‘Workflow’ Technology Aims at System Defense
Cybersecurity traditionally has focused on protecting entire computer networks from cyberattack. But a better strategy is protecting the tasks carried out on those networks, according to USC Viterbi School of Engineering specialists who are developing a dynamic approach to protect crucial computer operations.
“It is impossible to be prepared for every possible security breach, so we need to learn to do work while a network is under attack,” said associate division director for research Yolanda Gil.
Gil, the principal investigator of the Interactive Knowledge Capture group at USC Viterbi’s Information Sciences Institute, specializes in analyzing “workflows,” or the complex ways information moves through diverse systems. She looks for ways to improve the flow and the final output.
Gil is directing a four-year project funded by the Air Force Office of Scientific Research that aims to use insights from this work to keep crucial military and other systems running while under cyberattack.
Key to the approach is “nimble task allocation,” which enables computer networks to respond immediately to possible intrusions without shutting or slowing down critical operations.
The approach would supplement network-wide defensive methods, allowing a system to perform its functions even if it has been compromised. Gil’s team calls its project Workflow Reasoning for Mission-Centered Network Models.
Existing network models, Gil explained, have two levels – physical and logical – which correspond to hardware and programming. The workflow idea adds a third level of understanding – tasks and goals – to create mission-centered network models (MCNMs).
MCNMs show maps of network activity indicating which resources are working on which goals, and they provide alternative allocations to accomplish the same goals. The basic idea is to shuffle components flexibly and quickly so that work can go around the infected areas of the network.
In addition to allowing the network to function amid ongoing cyberattack, the MCNM-based system performs forensic functions, permitting instant analysis of what went wrong, and how.
Gil’s group believes that MCNMs also will allow better planning and more efficient use of resources in routine operations.
The new project emerged from a long-term focus by Gil and her colleagues on a “meta” view of computer science operations focused on how software components interoperate and how they achieve their results.
The ultimate aim is to use computer techniques – particularly artificial intelligence reasoning – to make workflows faster, more efficient and more accurate.
More stories about: Cybersecurity