A Decentralized Approach to Architecture-Based Self-Protecting Software Systems

Architecture-based self-protection (ABSP) allows for the detection and mitigation of security threats informed by an architectural representation of the system maintained at runtime. This approach to self-protection has proven very effective through the ability at the architectural level to reason about the impact of a potential security threat, assess the overall security of a system and achieve defense in depth. However, existing methods to ABSP are centralized resulting in a single point of failure of the self-protecting subsystem. This paper describes a decentralized approach to ABSP based on DARE, an existing decentralized architecture-based framework for providing self-configuration and self-healing within distributed software systems. This paper examines how DARE was extended to provide self-protection capabilities and describes the detailed experimental validation of its approach. The experimental results illustrate DARE's decentralized capability of dynamically providing self-protection within a distributed software system.