GSA: Game based Security Architecture

This project develops a modular (with some
of the models given below) security system. The system takes input from sensors which reports the anomalous
behavior in the system. These inputs are used to identify the possible attack and appropriate game models in
the knowledge management system. Based on the most fitting game model, a response strategy is devised to
mitigate the possible attack and address the security situation.
: Conception, design and development of the (already three) versions of the system.

Attack Identification System

.The attack identification system, has the attack taxonomy and the system
to get the attack information from the external repositories to identify the ongoing attack.
: Worked on the classification of attack components and formalizing the IRS.

Issue Resolution System

The attack identification system & the game model repository provide with
potential game models that are relevant in addressing the present security situation. The issue resolution
system compares the game models for fitness based on attack vectors at hand and picks the more appropriate
game model to devise the response.
: Involved in designing and developing the taxonomy and the game selection system.

Game Model Repository

The game model repository has the different game models mappable to different
security situations. The models contain the details of the prescribed optimal strategies.
: Involved in designing and developing the generic game model and the implementation of game model

Central Control Unit

This contains the system to evaluate the inputs received from the sensors to devise
the response. The decision to involve each of the other parts is done here. Once the response strategy is
figured, it is implemented in terms of network administration action.
: Involved in the design and development of the prototype.

Runtime monitors as Sensors of Security Systems

. Formal works to identify the monitorable prop-
erty from the given system and the requirement property were adopted to devise a procedure. Two such
instances, one due to the external attack and another due to the benign system fault were implemented
and anomalies were detected by the monitors created.
:Involved in design & analyses, implementation of the system.