cyber red teams, typically only explores a small portion of the system attack surface subject to ACEs, including malicious adversary action. Our approach involves making automated, minimally intrusive, and fully reversible modifications to a software system to be tested. The modifications introduce “operational test points” that allow a test manager to induce availability and integrity effects at runtime. During testing, observers can monitor system, user, and defender performance as the effects of ACEs unfold; such information provides in-sights into the resilience of the system to ACE effects. As a complement to traditional cyber-related testing, we estimate via a model that the approach allows for more comprehensive operational testing of a system over a full range of ACEs.

Share

COinS
 
Jan 3rd, 12:00 AM Jan 6th, 12:00 AM

Increasing Test Coverage via Mediated Activation of Adverse Cyber Events in Software-Intensive Systems

Hilton Hawaiian Village, Honolulu, Hawaii

This paper describes an approach for more comprehensively and systematically evaluating the effect of adverse cyber events (ACEs) on system performance of software-intensive systems as compared to conventional testing approaches. Traditional operationally-oriented testing, such as the use of cyber red teams, typically only explores a small portion of the system attack surface subject to ACEs, including malicious adversary action. Our approach involves making automated, minimally intrusive, and fully reversible modifications to a software system to be tested. The modifications introduce “operational test points” that allow a test manager to induce availability and integrity effects at runtime. During testing, observers can monitor system, user, and defender performance as the effects of ACEs unfold; such information provides in-sights into the resilience of the system to ACE effects. As a complement to traditional cyber-related testing, we estimate via a model that the approach allows for more comprehensive operational testing of a system over a full range of ACEs.

https://aisel.aisnet.org/hicss-57/st/cybersecurity_and_sw_assurance/3