MAPE-SAC: A Framework to Dynamically Manage Security Assurance Cases

Assuring security compliance in self-adaptive systems is challenging, notably as both functional and security conditions may change at run time, where adaptation of functional behavior may violate security requirements or vice versa. In traditional systems, certification is performed at design time on the mechanisms that will be deployed to guarantee the effectiveness of organizationally chosen and instantiated security controls defined by standards bodies (e.g., NIST SP800-53). In contrast, adaptive systems benefit by run-time adaptations for which dynamic certification could be difficult. Confidence in an information system's compliance with security constraints can be expressed using security assurance cases (SACs). Specifically, NIST security controls follow a repeated structure that make them amenable to their specification in terms of SACs. The collection of SACs for the related security controls form a network that can be used to assess the level of the system's compliance through certification-based evidence. Once the system is deployed, environmental and functional uncertainties may require more complex adaptations that include the coordination of functional and security adaptations. This paper introduces the MAPE-SAC control loop and its interaction with the MAPE-K control loop to dynamically manage run-time adaptations in response to changes in functional and security conditions. We illustrate the use of both control loops and their interaction using an example of an autonomous rover responding to a potential security incident.