SECURE-RM: Security and Resource Management for Dynamic Real-Time Systems Brett Tjaden, Lonnie Welch, Shawn Ostermann, David Chelberg, Ravindra Balupari, Marina Bykova, Aaron Mitchell, Lu Tong School Of Electrical Engineering and Computer Science, Ohio University Athens, Ohio - 45701, USA Abstract The global Internet has made real-time computer systems world-wide vulnerable to an ever-changing array of attacks for which current defense mechanisms are insufficient. In order to combat intruders in this new environment new techniques must be developed that enable decision makers to detect unusual behavior in their systems, correlate anomalies into higher-level attacker goals, plan appropriate response actions and execute their plans. We are developing SECURE-RM, a security management system that combines an intrusion detection system (INBOUNDS) with adaptive resource management middleware (DeSiDeRaTa) for this purpose. INBOUNDS is a network-based, real-time, hierarchical software system for misuse and anomaly detection. Intrusion events, such as pre-attack probes and denial of service attacks, are detected and are reported to SECURE-RM, which employs artificial intelligence techniques for deriving impacts of attacks on operational functions and mission goals. A strong belief in an attack strategy triggers a resource reallocation by DeSiDeRaTa for response execution. 1. Overview of SECURE-RM Figure 1 depicts an overview of the SECURE-RM architecture, which will be used to describe our approach for providing security and resource management for dynamic real-time systems. INBOUNDS notifies SECURE-RM of individual intrusion events. This information is combined with knowledge of the software system attributes and the hardware system attributes [1], and information about the current allocation of (hardware) resources to the software systems [1] to ascertain the adversary’s strategic goals. The results of the analysis are presented to the decision maker in terms pertaining to system structure, QoS and mission goals. Resource & QoS Monitoring Secure-RM adversary’s strategic goals, action advice, metrics queries re-allocation actions QoS & resource metrics intrusion events Decision maker Resource Control INBOUNDS: intrusion detection svcs. DeSiDeRaTa Figure 1 – The Architecture of SECURE-RM