Lin Liu,Eric Yu,John Mylopoulos

DOI: https://doi.org/10.1109/compsac.2006.159

2006-01-01

Abstract:Design for security is extremely complicated due to the unique nature of the issue. It requires a thorough understanding about the social setting of the security system. To obtain such understanding, sensible steps to take include identifying the players involved in the system, recognizing their personal preferences, agenda and power in relation to other players, identifying the assets being protected, the vulnerable points at which the systems may fail when attacked. Equally important is to taking rationale steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest the technologies and resource occupations. Only based on integrated analysis on both sides, rationale, informative and efficient tradeoffs on security can be made. Unfortunately, current system development practices treat design decisions on security in an adhoc way, often as an afterthought. This paper proposes to use social modeling concepts to analyze the business and organizational context of systems with regard to security. The main concepts used are actor, role, agent and goal, task, and resource dependencies between actors. The approach encompasses several analysis steps on the functional and non-functional requirements in relevance to security, thus integrating security into the system design process from the outset.

Yuhong Wen,Haihong Zhao,Lin Liu

DOI: https://doi.org/10.1109/RePa.2011.6046726

2011-01-01

Abstract:Security requirements analysis for business information systems in today's networked organization is difficult due to the complexity of the systems and the frequent change in the environment. Thus, it requires security knowledge to be explicitly represented, and well understood by system analysts and designer, which in turn being applied in feasible problem contexts. System requirements are often represented in modelling frameworks with different analytical focus, so security requirements knowledge shall reflect such difference and form an integrated treatment. This paper proposes to use modelling concepts from the i* and PF modeling language to capture recurring patterns of security problems. The main concepts used are actors, assets, and relations such as ownership and permissions. The major contribution of the approach is proposing the specific problem frames such as ownership, authorization, attack and protection, by decomposing a large problem into sub-problems (base frames), then evaluate the potential threats (attacking frames) applicable to each sub-problem by evaluate the compatibility of the two, security analysis is integrated into the system design process from the outset. The proposal can be generalized to the design of defensive measures as well as other NFR treatments. © 2011 IEEE.

Lin Liu,Eric Yu,John Mylopoulos

2002-01-01

Abstract:Security issues for software systems ultimately concern relationships among social actors -- stakeholders, users, potential attackers, etc. -- and software acting on their behalf. In assessing vulnerabilities and mitigation measures, actors make strategic decisions to achieve desired levels of security while trading off competing requirements such as costs, performance, usability and so on. This paper explores the explicit modeling of relationships among strategic actors in order to elicit, identify and analyze security requirements. In particular, actor dependency analysis helps in the identification of attackers and their potential threats, while actor goal analysis helps to elicit the dynamic decision making process of system players for security issues. Patterns of relationships at various levels of abstraction (e.g. intentional dependencies among abstract roles) can be studied separately. These patterns can be selectively applied and combined for analyzing specific system configurations. The approach is particularly suitable for new Internet applications where layers of software entities and human roles interact to create complex security challenges. Examples from Peer-to-Peer computing are used to illustrate the proposed framework.

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Golnaz Elahi,Eric Yu,Tong Li,Lin Liu

DOI: https://doi.org/10.1109/compsac.2011.48

2011-01-01

Abstract:Various governmental or academic institutes survey current security trends, and report vulnerabilities, security breaches, and their costs. However, it is unclear whether (and how) practitioners analyze these vulnerabilities and attacks to arrive at security requirements and decide on security solutions. What modeling methods are used for eliciting, analyzing, and documenting security requirements in real-world practice? This paper intends to answer such questions through a survey of security requirements engineering practices. 374 software professionals from 237 International and Chinese firms participated in the survey. The results show businesses often try to consider security from early stages of the development life cycle, however, ultimately, security is left to be built into the system at the implementation phase. We observed that practitioners favour qualitative risk assessment rather than quantitative approaches, and this helps them consider more varieties of factors when comparing alternative security design solutions.

