Comparing Security Risk-oriented Modelling Languages to Manage Social Engineering Risks

Manipuleerimisrünnete turvariskide juhtimine on muutumas igapäevase riskide identifitseerimise keskseks tehnikaks. Kahjuks võivad selle standardid turva-modelleerimiskeelte ja kasutajate hõlmamise toetamisel olla piiratud. See on probleem, kuna vähene mõistmine võib viia analüüsi väärtõlgenduseni. Tänapäeval toimuvad korrapäraselt ühed ja samad turvasündmused, kuid neid ei käsitleta kohaselt. See võib tuleneda sellest, et tavakasutajad ei märka nõrkusi või tõlgendavad käimasolevat riskijuhtimisprotsessi vääralt. Teadmata, mis on tavakasutajale selge ja mida tuleks parandada, ei ole ükski manipuleerimisrünnete analüüs asjakohane. Selles töös rakendatakse struktureeritud lähenemist ühe turvariskide juhtimise standardi identifitseerimisele, mida saab rakendada eri modelleerimiskeeltega. Sügavamaks analüüsiks on selles töös kasutatud eri modelleerimiskeeli, nagu äriprotsesside modelleerimiskeel (ingl BPMN), Secure Tropos ja Misuse Case. Võttes arvesse, et manipuleerimisrünnete uurimise põhiaspekt on inimeste psühhomanipulatsioon, pidas autor heaks töö illustreerimise alusmaterjaliks Kevin Mitnicki raamatut „The art of deception”. Üks juhtum on valitud lähemaks uurimiseks ja analüüsitud, kasutades infosüsteemi turvariskide haldamise (ingl ISSRM) domeenimudelit eelpool mainitud kolme turva-modelleerimiskeele rakendusega. Identifitseerimaks tavakasutajate konkreetseid kontseptsioone või loogikat ja võtmaks arvesse nende infotehnoloogiateadmiste vähesust, on see töö keskendatud modelleerimislähenemise nõrkadele külgedele manipuleerimisrünnete analüüsis. See viis tulemuseni, et kasutajad eelistavad üldisi BPMN-i konstruktsioone ja Secure Tropose kontseptsiooni. Samuti, tuginedes kogutud tulemustele, püüdsime tõmmata paralleeli kontseptsioonide mõistmise ja osalejate konstruktsioonide vahel. Protsentuaalselt olid konstruktsioonide mõistmise tulemused kontseptsioonide mõistmise tulemustest kõrgemad. Ärivara, IS-vara, oht, ründmeetod, riskihaldus, turvanõue ja kontroll on konstruktsioonide vormis kergesti identifitseeritavad. Kontseptsioonide skoor oli kõrgem järgnevais aspektides: ärivara, turvakriteerium, mõju, sündmus, nõrkus, oht, ohuagent, turvanõue.Social engineering security risk management is emerging as a central technique for dealing with identification of occurring risks on the daily basis. Unfortunately, its standards might have limitations in support with security modelling languages and comprehension of users. This is a problem because lack of understanding can cause misinterpretation of analysis. Nowadays, same security events occur periodically, but they are not treated properly. It might be because ordinary users do not see vulnerabilities or their misunderstanding of ongoing process of risk treatment. Without knowing what is clear to ordinary users and what should be improved any social engineering analysis is irrelevant. The paper applies structured approach in identification of one security risk management standard that can be applied with different modelling languages. For a more in-depth analysis in this paper considered several modelling languages as BPMN, Secure Tropos and Misuse case. Taking into account the main aspect of the study in social engineering is psychological manipulation of people, author considered as a good foundation of the illustration a book of Kevin Mitnick “The art of deception”. One case has been chosen for a further study and analysed using ISSRM domain model with application of aforementioned three security modelling languages. To identify certain concepts or logic of ordinary users and taking into account their lack of knowledge in information technology this paper has been concentrated on weaknesses of modelling approaches for social engineering analysis. This led to the result that overall BPMN constructs and Secure Tropos concepts are preferred by users. Also based on collected results, we tried to make a parallel between understanding of concepts and constructs for participants. Percentage wise understanding of constructs showed higher results than concepts. Business asset, IS asset, threat, attack method, risk treatment, security requirement and control are easily identified in the form of constructs. Concepts are have received higher score in following aspects: Business Asset, Security criterion, Impact, Event, Vulnerability, Threat, Threat agent, Security requirement

Security Concepts as Add-On for Process Models

International audienceDevelopment processes for software construction are common knowledge and widely used in most development organizations. Unfortunately, these processes often offer only little or no support in order to meet security requirements. In our work, we propose a methodology to enhance these process models with security concepts, backed by a security-oriented process model specification language. The methodology supports existing process models, which will be extended by established security approaches, as well as information security risk management standards, to fulfill the demand for secure software engineering. The methodology and the process modeling language we propose, have been successfully evaluated by the TERESA project for specifying development processes for trusted applications and integrating security concepts into existing process models

