With software systems permeating our lives, we are entitled to expect that such systems are secure by design, and that such security endures throughout the use of these systems and their subsequent evolution. Although adaptive security systems have been proposed to continuously protect assets from harm, they can only mitigate threats arising from changes foreseen at design time. In this paper, we propose the notion of Sustainable Adaptive Security (SAS) which reflects such enduring protection by augmenting adaptive security systems with the capability of mitigating newly discovered threats. To achieve this objective, a SAS system should be designed by combining automation (e.g., to discover and mitigate security threats) and human intervention (e.g., to resolve uncertainties during threat discovery and mitigation). In this paper, we use a smart home example to showcase how we can engineer the activities of the MAPE (Monitor, Analysis, Planning, and Execution) loop of systems satisfying sustainable adaptive security. We suggest that using anomaly detection together with abductive reasoning can help discover new threats and guide the evolution of security requirements and controls. We also exemplify situations when humans can be involved in the execution of the activities of the MAPE loop and discuss the requirements to engineer human interventions.

翻译：随着软件系统渗透到生活的方方面面，我们有权期望此类系统在设计上确保安全，且这种安全性能够贯穿系统的整个使用及后续演进过程。尽管已有自适应安全系统被提出以持续保护资产免受危害，但它们仅能缓解在设计阶段预见的变更所引发的威胁。本文提出了"可持续自适应安全"（SAS）的概念，通过增强自适应安全系统的能力来缓解新发现的威胁，从而体现这种持久性保护。为实现这一目标，SAS系统应结合自动化（例如发现并缓解安全威胁）与人工干预（例如在威胁发现与缓解过程中解决不确定性）进行设计。本文以智能家居为例，展示如何设计满足可持续自适应安全的MAPE（监控、分析、规划与执行）循环活动。我们建议将异常检测与溯因推理相结合，有助于发现新威胁并引导安全需求及控制措施的演进。同时，本文列举了人类可参与MAPE循环活动执行的情景，并讨论了设计人工干预所需满足的需求。