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

Carlos Rubio-Medrano,Josephine Lamp,Vu Coughlin,Ziming Zhao,Anna Scaglione

2017-01-01

Abstract:Description of research activity: Our approach is described as follows: first, we provide support for the creation of dedicated repositories depicting security requirements, which are to be modeled leveraging ontological representations, in such a way that an unambiguous and comprehensive description of requirements, as well as common vulnerabilities and exposures (CVEs) (Mitre 2016), is synthesized cohesively. Using ontologies, the relationships between different security concepts can be better modeled, thus allowing for the exploration and discovery of similar and complimentary requirements obtained from different sources. We have identified already a starting collection of documents which we plan to enhance over time as a result of our interactions with both industry and academic partners, in such a way that our requirements repository is effectively constructed from source materials that are deemed as relevant by the EDS and cybersecurity communities.

Kaj Hänninen,Hans Hansson,Henrik Thane,Mehrdad Saadatmand

DOI: https://doi.org/10.48550/arXiv.1808.10308

2018-08-30

Software Engineering

Abstract:In the early 90s, researchers began to focus on security as an important property to address in combination with safety. Over the years, researchers have proposed approaches to harmonize activities within the safety and security disciplines. Despite the academic efforts to identify interdependencies and to propose combined approaches for safety and security, there is still a lack of integration between safety and security practices in the industrial context, as they have separate standards and independent processes often addressed and assessed by different organizational teams and authorities. Specifically, security concerns are generally not covered in any detail in safety standards potentially resulting in successfully safety-certified systems that still are open for security threats from e.g., malicious intents from internal and external personnel and hackers that may jeopardize safety. In recent years security has again received an increasing attention of being an important issue also in safety assurance, as the open interconnected nature of emerging systems makes them susceptible to security threats at a much higher degree than existing more confined products.This article presents initial ideas on how to extend safety work to include aspects of security during the context establishment and initial risk assessment procedures. The ambition of our proposal is to improve safety and increase efficiency and effectiveness of the safety work within the frames of the current safety standards, i.e., raised security awareness in compliance with the current safety standards. We believe that our proposal is useful to raise the security awareness in industrial contexts, although it is not a complete harmonization of safety and security disciplines, as it merely provides applicable guidance to increase security awareness in a safety context.

Qing Li,Zhixiong Fang,Mengjin Qu

DOI: https://doi.org/10.1016/j.ifacol.2023.10.348

2023-01-01

Abstract:With the development of industrial technology revolution, information technology revolution and management reform, artificial intelligence plays an increasingly important role in the field of enterprise management and control. Because of the learning ability of the new generation of artificial intelligence based on big data and machine learning, artificial intelligence is increasingly showing the characteristics of human intelligence in perception, decision-making, control, optimization, etc. The basic state of binary opposition between people and industrial systems in traditional manufacturing enterprises is increasingly replaced by the ternary integration of People, Cyber and Physical Systems. Enterprises are developing into Cyber Physical Social Enterprises (CPSE). Because machine learning methods are un-robust and unexplainable, it is necessary to identify and evaluate risks of Cyber System in advance when Cyber System is to play the role of decision-making and control in the enterprise. It is also important to systematically analyze and deal with the possible negative impact of Cyber System or AI. On the basis of CPSE architecture, this paper studies its security oriented analysis and design technology, puts forward the framework of CPSE security analysis and design, and maps this framework to the general analysis and design methodology to demonstrate its applicability.

Josephine Lamp,Carlos E. Rubio-Medrano,Ziming Zhao,Gail-Joon Ahn

DOI: https://doi.org/10.1109/MSCPES.2017.8064532

2017-01-01

Abstract:Recently, energy delivery systems (EDS) have undergone an intensive modernization process that includes the introduction of dedicated cyber-infrastructures for the purposes of monitoring, control, and optimization of resources. While extremely convenient, the introduction of software-based control over computer networks has also opened the door for the exploitation of non-trivial security vulnerabilities by malicious third-parties. As demonstrated by recent incidents, EDS systems worldwide are vulnerable to sophisticated attacks that include a well-thought out combination of strategies at various levels of abstraction. In such a context, a comprehensive solution supporting automated monitoring and assessment, that can assist security officials in effectively preventing and mitigating such attacks, is highly desired. With this in mind, this paper presents an ongoing effort that takes security requirements obtained from existing documents on guidelines and best practices on EDS, and implements a proof-of-concept framework based on adaptive and customizable software modules that collect and process security-relevant data for assuring the security of EDS.

