Oluwasefunmi 'Tale Arogundade,Zhi Jin,Xiaoguang Yang

DOI: https://doi.org/10.1504/ijics.2014.065168

2014-01-01

International Journal of Information and Computer Security

Abstract:Security requirements managers aim at eliciting, reusing and keeping their sets of requirements. They desire well defined, consistent and up to date requirements throughout the system lifecycle. This paper presents security ontology (SO) which can be used as a basis for eliciting risk-based security requirements. The ontology is based on the security relationship model described in the national institute of standards and technology special publication 800-12 but use-misuse case concepts and some extensions were used. We extended use case with some elements (action and object) to facilitate information system (IS) security policy instantiation after the system has been deployed. We incorporated risk and privilege concepts in order to represent risk knowledge in an unambiguous way and to enable ontology control security issues respectively. This ontology enriches the modelling and management of risk-based safeguard requirements within the requirements engineering discipline by organising the security knowledge to form heavy weight ontology which include concepts, concept taxonomies, relationships, properties, axioms and constraints. This ontology provides capabilities such as IS security management, traceability and reuse. OWL protégé 3.3.1 editor was used for the ontology coding. The results of its adoption in capturing safeguard requirements of healthcare IS were also discussed.

O. T. Arogundade,A. T. Akinwale,Z. Jin,X. G. Yang

DOI: https://doi.org/10.1080/19393555.2011.652290

2012-01-01

Abstract:ABSTRACT Misuse cases are currently used to identify safety and security threats and subsequently capture safety and security requirements. There is limited consensus to the precise meaning of the basic terminology used for use/misuse case concepts. This paper delves into the use of ontology for the formal representation of the use-misuse case domain knowledge for eliciting safety and security requirements. We classify misuse cases into different category to reflect different type of misusers. This will allow participants during the requirement engineering stage to have a common understanding of the problem domain. We enhanced the misuse case domain to include abusive misuse case and vulnerable use case in order to boost the elicitation of safety requirements. The proposed ontological approach will allow developer to share and reuse the knowledge represented in the ontology thereby avoiding ambiguity and inconsistency in capturing safety and security requirements. OWL protégé 3.3.1 editor was used for the ontology coding. An illustration of the use of the ontology is given with examples from the health care information system.

Ítalo Oliveira,Tiago Prince Sales,João Paulo A. Almeida,Riccardo Baratella,Mattia Fumagalli,Giancarlo Guizzardi

DOI: https://doi.org/10.1007/s10270-024-01149-1

2024-02-17

Software & Systems Modeling

Abstract:Enterprise Risk Management involves the process of identification, evaluation, treatment, and communication regarding risks throughout the enterprise. To support the tasks associated with this process, several frameworks and modeling languages have been proposed, such as the Risk and Security Overlay (RSO) of ArchiMate. An ontological investigation of this artifact would reveal its adequacy, capabilities, and limitations w.r.t. the domain of risk and security. Based on that, a language redesign can be proposed as a refinement. Such analysis and redesign have been executed for the risk elements of the RSO grounded in the Common Ontology of Value and Risk . The next step along this line of research is to address the following research problems: What would be the outcome of an ontological analysis of security-related elements of the RSO? That is, can we identify other semantic deficiencies in the RSO through an ontological analysis? Once such an analysis is provided, can we redesign the security elements of the RSO accordingly, in order to produce an improved artifact? Here, with the aid of the Reference Ontology for Security Engineering (ROSE) and the ontological theory of prevention behind it, we address the remaining gap by proceeding with an ontological analysis of the security-related constructs of the RSO. The outcome of this assessment is an ontology-based redesign of the ArchiMate language regarding security modeling. In a nutshell, we report the following contributions: (1) an ontological analysis of the RSO that identifies six limitations concerning security modeling; (2) because of the key role of the notion of prevention in security modeling, the introduction of the ontological theory of prevention in ArchiMate; (3) a well-founded redesign of security elements of ArchiMate; and (4) ontology-based security modeling patterns that are logical consequences of our proposal of redesign due to its underlying ontology of security. As a form of evaluation, we show that our proposal can describe risk treatment options, according to ISO 31000. Finally, besides presenting multiple examples, we proceed with a real-world illustrative application taken from the cybersecurity domain.

computer science, software engineering

Karolina Bataityte,Vassil Vassilev,Olivia Jo Gill

DOI: https://doi.org/10.1007/978-3-030-49161-1_31

2020-01-01

Abstract:Modelling of knowledge and actions in AI has advanced over the years but it is still a challenging topic due to the infamous frame problem, the inadequate formalization and the lack of automation. Some problems in cyber security such as logical vulnerability, risk assessment, policy validation etc. still require formal approach. In this paper we present the foundations of a new formal framework to address these challenges. Our approach is based on three-level formalisation: ontological, logical and analytical levels. Here we are presenting the first two levels which allow to model the security policies and provide a practical solution to the frame problem by efficient utilization of parameters as side effects. Key concepts are the situations, actions, events and rules. Our framework has potential use for analysis of a wide range of transactional systems within the financial, commercial and business domains and further work will include analytical level where we can perform vulnerability analysis of the model.

