%0 Journal Article
%T Comparison of Adaptive Information Security Approaches
%A Antti Evesti
%A Eila Ovaska
%J ISRN Artificial Intelligence
%D 2013
%R 10.1155/2013/482949
%X Dynamically changing environments and threat landscapes require adaptive information security. Adaptive information security makes it possible to change and modify security mechanisms at runtime. Hence, all security decisions are not enforced at design-time. This paper builds a framework to compare security adaptation approaches. The framework contains three viewpoints, that is, adaptation, security, and lifecycle. Furthermore, the paper describes five security adaptation approaches and compares them by means of the framework. The comparison reveals that the existing security adaptation approaches widely cover the information gathering. However, the compared approaches do not describe how to decide a method to perform a security adaptation. Similarly, means how to provide input knowledge for the security adaptation is not covered. Hence, these research areas have to be covered in the future. The achieved results are applicable for software developers when selecting a security adaptation approach and for researchers when considering future research items. 1. Introduction Heterogeneous and dynamic environments create a need that software products and systems are able to manage their behaviour and functionality. The software system faces several situations during its lifecycle, and all of them cannot be dealt with at design-time. Moreover, various systems are so complex that setup, running, and updating are unmanageable tasks even for the professional users [1, 2]. In [3] Dobson et al. say that emphasis is moving from systems developed based on a priori sets requirements towards platforms that adapt themselves based on changing demands. Some years ago, the vision of autonomic computing was presented [1]. In the vision, the self-management is defined to be the essence of autonomic computing. In this paper, however, autonomic computing, self-managing, and self-adaptive terms are interchangeable. The similar decision is also made in previous surveys presented by Huebscher and McCann [2] and Salehie and Tahvildari [4]. The similar challenges, as mentioned above, can be also seen from the information security point of view, shortly called security. Evolving environments create new threats and static security mechanisms are not applicable in all situations. This development sets the requirement of self-adaptive software and adaptation of security mechanisms. The purpose of security adaptation is to ensure an appropriate security level in different situations. The self-adaptive software is a closed-loop system with a feedback loop aiming to adjust itself to
%U http://www.hindawi.com/journals/isrn.artificial.intelligence/2013/482949/