Siv Hilde Houmb,Shareeful Islam,Eric Knauss,Jan Jürjens,Kurt Schneider

DOI: https://doi.org/10.1007/s00766-009-0093-9

2009-11-28

Requirements Engineering

Abstract:Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 Common Criteria (CC) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the CC. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the CC and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design, which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the CC, the heuristic requirements editor HeRA, and UMLsec. SecReq makes systematic use of the security engineering knowledge contained in the CC and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the CC, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experience within SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution.

computer science, information systems, software engineering

Zhendong Ma,Paul Smith,Florian Skopik

DOI: https://doi.org/10.48550/arXiv.1211.3908

2012-11-16

Abstract:Supervisory Control and Data Acquisition (SCADA) systems support and control the operation of many critical infrastructures that our society depend on, such as power grids. Since SCADA systems become a target for cyber attacks and the potential impact of a successful attack could lead to disastrous consequences in the physical world, ensuring the security of these systems is of vital importance. A fundamental prerequisite to securing a SCADA system is a clear understanding and a consistent view of its architecture. However, because of the complexity and scale of SCADA systems, this is challenging to acquire. In this paper, we propose a layered architectural view for SCADA systems, which aims at building a common ground among stakeholders and supporting the implementation of security analysis. In order to manage the complexity and scale, we define four interrelated architectural layers, and uses the concept of viewpoints to focus on a subset of the system. We indicate the applicability of our approach in the context of SCADA system security analysis.

Cryptography and Security

Carlos E. Rubio-Medrano,Ziming Zhao,Gail-Joon Ahn

DOI: https://doi.org/10.1109/tps-isa50397.2020.00048

2020-01-01

Abstract:The innovation and advances in power delivery and information technologies are bringing unmatched changes to energy delivery systems (EDS), automating the management and administration of mission-critical infrastructures, such as the power grid, the oil, and gas industries. While the benefits of these changes are unparalleled, cyberattacks at EDS are also at unprecedented levels, which may lead to consequences ranging from power outages to homeland security breaches. To securely connect and integrate large quantities of these components, the energy community has proposed roadmaps to update the way to plan and operate EDS. These roadmaps come with security requirements that specify the best practices along with regulations EDS and utility should comply with. However, there is a huge gap between these requirements and the actual enforcement. In this paper, we envision a framework that automates the security requirement enforcement so that natural language policies can be enforced without human intervention and with high confidence.

Tong Li,Xiaowei Wang,Yeming Ni

DOI: https://doi.org/10.1016/j.is.2020.101699

IF: 3.18

2022-02-01

Information Systems

Abstract:<p>Along with the rapid development of socio-technical systems, people are playing an increasingly important role in information system and have actually become an essential system component. However, unlike technology-based attacks that have been investigated for decades, social engineering attacks have not been efficiently addressed. In particular, due to the interdisciplinary nature of social engineering, there is a lack of consensus on its definition, hindering the further development of this research field. In this paper, we propose a comprehensive and fundamental ontology of social engineering based on a systematic review of existing social engineering taxonomies and ontologies in order to provide a theoretical foundation for social engineering analysis. The essential contributions of this paper include: (1) propose a comprehensive ontology of social engineering and precisely specify ontological definitions of its essential concepts based on Situation Calculus; (2) enumerate and summarize a set of social engineering techniques and present their fine-grained classification based on the proposed ontology; (3) incorporate psychology and sociology knowledge into social engineering analysis, encapsulating such knowledge in terms of a formalized ontology. We have evaluated our ontology based on a set of real social engineering attacks, the results of which show the usefulness of our proposal.</p>

computer science, information systems

Robert Laddaga,Paul Robertson,Howard Shrobe,Dan Cerys,Prakash Manghwani,Patrik Meijer