Gal Engelberg,Mattia Fumagalli,Adrian Kuboszek,Dan Klein,Pnina Soffer,Giancarlo Guizzardi

DOI: https://doi.org/10.48550/arXiv.2212.11763

2022-12-22

Information Theory

Abstract:The rapid development of cyber-physical systems creates an increasing demand for a general approach to risk, especially considering how physical and digital components affect the processes of the system itself. In risk analytics and management, risk propagation is a central technique, which allows the calculation of the cascading effect of risk within a system and supports risk mitigation activities. However, one open challenge is to devise a process-aware risk propagation solution that can be used to assess the impact of risk at different levels of abstraction, accounting for actors, processes, physical-digital objects, and their interrelations. To address this challenge, we propose a process-aware risk propagation approach that builds on two main components: i. an ontology, which supports functionalities typical of Semantic Web technologies (SWT), and semantics-based intelligent systems, representing a system with processes and objects having different levels of abstraction, and ii. a method to calculate the propagation of risk within the given system. We implemented our approach in a proof-of-concept tool, which was validated and demonstrated in the cybersecurity domain.

Jeb Webb,Atif Ahmad,Sean B. Maynard,Graeme Shanks

DOI: https://doi.org/10.1016/j.cose.2014.04.005

2014-07-01

Abstract:Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise.

computer science, information systems

O. T. Arogundade,A. T. Akinwale,Z. Jin,X. G. Yang

DOI: https://doi.org/10.4018/jisp.2011100102

2011-01-01

International Journal of Information Security and Privacy

Abstract:This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system development life cycle and finishes with a practical consistent combined model for engineering safety and security requirements.The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.

Alessandro Oltramari,Alexander Kott

DOI: https://doi.org/10.48550/arXiv.1806.08349

2018-06-22

Abstract:The prominence and use of the concept of cyber risk has been rising in recent years. This paper presents empirical investigations focused on two important and distinct groups within the broad community of cyber-defense professionals and researchers: (1) cyber practitioners and (2) developers of cyber ontologies. The key finding of this work is that the ways the concept of cyber risk is treated by practitioners of cybersecurity is largely inconsistent with definitions of cyber risk commonly offered in the literature. Contrary to commonly cited definitions of cyber risk, concepts such as the likelihood of an event and the extent of its impact are not used by cybersecurity practitioners. This is also the case for use of these concepts in the current generation of cybersecurity ontologies. Instead, terms and concepts reflective of the adversarial nature of cyber defense appear to take the most prominent roles. This research offers the first quantitative empirical evidence that rejection of traditional concepts of cyber risk by cybersecurity professionals is indeed observed in real-world practice.

Cryptography and Security

Athanasios Dimitriadis,Jose Luis Flores,Boonserm Kulvatunyou,Nenad Ivezic,Ioannis Mavridis

DOI: https://doi.org/10.3390/s20164617

2020-08-17

Abstract:Industry 4.0 adoption demands integrability, interoperability, composability, and security. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based standards, ontology, business process model life cycle management and the context of business processes. Security is addressed by conducting risk management as a first step. Nevertheless, security risks are very much influenced by the assets that the business processes are supported. To this end, this paper proposes an approach for automated risk estimation in smart sensor environments, called ARES, which integrates with the business process model life cycle management. To do so, ARES utilizes standards for platform, vulnerability, weakness, and attack pattern enumeration in conjunction with a well-known vulnerability scoring system. The applicability of ARES is demonstrated with an application example that concerns a typical case of a microSCADA controller and a prototype tool called Business Process Cataloging and Classification System. Moreover, a computer-aided procedure for mapping attack patterns-to-platforms is proposed, and evaluation results are discussed revealing few limitations.

Fahem Kebair,Frederic Serin

DOI: https://doi.org/10.48550/arXiv.0904.2953

2009-04-20

Abstract:Making a decision in a changeable and dynamic environment is an arduous task owing to the lack of information, their uncertainties and the unawareness of planners about the future evolution of incidents. The use of a decision support system is an efficient solution of this issue. Such a system can help emergency planners and responders to detect possible emergencies, as well as to suggest and evaluate possible courses of action to deal with the emergency. We are interested in our work to the modeling of a monitoring preventive and emergency management system, wherein we stress the generic aspect. In this paper we propose an agent-based architecture of this system and we describe a first step of our approach which is the modeling of information and their representation using a multiagent system.

