Advanced Topics in Systems Safety and Security

This book presents valuable research results in the challenging field of systems (cyber)security. It is a reprint of the Information (MDPI, Basel) - Special Issue (SI) on Advanced Topics in Systems Safety and Security. The competitive review process of MDPI journals guarantees the quality of the presented concepts and results. The SI comprises high-quality papers focused on cutting-edge research topics in cybersecurity of computer networks and industrial control systems. The contributions presented in this book are mainly the extended versions of selected papers presented at the 7th and the 8th editions of the International Workshop on Systems Safety and Security—IWSSS. These two editions took place in Romania in 2019 and respectively in 2020. In addition to the selected papers from IWSSS, the special issue includes other valuable and relevant contributions. The papers included in this reprint discuss various subjects ranging from cyberattack or criminal activities detection, evaluation of the attacker skills, modeling of the cyber-attacks, and mobile application security evaluation. Given this diversity of topics and the scientific level of papers, we consider this book a valuable reference for researchers in the security and safety of systems

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

A GENERAL FRAMEWORK FOR CHARACTERIZING AND EVALUATING ATTACKER MODELS FOR CPS SECURITY ASSESSMENT

Characterizing the attacker’s perspective is essential to assessing the security posture and resilience of cyber-physical systems. The attacker’s perspective is most often achieved by cyber-security experts (e.g., red teams) who critically challenge and analyze the system from an adversarial stance. Unfortunately, the knowledge and experience of cyber-security experts can be inconsistent leading to situations where there are gaps in the security assessment of a given system. Structured security review processes (such as TAM, Mission Aware, STPA-SEC, and STPA-SafeSec) attempt to standardize the review processes to impart consistency across an organization or application domain. However, with most security review processes, the attackers’ perspectives are ad hoc and often lack structure. Attacker modeling is a potential solution but there is a lack of uniformity in published literature and a lack of structured methods to integrate the attacker perspective into established security review processes. This dissertation proposes a generalized framework for characterizing and evaluating attacker models for CPS security assessment. We developed this framework from a structured literature survey on attacker model characteristics which we used to create an ontology of attacker models from a context of security assessment. This generalized framework facilitates the characterization and functional representation of attacker models, leveraged in a novel scalable integration workflow. This workflow leverages an intermediate functional representation module to integrate attacker models into a security review process. In conclusion, we demonstrate the efficacy of our attacker modeling framework through a use case in which we integrate an attacker model into an established security review process

Exploring rationality of self awareness in social networking for logical modeling of unintentional insiders

Unawareness of privacy risks together with approval seeking motivations make humans enter too much detail into the likes of Facebook, Twitter, and Instagram. To test whether the rationality principle applies, we construct a tool that shows to a user what is known publicly on social networking sites about her. In our experiment, we check whether this revelation changes human behaviour. To extrapolate and generalize, we use the insights gained by practical experimentation. Unaware users can become targeted by attackers. They then become unintentional insid- ers. We demonstrate this by extending the Isabelle Insider framework to accommodate a formal model of unintentional insiders, an open problem with long standing

Exploring rationality of self awareness in social networking for logical modeling of unintentional insiders

Unawareness of privacy risks together with approval seeking motivations make humans enter too much detail into the likes of Facebook, Twitter, and Instagram. To test whether the rationality principle applies, we construct a tool that shows to a user what is known publicly on social networking sites about her. In our experiment, we check whether this revelation changes human behaviour. To extrapolate and generalize, we use the insights gained by practical experimentation. Unaware users can become targeted by attackers. They then become unintentional insid- ers. We demonstrate this by extending the Isabelle Insider framework to accommodate a formal model of unintentional insiders, an open problem with long standing

Addressing challenges to quantitative security modeling

Quantitative state-based models can help those responsible for designing, maintaining, or insuring cyber systems make informed decisions. However, there are a number of difficulties that discourage the use of quantitative cybersecurity models in practice. We identify four significant challenges to quantitative security modeling, (1) cybersecurity models are difficult to build by hand, particularly for system architects that are not experts in cybersecurity, (2) it is challenging to model the complex interplay between the cyber system and the many human entities that interact with it with current modeling formalisms, (3) the uncertainty that comes from the model’s input variables should be managed and explored with sensitivity analysis (SA) and uncertainty quantification (UQ), but many models run too slowly to complete traditional SA and UQ analyses, and (4) there is a lack of appropriate frameworks, guidance on metrics, and advice on common modeling issues with regards to quantitative cybersecurity models. In this dissertation, we address each of the four challenges. To address the first challenge, we present an ontology-assisted automatic cybersecurity model generation approach that modelers can use to make cybersecurity models quickly and easily. Using this approach, a system architect would first create a system diagram of the components of the system and their relationships to one another. Then, a model generation algorithm would convert the system diagram (with the aid of an ontology) into a sophisticated cybersecurity model that can be executed to obtain metrics. We implemented the tool in Mobius and demonstrated its use with an AMI test case. To address the second challenge, we designed a new agent-based modeling formalism called GAMES that allows the modeler to explicitly model the system and all of the human entities that interact with the system in a modular and intuitive fashion, and show its strengths with a worked example. To address the third challenge, we proposed an indirect stacking-based metamodeling approach. Using the metamodeling approach, we are able to accomplish sensitivity analysis and uncertainty quantification hundreds to thousands of times faster than traditional approaches and with better accuracy than current metamodel approaches. We demonstrate the approach’s efficacy with eight worked examples. Finally, to address the fourth challenge, we present a high-level framework to guide the modeling process, give guidance on what metrics to calculate and how to calculate them, and share advice on common issues with cybersecurity modeling. The theoretical and practical contributions presented in this dissertation will help make quantitative cybersecurity modeling easier to use and more useful, which will, in turn, help protect society’s most critical and valuable infrastructure from cyber threats

Cyber-security Risk Assessment

Cyber-security domain is inherently dynamic. Not only does system configuration changes frequently (with new releases and patches), but also new attacks and vulnerabilities are regularly discovered. The threat in cyber-security is human, and hence intelligent in nature. The attacker adapts to the situation, target environment, and countermeasures. Attack actions are also driven by attacker's exploratory nature, thought process, motivation, strategy, and preferences. Current security risk assessment is driven by cyber-security expert's theories about this attacker behavior. The goal of this dissertation is to automatically generate the cyber-security risk scenarios by: * Capturing diverse and dispersed cyber-security knowledge * Assuming that there are unknowns in the cyber-security domain, and new knowledge is available frequently * Emulating the attacker's exploratory nature, thought process, motivation, strategy, preferences and his/her interaction with the target environment * Using the cyber-security expert's theories about attacker behavior The proposed framework is designed by using the unique cyber-security domain requirements identified in this dissertation and by overcoming the limitations of current risk scenario generation frameworks. The proposed framework automates the risk scenario generation by using the knowledge as it becomes available (or changes). It supports observing, encoding, validating, and calibrating cyber-security expert's theories. It can also be used for assisting the red-teaming process. The proposed framework generates ranked attack trees and encodes the attacker behavior theories. These can be used for prioritizing vulnerability remediation. The proposed framework is currently being extended for developing an automated threat response framework that can be used to analyze and recommend countermeasures. This framework contains behavior driven countermeasures that uses the attacker behavior theories to lead the attacker away from the system to be protected