Graphical Models for Security

Protection of enterprise systems from cyber attacks is a challenge. Vulnerabilities are regularly discovered in software systems that are exploited to launch cyber attacks. Security analysts need objective metrics to manage the security risk of an enterprise systems. In this talk, we give an overview of our research on security metrics and challenges for security risk analysis of enterprise systems. A standard model for security metrics will enable us to answer questions such as “are we more secure than yesterday” or “how does the security of one system compare with another?” We present a methodology for security risk analysis that is based on the model of attack graphs and the common vulnerability scoring system (CVSS).

[1]  Cécile Fiévez,et al.  ARAMIS project: a more explicit demonstration of risk control through the use of bow-tie diagrams and the evaluation of safety barrier performance. , 2006, Journal of hazardous materials.

[2]  Ludovic Piètre-Cambacédès,et al.  Cross-fertilization between safety and security engineering , 2013, Reliab. Eng. Syst. Saf..

[3]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[4]  Wolter Pieters,et al.  Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications , 2016, CRITIS.

[5]  Robert F. Cohen,et al.  An experimental study of the basis for graph drawing algorithms , 1997, JEAL.

[6]  Dong Seong Kim,et al.  Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[7]  C. H. Lie,et al.  Fault Tree Analysis, Methods, and Applications ߝ A Review , 1985, IEEE Transactions on Reliability.

[8]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[9]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[10]  Barbara Kordy,et al.  Foundations of Attack-Defense Trees , 2010, Formal Aspects in Security and Trust.

[11]  John Andrews,et al.  Reliability and Risk Assessment , 1994 .

[12]  Ian Sommerville,et al.  An empirical study of industrial requirements engineering process assessment and improvement , 2005, TSEM.

[13]  Daniela Cimpean,et al.  Analysis of Cyber Security Aspects in the Maritime Sector , 2011 .

[14]  Pierre Bieber,et al.  From Safety Models to Security Models: Preliminary Lessons Learnt , 2014, SAFECOMP Workshops.

[15]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[16]  Lizzie Coles-Kemp,et al.  Critical visualization: a case for rethinking how we visualize risk and security , 2015, J. Cybersecur..

[17]  Per Håkon Meland,et al.  Representing Threats in BPMN 2.0 , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[18]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[19]  Carl A. Gunter,et al.  Addressing Safety and Security Contradictions in Cyber-Physical Systems , 2009 .

[20]  Ludovic Piètre-Cambacédès,et al.  A survey of approaches combining safety and security for industrial control systems , 2015, Reliab. Eng. Syst. Saf..

[21]  Mariëlle Stoelinga,et al.  Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools , 2014, Comput. Sci. Rev..

[22]  Martin Bichler,et al.  Design science in information systems research , 2006, Wirtschaftsinf..

[23]  Göran Goldkuhl,et al.  Pragmatism vs interpretivism in qualitative information systems research , 2012, Eur. J. Inf. Syst..

[24]  John C. Mitchell,et al.  Security Modeling and Analysis , 2011, IEEE Security & Privacy.

[25]  Herbert A. Simon,et al.  The Sciences of the Artificial , 1970 .

[26]  Timothy Casey,et al.  Threat Agent Library Helps Identify Information Security Risks , 2007 .

[27]  Rune Winther,et al.  Security Assessments of Safety Critical Systems Using HAZOPs , 2001, SAFECOMP.

[28]  Joseph E. Aldy,et al.  The Value of a Statistical Life: A Critical Review of Market Estimates Throughout the World , 2003 .

[29]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[30]  Lane Harrison,et al.  Visualization evaluation for cyber security: trends and future directions , 2014, VizSEC.

[31]  Rajesh Kumar,et al.  Quantitative Security and Safety Analysis with Attack-Fault Trees , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[32]  Lui Sha,et al.  Cyber-Physical Systems: A New Frontier , 2008, 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008).

[33]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[34]  J. E. Cockshott Probability Bow-Ties: A Transparent Risk Management Tool , 2005 .

[35]  Chen-Ching Liu,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees , 2007, 2007 IEEE Power Engineering Society General Meeting.

[36]  R. Sadiq,et al.  Analyzing system safety and risks under uncertainty using a bow-tie diagram: An innovative approach , 2013 .

[37]  Flemming Nielson,et al.  Automated Generation of Attack Trees , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[38]  Nima Khakzad,et al.  Dynamic risk analysis using bow-tie approach , 2012, Reliab. Eng. Syst. Saf..

[39]  F R Chevreau,et al.  Organizing learning processes on risks by using the bow-tie representation. , 2006, Journal of hazardous materials.

[40]  Ayan Banerjee,et al.  Ensuring Safety, Security, and Sustainability of Mission-Critical Cyber–Physical Systems , 2012, Proceedings of the IEEE.

[41]  Inger Anne Tøndel,et al.  Idea: Reusability of Threat Models - Two Approaches with an Experimental Evaluation , 2010, ESSoS.

[42]  Inger Anne Tøndel,et al.  Combining Misuse Cases with Attack Trees and Security Activity Models , 2010, 2010 International Conference on Availability, Reliability and Security.

[43]  D. Vose Risk Analysis: A Quantitative Guide , 2000 .

[44]  Dan S. Nielsen The cause/consequence diagram method as a basis for quantitative accident analysis , 1971 .

[45]  Nahid Shahmehri,et al.  Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs , 2006, 2006 22nd IEEE International Conference on Software Maintenance.

[46]  H. Ni,et al.  Some extensions on risk matrix approach , 2010 .

[47]  Todd E. Humphreys,et al.  Hostile Control of Ships via False GPS Signals: Demonstration and Detection , 2017 .

[48]  Péter Kárpáti,et al.  A Combined Process for Elicitation and Analysis of Safety and Security Requirements , 2012, BMMDS/EMMSAD.

[49]  Vamsi Paruchuri,et al.  Threat modeling using attack trees , 2008 .

[50]  Ketil Stølen,et al.  Model-Driven Risk Analysis - The CORAS Approach , 2010 .