Artificial Intelligence,Multiagent Systems

Vivek Nigam,Alexander Pretschner,Harald Ruess

DOI: https://doi.org/10.48550/arXiv.1810.04866

2018-10-11

Logic in Computer Science

Abstract:By exploiting the increasing surface attack of systems, cyber-attacks can cause catastrophic events, such as, remotely disable safety mechanisms. This means that in order to avoid hazards, safety and security need to be integrated, exchanging information, such as, key hazards/threats, risk evaluations, mechanisms used. This white paper describes some steps towards this integration by using models. We start by identifying some key technical challenges. Then we demonstrate how models, such as Goal Structured Notation (GSN) for safety and Attack Defense Trees (ADT) for security, can address these challenges. In particular, (1) we demonstrate how to extract in an automated fashion security relevant information from safety assessments by translating GSN-Models into ADTs; (2) We show how security results can impact the confidence of safety assessments; (3) We propose a collaborative development process where safety and security assessments are built by incrementally taking into account safety and security analysis; (4) We describe how to carry out trade-off analysis in an automated fashion, such as identifying when safety and security arguments contradict each other and how to solve such contradictions. We conclude pointing out that these are the first steps towards a wide range of techniques to support Safety and Security Engineering. As a white paper, we avoid being too technical, preferring to illustrate features by using examples and thus being more accessible.

Nacha Chondamrongkul,Jing Sun,Ian Warren

DOI: https://doi.org/10.1016/j.scico.2021.102631

IF: 1.039

2021-01-01

Science of Computer Programming

Abstract:Analysing security in the architecture design of modern software systems is a challenging task. Emerging technologies utilised in building software systems may pose security threats, so software engineers need to consider both the structure and behaviour of architectural styles that employ these supporting technologies. This paper presents an automated approach to security analysis that helps to identify security characteristics at the architectural level. Key techniques used by our approach include the use of metrics, vulnerability identification and attack scenarios. Our modelling is expressive in defining architectural styles and security characteristics. Our analysis approach gives insightful results that allow software engineers to trace through the design to find parts of the system that may be impacted by attacks. We have developed an analysis tool that allows user to seamlessly model the software architecture design and analyse security. The evaluation has been conducted to assess the accuracy and performance of our approach. The results show that our analysis approach performs reasonably well to analyse the security in the architectural design. (C) 2021 Elsevier B.V. All rights reserved.

Lian Yu,Shi-Zhong Wu,Tao Guo,Guo-Wei Dong,Cheng-Cheng Wan,Yin-Hang Jing

DOI: https://doi.org/10.1007/978-3-642-25243-3_27

2011-01-01

Abstract:Static analysis technologies and tools have been widely adopted in detecting software bugs and vulnerabilities. However, traditional approaches have their limitations on extensibility and reusability due to their methodologies, and are unsuitable to describe subtle vulnerabilities under complex and unaccountable contexts. This paper proposes an approach of static analysis based on ontology model enhanced by program slicing technology for detecting software vulnerabilities. We use Ontology Web Language (OWL) to model the source code and Semantic Web Rule Language (SWRL) to describe the bug and vulnerability patterns. Program slicing criteria can be automatically extracted from the SWRL rules and adopted to slice the source code. A prototype of security vulnerability detection (SVD) tool is developed to show the validity of the proposed approach.

Kostiantyn Tkachenko,Andrii Baidak

DOI: https://doi.org/10.31866/2617-796x.4.1.2021.236948

2021-07-02

Abstract:The purpose of the article is to study, analyze and consider general problems and prospects of using ontologies when modelling decision-making processes in intelligent systems when analyzing the risks of the innovation and investment sphere. The research methodology lies in methods of the basic concepts semantic analysis of a given subject area (innovation and investment projects and management processes for the implementation of these projects). The article discusses the existing approaches to modelling decision-making processes in the analysis of risks in the innovation and investment sphere. The novelty of the research is the intellectualization problems solving of processes in the innovation and investment sphere on the basis of formal ontological models. Conclusions. The practical value of the presented results lies in the development and use of knowledge management system components for identifying and predicting problem situations in innovation and investment projects. The proposed integrated ontology can be used in the management of innovation and investment projects in various subject areas since it contains classes of concepts that have the status of a project activity standard. The developed ontological model makes it possible to develop software architecture for an intelligent decision support system, develop metadata and build a set of interrelated thesauri to support the semantics of end-user requests.

Mario Gleirscher

DOI: https://doi.org/10.48550/arXiv.1904.10386

2019-04-23

Software Engineering

Abstract:Inspired by widely-used techniques of causal modelling in risk, failure, and accident analysis, this work discusses a compositional framework for risk modelling. Risk models capture fragments of the space of risky events likely to occur when operating a machine in a given environment. Moreover, one can build such models into machines such as autonomous robots, to equip them with the ability of risk-aware perception, monitoring, decision making, and control. With the notion of a risk factor as the modelling primitive, the framework provides several means to construct and shape risk models. Relational and algebraic properties are investigated and proofs support the validity and consistency of these properties over the corresponding models. Several examples throughout the discussion illustrate the applicability of the concepts. Overall, this work focuses on the qualitative treatment of risk with the outlook of transferring these results to probabilistic refinements of the discussed framework.

