Architectural scoring framework for the creation and evaluation of System-Aware Cyber Security solutions

As cyber security threats have evolved, system protection strategies have been forced to as well. The field of System-Aware Cyber Security has introduced a variety of protection strategies and this has prompted the need for a decision support tool set to provide guidance to the system designers. This paper outlines an architectural scoring framework that supports the design and selection of architectural candidates and provides a rigorous quantitative method for the evaluation to aid in the selection of a final architecture. Additionally, this paper outlines the recognized limitations of the proposed approach and provides a brief overview of how those areas for improvement are guiding future research.

[1]  Salvatore Greco,et al.  Ordinal regression revisited: Multiple criteria ranking using a set of additive value functions , 2008, Eur. J. Oper. Res..

[2]  Theodor J. Stewart,et al.  Multiple criteria decision analysis - an integrated approach , 2001 .

[3]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[4]  S. Greco,et al.  Robust multiple criteria ranking using a set of additive value functions , 2007 .

[5]  Whole Grain Label Statements Guidance for Industry and FDA Staff , 2006 .

[6]  Paolo Toth,et al.  Knapsack Problems: Algorithms and Computer Implementations , 1990 .

[7]  B. Horowitz,et al.  A system-aware cyber security method for shipboard control systems with a method described to evaluate cyber security solutions , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[8]  Barry M. Horowitz,et al.  A System‐Aware Cyber Security architecture , 2012, Syst. Eng..

[9]  B. S. Ahn,et al.  Aggregation of ordinal data using ordered weighted averaging operator weights , 2012, Annals of Operations Research.

[10]  F. B. Vernadat,et al.  Decisions with Multiple Objectives: Preferences and Value Tradeoffs , 1994 .

[11]  R. L. Keeney,et al.  Decisions with Multiple Objectives: Preferences and Value Trade-Offs , 1977, IEEE Transactions on Systems, Man, and Cybernetics.

[12]  Barry M. Horowitz,et al.  System-aware security for nuclear power systems , 2011, 2011 IEEE International Conference on Technologies for Homeland Security (HST).

[13]  John A. McDermid,et al.  Defence Standard 00-56 Issue 4: Towards Evidence-Based Safety Standards , 2009, SSS.

[14]  Bill Stackpole,et al.  Software Deployment, Updating, and Patching , 2019 .

[15]  Tim Kelly,et al.  The Goal Structuring Notation – A Safety Argument Notation , 2004 .

[16]  David Connolly Knapsack Problems: Algorithms and Computer Implementations , 1991 .

[17]  M. E. Kabay,et al.  Writing Secure Code , 2015 .