Systems and methods for runtime adaptive security to protect variable assets

摘要

A method of adapting a security configuration of a data processing application at runtime, and a system, together with its computing architecture, are disclosed. The system stores a causal network comprising a plurality of nodes and a plurality of incoming and outgoing causal links associated therewith, wherein each node of the causal network is associated with a security concern or a requirement that can be affected by any configuration of the security controls. The current value of assets nodes, as well as those of the security concerns that can be affected by monitored contextual factors, are updated. The control nodes corresponding to the security controls is updated according to the security configuration whose utility is evaluated by the causal network. The node corresponding to the at least one variable is updated with the determined current value, which is propagated through the causal network through the causal links associated with the updated node. The security configuration with the highest utility is selected and replaces the actual configuration by activating and/or deactivating the security functions corresponding to security control nodes enabled/disabled in the selected security configuration.

主权项

1. A computer-implemented method of adapting a security configuration in a data processing application processed by a data processing device, wherein the adaptation is based on changes of assets associated with the security configuration and/or factors representative of the context of the data processing application, the computer-implemented method comprising the steps of:
storing a fuzzy causal network comprising a plurality of nodes and a plurality of incoming and outgoing causal links associated therewith, wherein at least application variables and security functions are assigned respective nodes, determining a current value of at least one application variable, determining a current security configuration as a set of security function nodes, updating the node corresponding to the at least one variable with the determined current value, propagating the updated value through the fuzzy causal network through at least one causal link associated with the updated node, processing the fuzzy causal network to determine a next security configuration consisting of an alternative set of security function nodes; and implementing the next security configuration by activating and/or deactivating corresponding security functions.