Sergej Japs,Harald Anacker

DOI: https://doi.org/10.1017/pds.2021.517

2021-07-27

Proceedings of the Design Society

Abstract:Abstract Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems and its components requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified and unresolved security threats & safety hazards in early engineering phases, resulting in high costs in product development and potentially compromises compliance with the safety of CPS. Model-based systems engineering (MBSE) improves the system understanding between stakeholders by using models. However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. In the context of this paper we present a method for the resolution of safety relevant security threats in the system architecture design phase using design patterns. We illustrate our approach with the example of the automotive sector. Finally, we present an evaluation of the method, based on an 8 week project with 67 master students.

Jhon Arista Alarcon

DOI: https://doi.org/10.47909/dtr.05

2023-05-16

Abstract:A risk management model makes it possible to explore the organizational factors and risk management practices that affect or delay the achievement of the objectives that are considered strategic. The purpose of managing risks is to develop a detailed analysis of the organization, its operations, assets, processes and their existing interrelationships in order to establish a complete list of risks, which implies identifying, analyzing and providing alternative treatment to risks. actual and potential. Therefore, a risk management model obtains too much importance when focusing on the needs of the organization in a specific way, since it is not only about copying norms or policies of one organization to mitigate the risks of another, but each of these has different scenarios or contexts.

Shuning Hou,Xiuzhen Chen,Jin Ma,Zhihong Zhou,Haiyang Yu

DOI: https://doi.org/10.3389/fenrg.2022.928919

IF: 3.4

2022-06-16

Frontiers in Energy Research

Abstract:With the development of automobile intelligence, the security of the Internet of Vehicles has become a key factor that affects the development of intelligent vehicles. However, existing security risk analysis methods for the IoV either focus only on certain levels, such as the component level, or perform only a static analysis. This paper proposes a dynamic attack graph generation method for the IoV to identify and visually display the security risks caused by the associated vulnerabilities in an IoV system. First, using the actual architecture of the IoV, this paper shows how to model the security elements and their relationships in the IoV system and proposes a network security ontology model for this system. Second, it shows how to construct a reasoning rule base according to the causal relationship between the vulnerabilities using the Semantic Web Rule Language Finally, in view of the rapid change in the network topology of the IoV, a dynamic attack graph generation algorithm based on an ontology reasoning engine is proposed, which can effectively reduce the overhead caused by the changes in the attack graph. The effectiveness of the algorithm is demonstrated through an actual security event scenario and a constructed scenario. The experimental results show that the algorithm can dynamically and accurately display the network attack graph of the IoV. The proposed method is helpful in globally analyzing the threat caused by the combined exploitation of the vulnerabilities in an IoV system and risk management.

energy & fuels

Arogundade Oluwasefunmi,Akinwale Adio,Jin Zhi,Yang Xiaoguang

2011-01-01

International Journal of Software Engineering and Its Applications

Abstract:Abuse case has great support in identifying security threats and security requirements caused by outside attackers, but it has not been used to capture non-malicious deliberate acts for safety concerns that involves inside abusers. It is important to represent inside abusers in a model and distinguish them from inside intruders and outside attackers, since their behaviors are different. The intent of this paper is to propose a new extension of abuse case to identify deliberate acts of safety threats caused by inside abusers. A new notation vulnerable use case was introduced to express the actions that leads to threats from inside abusers, countermeasures were introduced by safety use cases, and new relationships were defined to clarify the interactions among use cases, vulnerable use cases, safety use cases and abuse cases. This enhanced model provided a way of capturing as much potential risks caused by inside abusers, and embed safety requirements in the early stage of the system development life cycle.

Joachim Draeger,Stefan Hahndel

DOI: https://doi.org/10.48550/arXiv.1709.00567

2017-09-02

Systems and Control

Abstract:The manifold interactions between safety and security aspects makes it plausible to handle safety and security risks in an unified way. The paper develops a corresponding approach based on the discrete event systems (DEVS) paradigm. The simulation-based calculation of an individual system evolution path provides the contribution of this special path of dynamics to the overall risk of running the system. Accidentally and intentionally caused failures are distinguished by the way, in which the risk contributions of the various evolution paths are aggregated to the overall risk. The consistency of the proposed risk assessment method with 'traditional' notions of risk shows its plausibility. Its non-computability, on the other hand, makes the proposed risk assessment better suitable to the IT security domain than other concepts of risk developed for both safety and security. Power grids are discussed as an application example and demonstrates some of the advantages of the proposed method.