Risk in Trusted Decentralized Communications

Risk is associated with almost every activity that is undertaken on a daily life. Risk is associated with Trust, Security and Privacy. Risk is associated with transactions, businesses, information systems, environments, networks, partnerships, etc. Generally speaking, risk signifies the likelihood of financial losses, human casualties, business destruction and environmental damages. Risk indicator gives an early warning to the party involved and helps avoid deserters. Until now, risk has been discussed extensively in the areas of investment,finance, health, environment, daily life activitiesand engineering. However, there is no systematic study of risk in Decentralised communication,which involves e-business, computer networks and service oriented environment. In this paper, we define risk associated with trusted communication in e-business and e-transactions; provide risk indicator calculations and basic application areas

An Experience Report of Eliciting Security Requirements from Business Processes

Väikesed ja keskmise suurusega ettevõtted näevad vaeva, et leida strateegiaid saavutamaks kõrgetasemelist infoturvet. Tihti ei ole need ettevõtted teadlikud infotehnoloogiaga seonduvatest riskidest. Lisaks suurendab haavatavuse riski finants- ja IT osakondade vähesus, kellel ei ole oma teabeturbe ametnikku. Äriprotsesside juhtimise ning joondamine, mis omakorda avaldub turvalisuse vajaduste esiletoomises kasutades äriprotsessidepõhist lähenemist, pakub sellele sektoripõhisele teemale oma lahenduse, võimaldades juurutada turvalisuse riskidele orienteeritud mudeleid ka ärianalüütikute jaoks. Kontekstuaalsetel valdkondadel põhinevad mustrid illustreerivad ettevõttevarasid, haavatavust ja riskikohtlemist turvanõuete kujul. See saavutatakse kasutades äriprotsesside mudelit, Notation 2.0 modelleerimiskeelt ning spetsiaalselt projekteeritud lahendusi, mis lisanduvad IT turvalisuse valdkondkonnale. Selle tulemuseks on kohaldatav lahendus, mis kutsub esile turvanõuded. Selle uurimuse keskmes on mustrite rakendumine, mõõtmaks nende sooritust saksa SME-s. Ärivahendite ja ohutusalaste eesmärkide määramise järel identifitseeriti mitmed mustri esinemised, mis kulmineerusid mitmete ohutusnõuete määramisega. Rakendamise oskuste ja kasutatavusega seoses ettevõttega, tõi esile väga selge mustrite esinemise. Lisaks arendati eelnevaga seoses uus muster kasutades informatsioonisüsteemi turvariski juhtimise domeeni (Information System Security Risk Management Domain) mudelit. Lõpetuseks soovitab autor käesolevas uurimuses prioritiseerimise ja inspektsiooni meetodite kaasamist ohutuskvaliteedi nõuete tehnika metoodikast ning organisatsioonilise koosseisu teoreemi laiendust, mis omakorda võimaldab SREBP-i täiendavat automatiseerimist. Need muudatused toovad kaasa käsitluse, mille alusel suureneb väikese ja keskmise suurusega ettevõtete turvalisus. Märksõnad: väiksed ja keskmise suurusega ettevõtted, äriprotsesside juhtimine, ohutusnõuete esilekutsumine äriprotsesside baasil, ohutusriskialased mustrid, ohutusnõuded, mustri esinemised, informatsioonisüsteemi turvariski juhtimise domeeni mudel.Small and Medium Sized Enterprises struggle to find strategies to achieve a high level of information security or are unaware of the risks posed by information technology. A lack of finance and IT departments that miss an information security officer increase the risk of exploited vulnerabilities. The alignment of Business Process Management and Security engineering manifested in the Security Requirements Elicitation using Business Processes approach provides a solution of this sector wide issue by introducing Security Risk-oriented Patterns applicable also for Business analysts. Patterns that are based on contextual areas illustrate business assets, vulnerabilities and risk treatment in form of security requirements. This is achieved by using the Business Process Model and Notation 2.0 modeling language and specifically engineered extensions which add the IT security domain. Outcome of this bridging is an applicable solution to elicit security requirements. Core of this thesis is the pattern application to measure their performance in a German SME. After business assets and security objectives were set, several pattern occurrences have been identified that resulted in a number of security requirements. Implementation abilities and usefulness with regards to the company underlined strong pattern performance. Moreover, a new pattern has been developed by using the Information System Security Risk Management Domain Model. Finally, the inclusion of prioritization and inspection techniques from the Security Quality Requirements Engineering methodology is suggested and extensions from the theorem of organizational configurations that enable further automation of SREBP. These modifications result in an approach that increases the security of Small and Medium Sized Enterprises. Keywords: Small and Medium Sized Enterprises; Business Process Management; Security Requirements Elicitation using Business Processes; Security Risk-oriented Patterns; security requirements; pattern occurrences; Information System Security Risk Management Domain Mode

