33 research outputs found
Model the System from Adversary Viewpoint: Threats Identification and Modeling
Security attacks are hard to understand, often expressed with unfriendly and
limited details, making it difficult for security experts and for security
analysts to create intelligible security specifications. For instance, to
explain Why (attack objective), What (i.e., system assets, goals, etc.), and
How (attack method), adversary achieved his attack goals. We introduce in this
paper a security attack meta-model for our SysML-Sec framework, developed to
improve the threat identification and modeling through the explicit
representation of security concerns with knowledge representation techniques.
Our proposed meta-model enables the specification of these concerns through
ontological concepts which define the semantics of the security artifacts and
introduced using SysML-Sec diagrams. This meta-model also enables representing
the relationships that tie several such concepts together. This representation
is then used for reasoning about the knowledge introduced by system designers
as well as security experts through the graphical environment of the SysML-Sec
framework.Comment: In Proceedings AIDP 2014, arXiv:1410.322
IngĆ©nierie des exigences pour la conception d'architectures de sĆ©curitĆ© de systĆØmes embarquĆ©s distribuĆ©s
During the last ten years, the impact of security concerns on the development and exploration of distributed embedded systems never ceased to grow. This is mainly related to the fact that these systems are increasingly interconnected and thus vulnerable to attacks, and that the economic interest in attacking them has simultane- ously increased. In such a context, requirement engineering methodologies and tools have become necessary to take appropriate decisions regarding security early on. Security requirements engineering should thus strongly support the elicitation and specifica- tion of software security issues and solutions well before designers and developers are committed to a particular implementation. However, and that is especially true in embedded systems, security requirements should not be considered only as the abstract expression of a set of properties independently from the system architecture or from the threats and attacks that may occur. We believe this consideration is of utmost importance for security requirements engineering to be the driving force behind the design and implementation of a secure system. We thus describe in this thesis a security engineering requirement methodology depending upon a constant dialog between the design of system functions, the requirements that are attached to them, the design and development of the system architecture, and the assessment of the threats to system assets. Our approach in particular relies on a knowledge-centric approach to security requirement engineering, applicable from the early phases of system conceptualization to the enforcement of security requirements.Au cours des dix dernieĢres anneĢes, lāimpact des questions de seĢcuriteĢ sur le deĢveloppement et la mise en oeuvre des systeĢmes embarqueĢs distribueĢs nāa jamais cesseĢ de croiĢtre. Ceci est principalement lieĢ aĢ lāinterconnexion toujours plus importante de ces systeĢmes qui les rend vulneĢrables aux attaques, ainsi quāaĢ lāinteĢreĢt eĢconomique dāattaquer ces systeĢmes qui sāest simultaneĢment accru. Dans un tel contexte, meĢthodologies et outils dāingeĢnierie des exigences de seĢcuriteĢ sont devenus indispensables pour prendre des deĢcisions approprieĢes quant a` la seĢcuriteĢ, et ce le plus toĢt possible. LāingeĢnierie des exigences devrait donc fournir une aide substantielle aĢ lāexplicitation et aĢ la speĢcification des probleĢmes et solutions de seĢcuriteĢ des logiciels bien avant que concepteurs et deĢveloppeurs ne soient engageĢs dans une implantation en particulier. Toutefois, et cāest particulieĢrement vrai dans les systeĢmes embarqueĢs, les exigences de seĢcuriteĢ ne doivent pas eĢtre consideĢreĢes seulement comme lāexpression abstraite dāun ensemble de proprieĢteĢs indeĢpendamment de lāarchitecture systeĢme ou des menaces et des attaques qui pourraient y survenir. Nous estimons que cette consideĢration est dāune importance capitale pour faire de lāingeĢnierie des exigences un guide et un moteur de la conception et de la mise en Åuvre dāun systeĢme seĢcuriseĢ. Notre approche sāappuie en particulier sur une approche centreĢe sur les connaissances de lāingeĢnierie des exigences de seĢcuriteĢ, applicable deĢs les premieĢres phases de conception du systeĢme jusquāaĢ la mise en application des exigences de seĢcuriteĢ dans lāimplantation
Burnout among surgeons before and during the SARS-CoV-2 pandemic: an international survey
