An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities

Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE

As more businesses and users adopt cloud computing services, security vulnerabilities will be increasingly found and exploited. There are many technological and political challenges where investigation of potentially criminal incidents in the cloud are concerned. Security experts, however, must still be able to acquire and analyze data in a methodical, rigorous and forensically sound manner. This work applies the STRIDE asset-based risk assessment method to cloud computing infrastructure for the purpose of identifying and assessing an organization's ability to respond to and investigate breaches in cloud computing environments. An extension to the STRIDE risk assessment model is proposed to help organizations quickly respond to incidents while ensuring acquisition and integrity of the largest amount of digital evidence possible. Further, the proposed model allows organizations to assess the needs and capacity of their incident responders before an incident occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp. 223-236, 201

Cyber Security Threat Modelling:Classical Approaches Survey – An Insight

Threat modeling provides a systematic way to identify cybersecurity threats. It is an essential part of the Cybersecurity Risk Management Process. It defines countermeasures to prevent or mitigate the effects of threats to the system. Every software system today faces a range of threats, and it is increasing constantly as technology rapidly changes. Increasing use of mobiles and IoT devices also increases the threat landscape. Threats can emanate from inside/outside of organizations, and their impact has the potential to be devastating. Systems could be stopped from working entirely or sensitive information could be leaked, which would impact consumer faith. To avoid threats from taking benefit of system flaws, threat modeling methods can be used to think defensively. Though there are numerous types of frameworks for security architectures available, not a single framework is complete and totally secure. In this paper we analyzed some of the commonly used thereat modelling approaches

The threat nets approach to information system security risk analysis

The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security concerns, it was established that the current approaches to information systems risk analysis do not provide logical recipes for quantifying threat impact and determining the cost-effectiveness of risk mitigation controls. Quantifying the likelihood of the threat and determining its potential impact is key in deciding whether to adopt a given information system or not. Therefore, this thesis proposes the Threat Nets Approach organized into 4 service recipes, namely: threat likelihood assessment service, threat impact evaluation service, return on investment assessment service and coordination management. The threat likelihood assessment service offers recipes for determining the likelihood of a threat. The threat impact evaluation service offers techniques of computing the impact of the threat on the organization. The return on investment assessment service offers recipes of determining the cost-effectiveness of threat mitigation controls. To support the application of the approach, a ThreNet tool was developed. The approach was evaluated by experts to ascertain its usability and usefulness. Evaluation of the Threat Nets Approach by the experts shows that it provides complete, usable and useful recipes for the assessment of; threat likelihood, threat impact and cost-effectiveness of threat mitigation controls. The results suggest that the application of Threat Nets approach is effective in quantifying risks to information system

The threat nets approach to information system security risk analysis

The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security concerns, it was established that the current approaches to information systems risk analysis do not provide logical recipes for quantifying threat impact and determining the cost-effectiveness of risk mitigation controls. Quantifying the likelihood of the threat and determining its potential impact is key in deciding whether to adopt a given information system or not. Therefore, this thesis proposes the Threat Nets Approach organized into 4 service recipes, namely: threat likelihood assessment service, threat impact evaluation service, return on investment assessment service and coordination management. The threat likelihood assessment service offers recipes for determining the likelihood of a threat. The threat impact evaluation service offers techniques of computing the impact of the threat on the organization. The return on investment assessment service offers recipes of determining the cost-effectiveness of threat mitigation controls. To support the application of the approach, a ThreNet tool was developed. The approach was evaluated by experts to ascertain its usability and usefulness. Evaluation of the Threat Nets Approach by the experts shows that it provides complete, usable and useful recipes for the assessment of; threat likelihood, threat impact and cost-effectiveness of threat mitigation controls. The results suggest that the application of Threat Nets approach is effective in quantifying risks to information system