Stakeholder security analysis - a new approach to security design with example application

Stakeholder security analysis (SSA) is a rigorous approach to analysing and designing systems from the point of view of cybersecurity which is defined and applied in this dissertation. SSA starts by identifying the objectives of the stakeholders, and then seeks to find rules which can be enforced to ensure that these objectives are met. It is shown by several detailed examples in this dissertation, and proved theoretically, by means of Hilbert's thesis, that first order logic is able to express any mathematical model and correctly explains the concept of logical proof; and that stakeholder security analysis can be used systematically to design secure systems. The relationship between the different cybersecurity rules is illustrated by means of inference graphs, which show how the rules which are enforced ensure that the objectives are met. Chapter 1 provides an introduction, background, and presents outcomes of research significance. Chapter 2 reviews the relevant literature on the philosophy of security design that is applied to the application areas of web security, network security, and emergency networks. Chapter 3 defines stakeholder security analysis, including its theoretical justification, by means of Hilbert's thesis, and explains the use of inference graphs, which were developed as part of this research. Service protection rules are defined, in this chapter, as rules which, without appearing to define or ensure security, are nevertheless essential because they ensure that a service fulfils its objectives. Examples of these are provided in subsequent chapters, where it becomes clear that unless this type of rule is included, the system being designed is logically incomplete. In Chapter 4, stakeholder security analysis is applied to web services, and, in particular, to the Netml system for network analysis, design and simulation. It is used to design and prove the security of certain aspects of the system. In Chapter 5, the design of network filters and firewalls is considered, together with the security implications of virtual private networks. The use of simulation for security analysis of networks is explored practically, and the capability and limitations of simulation as a tool for security analysis of networks are investigated, using stakeholder security analysis as a rigorous framework that underpins all the proposed methods. It is shown that simulation can be rigorously used to prove the consistency of policies, and the sense in which simulation is able to prove the validity of cybersecurity is identified. In Chapter 6, the stakeholder security analysis is applied to emergency networks. The purpose of emergency networks is to save lives. The possibility of misuse and attacks upon an emergency network is also considered. A key consideration in the management of power for the devices which form the network. Five experiments concerned with the management of battery life to save lives in emergency situations are presented. Conclusions are presented in Chapter 7

Experiments and proofs in web-service security

Many web services have a subsystem for allowing users to register, authenticate, reset their password, and change personal details. It is important that such subsystems cannot be abused by attackers to gain access to the accounts of other users. We study a system which was initially prone to such attacks. Specific attacks are demonstrated and the system is then modified to prevent such attacks in future. The design achieved in this way is then analysed to show that it can't be broken in future unless users allow their email to he intercepted. This is achieved by formulating the requirement as a statement of the user's expectations of the system and then analysing the source code of the system to prove that it meets these requirements. The process of attack, correction, and formulation of security rules, and proof that rules hold, is proposed as a methodical security design philosophy

Protecting services from security mis-configuration

It is understood that ICT security can be defined and enforced through rules. In this paper, the concept of rules which define and ensure users’ access to services is introduced. Examples of how service is hindered by otherwise sensible security rules are presented. Service protection policies are then described which can help to prevent these compromises to service and assist us to measure this impact where it occurs. These examples include demonstration in some cases of how the combined collection of rules (security and service protection) can be enforced and maintained. The concept of service protection policies is introduced. We use ns3 and Click in simulations to check the consistency of aggregate security policy by checking that service protection rules are valid. We show that these can improve the performance of the network experienced by users and increase network security

Emergency Network Design – Saving Lives by Saving Power

In disasters and emergencies severity of trauma and loss of life can be reduced by more effective communication between emergency workers, volunteers, and survivors. Typically, almost all of these parties will hold mobile phones (in addition to special purpose wireless communication devices, in the case of emergency workers), which are likely to be used intensively to seek and to provide aid to those in need. However, the utility of mobile phones may be limited by battery life. The usefulness of these mobile phones can therefore be enhanced by extending battery life. One way to extend battery life is to introduce a duty cycle, i.e. a pattern of use where the phone is alternately sleeping and active. It is shown below that under some broad assumptions about the type of emergency, it is best to introduce such a duty cycle straight away, and to start with quite short sleep cycles, which increase exponentially, but with a relatively slow rate of growth of the sleep cycle duration. Simulation experiments are conducted below which demonstrate the effectiveness of this strategy