Background: SARS-CoV-2 pandemic has had many significant impacts within the surgical realm, and surgeons have been obligated to reconsider almost every aspect of daily clinical practice. Methods: This is a cross-sectional study reported in compliance with the CHERRIES guidelines and conducted through an online platform from June 14th to July 15th, 2020. The primary outcome was the burden of burnout during the pandemic indicated by the validated Shirom-Melamed Burnout Measure. Results: Nine hundred fifty-four surgeons completed the survey. The median length of practice was 10 years; 78.2% included were male with a median age of 37 years old, 39.5% were consultants, 68.9% were general surgeons, and 55.7% were affiliated with an academic institution. Overall, there was a significant increase in the mean burnout score during the pandemic; longer years of practice and older age were significantly associated with less burnout. There were significant reductions in the median number of outpatient visits, operated cases, on-call hours, emergency visits, and research work, so, 48.2% of respondents felt that the training resources were insufficient. The majority (81.3%) of respondents reported that their hospitals were included in the management of COVID-19, 66.5% felt their roles had been minimized; 41% were asked to assist in non-surgical medical practices, and 37.6% of respondents were included in COVID-19 management. Conclusions: There was a significant burnout among trainees. Almost all aspects of clinical and research activities were affected with a significant reduction in the volume of research, outpatient clinic visits, surgical procedures, on-call hours, and emergency cases hindering the training. Trial registration: The study was registered on clicaltrials.gov "NCT04433286" on 16/06/2020
A requirement engineering driven approach to security architecture design for distributed embedded systems
Au cours des dix dernieĢres anneĢes, lāimpact des questions de seĢcuriteĢ sur le deĢveloppement et la mise en oeuvre des systeĢmes embarqueĢs distribueĢs nāa jamais cesseĢ de croiĢtre. Ceci est principalement lieĢ aĢ lāinterconnexion toujours plus importante de ces systeĢmes qui les rend vulneĢrables aux attaques, ainsi quāaĢ lāinteĢreĢt eĢconomique dāattaquer ces systeĢmes qui sāest simultaneĢment accru. Dans un tel contexte, meĢthodologies et outils dāingeĢnierie des exigences de seĢcuriteĢ sont devenus indispensables pour prendre des deĢcisions approprieĢes quant a` la seĢcuriteĢ, et ce le plus toĢt possible. LāingeĢnierie des exigences devrait donc fournir une aide substantielle aĢ lāexplicitation et aĢ la speĢcification des probleĢmes et solutions de seĢcuriteĢ des logiciels bien avant que concepteurs et deĢveloppeurs ne soient engageĢs dans une implantation en particulier. Toutefois, et cāest particulieĢrement vrai dans les systeĢmes embarqueĢs, les exigences de seĢcuriteĢ ne doivent pas eĢtre consideĢreĢes seulement comme lāexpression abstraite dāun ensemble de proprieĢteĢs indeĢpendamment de lāarchitecture systeĢme ou des menaces et des attaques qui pourraient y survenir. Nous estimons que cette consideĢration est dāune importance capitale pour faire de lāingeĢnierie des exigences un guide et un moteur de la conception et de la mise en Åuvre dāun systeĢme seĢcuriseĢ. Notre approche sāappuie en particulier sur une approche centreĢe sur les connaissances de lāingeĢnierie des exigences de seĢcuriteĢ, applicable deĢs les premieĢres phases de conception du systeĢme jusquāaĢ la mise en application des exigences de seĢcuriteĢ dans lāimplantation.During the last ten years, the impact of security concerns on the development and exploration of distributed embedded systems never ceased to grow. This is mainly related to the fact that these systems are increasingly interconnected and thus vulnerable to attacks, and that the economic interest in attacking them has simultane- ously increased. In such a context, requirement engineering methodologies and tools have become necessary to take appropriate decisions regarding security early on. Security requirements engineering should thus strongly support the elicitation and specifica- tion of software security issues and solutions well before designers and developers are committed to a particular implementation. However, and that is especially true in embedded systems, security requirements should not be considered only as the abstract expression of a set of properties independently from the system architecture or from the threats and attacks that may occur. We believe this consideration is of utmost importance for security requirements engineering to be the driving force behind the design and implementation of a secure system. We thus describe in this thesis a security engineering requirement methodology depending upon a constant dialog between the design of system functions, the requirements that are attached to them, the design and development of the system architecture, and the assessment of the threats to system assets. Our approach in particular relies on a knowledge-centric approach to security requirement engineering, applicable from the early phases of system conceptualization to the enforcement of security requirements