Extension and Application of Event-driven Process Chain for Information System Security Risk Management

Turvatehnika konstrueerimine on üks suuremaid murekohti süsteemi arenduses ja sellele tuleks tähelepanu pöörata kogu arendusprotsessi jooksul. Turvaliseks modelleerimiseks on mitmeid erinevaid keeli, mis aitavad hallata turvariske juba nõuete staadiumis. Käesolevas töös keskendutakse esmalt Event-driven Process Chain (EPC)-le, mida kasutatakse äriprotsesside modelleerimisel. Täpsemalt öeldes uuritakse, kuidas antud keel toetab infosüsteemi turberiskihaldust (ISSRM). Uurimuse eesmärk on välja selgitada EPC jaoks vajalikud turbenõuded. Nende tulemusena saame vastavustabeli EPC konstruktsioonide ja ISSRM domeeni mudeli kontseptide vahel. Järgnevalt laiendame EPC keelt ja selle konstruktsioone EPC ja ISSRM vastavustabeli seostega. Tekkinud laiendatud keelt kutsume “Security-Oriented EPC”. Laiendatud modelleerimiskeel sisaldab uut konstruktsioonide kogumikku, mis viitab ISSRM kontseptidele. Olles selgitanud turvanõuete olulisust varajases arendusstaadiumis, esitleme töötluse suunised, et viia ellu tõlked Security-Oriented EPC ja Mal-Activity Diagrams (MAD) vahel. Meie ettepanek põhineb EPC keele süstemaatiliste ja maandatud laiendustel ja selle vastastikusest sõltuvusest ISSRM domeeni mudelisse. Vastavuses olevad tulemused aitavad ärianalüütikutel mõista, kuidas modelleerida turvariske süsteemi nõuete ja disainimise staadiumites. Lisaks annavad töötluse tulemused võimaluse koostööks erinevate modelleerimiskeelte vahel, mida analüüsitakse kasutades sama kontseptuaalset raamistikku.Security engineering is one of the important concerns during the system development and it should be addressed throughout the whole system development process. Besides, there are several languages for security modeling that help dealing with security risk management at the requirements stage. In this thesis, first of all, we are focusing on Event-driven Process Chain (EPC), which is used during the business process modeling. More specifically, we investigate how this language supports information system security risk management (ISSRM). The purpose of this investigation is the problem of security requirements need of EPC. As a result, we obtain an alignment table between EPC constructs and ISSRM domain model concepts. Next, we extend the EPC language and its constructs with respect to the alignment table between EPC and ISSRM. As a consequence, we call the extended language as “Security-Oriented EPC”. The extended language contains new set of constructs which refer to ISSRM concepts. Lastly, after clarifying the importance of security requirements at the early system development, we present transformation guidelines to perform forward model translations from Security-Oriented EPC to Mal-Activity Diagrams (MAD). During the transformation, our proposal is based on the systematic and grounded extensions of EPC language and its interdependency to the domain model of ISSRM. Alignment results may help business analysts understand how to model security risks at the system requirement and design stages. Also, transformation results pave the way for interoperability between the modeling languages that are analysed using the same conceptual framework

Towards the Resolution of Safety and Security Conflicts

© 2021, IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. This is the accepted manuscript version of a conference paper which has been published in final form at https://doi.org/10.1109/ICCST49569.2021.9717390Safety engineering and cyber security have complementary aims, but typically realise these using different techniques, risk assessment methods and cultural approaches. As a result, the integration of safety and cyber security concerns is a complex process, with potential for conflict. We present a generalized taxonomy of common conflict areas between safety and cyber security, oriented around the development and deployment lifecycle, and supplement this with a discussion of concepts and methodologies for resolution based on the shared principle of defence-in-depth

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge

The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture

Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Italian hybrid fire prevention code

Fire safety of residential buildings and activities subjected to fire inspection is a difficult task, especially when the safety targets have to be adopted in built buildings or in activities that are going to be modified into more complex ones. Generally, these circumstances show more constraints and it could be difficult to achieve an acceptable level of fire residual risk by prescriptive based fireregulations. Therefore, the Italian National Fire Rescue and Service in charge for fire safety, in August 2015 issued a new Fire Prevention Code whose design methodology is more oriented to fire performance based design rather than prescriptive fire codes. The flexibility of this new fire design methodology offers a very complex tool to experts in order to design fire safety measures and strategies of buildings and activities subjected to fire inspection. The present paper aims tohighlig hts the contents and the fire safety strategy design methodology of the new Italian Fire Prevention Code