DOI: https://doi.org/10.48550/arXiv.1901.01867

2019-01-07

Cryptography and Security

Abstract:Today's cyber physical systems (CPS) are not well protected against cyber attacks. Protected CPS often have holes in their defense, due to the manual nature of today's cyber security design process. It is necessary to automate or semi-automate the design and implementation of CPS to meet stringent cyber security requirements (CSR), without sacrificing functional performance, timing and cost constraints. Step one is deriving, for each CPS, the CSR that flow from the particular functional design for that CPS. That is the task assumed by our system, Deriving Cyber-security Requirements Yielding Protected Physical Systems - DCRYPPS. DCRYPPS applies Artificial Intelligence (AI) technologies, including planning and model based diagnosis to an important area of cyber security.

Hao Wang,Nathan Lau,Ryan M Gerdes

DOI: https://doi.org/10.1177/0018720818769250

Abstract:Objective: The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Background: Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. Method: We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. Results: The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Conclusion: Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Application: Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

Jian Ding,Chunyi Lu,Bo Li

DOI: https://doi.org/10.1007/s11265-022-01741-y

2022-03-08

Journal of Signal Processing Systems

Abstract:Power systems are playing an unsubstitutable role in industrial production and inhabitant life. With the deepening of integration process over industrialization and informatization in the field of power systems, an increasing number of industrial control devices (e.g., PLC, SCADA) are exposing in the Internet, which are attracting more and more attention from attackers and malicious communities as the great values. It is crucial for organizations to monitor and evaluate the security situation of power systems. In this paper, we propose a data-driven based security situation awareness towards power systems, which can monitor and evaluate the security situations in power systems and send warnings to organizations when the system encounters suspicious threats. Specifically, the proposed framework continuously collects public data related to electric safety and scan for the power control devices exposed on the Internet to grasp the security landscape of power systems around the world. We then deploy an extensible honeypot system in the real environment to real-time perceive the internal security situation of power systems. Finally, we leverage a graph structure to fuse the cyber threats inside and outside the power system for capturing a comprehensive security awareness of power systems. Experimental results show that our framework can detect system threats in real time and protect it from penetration and intrusion effectively.

Yiyang Jia,Hanyan Wu,Dongxing Jiang

DOI: https://doi.org/10.1109/CyberC.2015.47

2015-01-01

Abstract:Security situation assessment is an effective way to analyze the situation of an information system, which helps administrator understand the current system risk status and make policy to response in time. However, the existing researches for security situation assessment mostly focus on network. The proposed methods for network are not so suitable for information systems. This paper proposes a hierarchical security situation analysis framework for information system, based on a classical NSSA [1] (network security situation analysis) model. The framework provides a standard flow for analyzing the security situation of information system. It consists a security situation analysis model of information system, an index system used in the model proposed, and a quantitative index fusion method to calculate a security situational value. We divided information system into 3 levels: sub-system level, composition level and index level. The collected information from the index level can be combined with grey model to determine the correlation degree between each major index and secondary index. Finally we calculate the whole system security situational value level by level. We use data from Tsinghua University information system to verify the proposed model and method. The result shows that this model can reflect the current security situation of information system comprehensively.

Sergej Japs,Harald Anacker

DOI: https://doi.org/10.1017/pds.2021.517

2021-07-27

Proceedings of the Design Society

Abstract:Abstract Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems and its components requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified and unresolved security threats & safety hazards in early engineering phases, resulting in high costs in product development and potentially compromises compliance with the safety of CPS. Model-based systems engineering (MBSE) improves the system understanding between stakeholders by using models. However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. In the context of this paper we present a method for the resolution of safety relevant security threats in the system architecture design phase using design patterns. We illustrate our approach with the example of the automotive sector. Finally, we present an evaluation of the method, based on an 8 week project with 67 master students.