Security assurances for intelligent complex systems

Intelligent complex systems are drawing considerable attention of researchers in various scientific areas. These architectures require adequate assurances of security, reliability, and fault-tolerance. The implementation of security functions such as identification, authentication, access control, and data protection can be viewed in terms of a security assurance model. This model relies on the security architecture of a system, which in turn is based on a trusted infrastructure. This assurance model defines the level and features of the protection it offers, and determines the need and relevance of the deployment of specific security mechanisms. In this article, we first examine how the verification of the security measures, and notably their presence, correctness, effectiveness, the impact of changes in the existing intelligent complex systems with respect to vulnerabilities, systems engineering choices, reconfigurations, patch installations, network management, etc. We then explore how we can evaluate the overall security assurance of a given system. We emphasis that it is desirable to separate the trust providing assurance model and the security architecture, into two separated distributed entities (instrumentations, protocols, architectures, management). We believe that this segregation will allow us to automate and boost the trusted infrastructure and security infrastructure, while the authorizations, exceptions, and security management as a whole, are achieved through their interaction. Finally, we discuss the security metrics for these complex intelligent systems. New mechanisms and tools are needed for assessing and proving the security and dependability of a complex system as the scale of these systems and the kind of threats and assumptions on their operational environment pose new challenges. We conclude with a description of our proposed security management model.

[1]  Biswajit Nandy,et al.  Experimental evaluation of network security through a hierarchical quantitative metrics model , 2006, Communication, Network, and Information Security.

[2]  J. Hallberg,et al.  Measuring IT security - a method based on common criteria's security functional requirements , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[3]  Moni Naor,et al.  Rank aggregation methods for the Web , 2001, WWW '01.

[4]  R. Cunningham,et al.  Validating and Restoring Defense in Depth Using Attack Graphs , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[5]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[6]  Carsten Trinitis,et al.  Quantifying the Security of Composed Systems , 2005, PPAM.

[7]  Marianne Swanson,et al.  Security Self-Assessment Guide for Information Technology Systems , 2001 .

[8]  Vicenç Torra Aggregation operators and models , 2005, Fuzzy Sets Syst..

[9]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[10]  Marianne Swanson,et al.  Security metrics guide for information technology systems , 2003 .

[11]  Joon S. Park,et al.  Tools for information security assurance arguments , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[12]  Rayford B. Vaughn,et al.  Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.