Formalizing Threat Models for Virtualized Systems

We propose a framework, called FATHoM (FormAlizing THreat Models), to define threat models for virtualized systems. For each component of a virtualized system, we specify a set of security properties that defines its control responsibility, its vulnerability and protection states. Relations are used to represent how assumptions made about a component’s security state restrict the assumptions that can be made on the other components. FATHoM includes a set of rules to compute the derived security states from the assumptions and the components’ relations. A further set of relations and rules is used to define how to protect the derived vulnerable components. The resulting system is then analysed, among others, for consistency of the threat model. We have developed a tool that implements FATHoM, and have validated it with use-cases adapted from the literature

A Probabilistic Framework for Security Scenarios with Dependent Actions

This work addresses the growing need of performing meaningful probabilistic analysis of security. We propose a framework that integrates the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. This allows us to perform probabilistic evaluation of attack–defense scenarios involving dependent actions. To improve the efficiency of our computations, we make use of inference algorithms from Bayesian networks and encoding techniques from constraint reasoning. We discuss the algebraic theory underlying our framework and point out several generalizations which are possible thanks to the use of semiring theory

Exploring a Controls-Based Assessment of Infrastructure Vulnerability

Assessing the vulnerability of an enterprise's infrastructure is an important step in judging the security of its network and the trustworthiness and quality of the information that flows through it. Currently, low-level infrastructure vulnerability is often judged in an ad hoc manner, based on the criteria and experience of the assessors. While methodological approaches to assessing an organisation's vulnerability exist, they are often targeted at higher-level threats, and can fail to accurately represent risk. Our aim in this paper therefore, is to explore a novel, structured approach to assessing low-level infrastructure vulnerability. We do this by placing the emphasis on a controls-based evaluation over a vulnerability-based evaluation. This work aims to investigate a framework for the pragmatic approach that organisations currently use for assessing low-level vulnerability. Instead of attempting to find vulnerabilities in infrastructure, we instead assume the network is insecure, and measure its vulnerability based on the controls that have (and have not) been put in place. We consider different control schemes for addressing vulnerability, and show how one of them, namely the Council on Cyber Security's Top 20 Critical Security Controls, can be applied

Deterrence in Cyberspace: An Interdisciplinary Review of the Empirical Literature

The popularity of the deterrence perspective across multiple scientific disciplines has sparked a lively debate regarding its relevance in influencing both offenders and targets in cyberspace. Unfortunately, due to the invisible borders between academic disciplines, most of the published literature on deterrence in cyberspace is confined within unique scientific disciplines. This chapter therefore provides an interdisciplinary review of the issue of deterrence in cyberspace. It begins with a short overview of the deterrence perspective, presenting the ongoing debates concerning the relevance of deterrence pillars in influencing cybercriminals’ and cyberattackers’ operations in cyberspace. It then reviews the existing scientific evidence assessing various aspects of deterrence in the context of several disciplines: criminology, law, information systems, and political science. This chapter ends with a few policy implications and proposed directions for future interdisciplinary academic research

Co-created Design of a Serious Game Investigation into Developer-Centred Security

The cyber security context requires to better understand how developers write (in)secure code and to assist them in their software developments. We have developed a secure coding experiment and serious game intervention. In this paper, we report on the design of a serious game to investigate developer-centred security. We used a combination of approaches to shape discussions and support the serious game co-creation

Blue team communication and reporting for enhancing situational awareness from white team perspective in cyber security exercises

Cyber security exercises allow individuals and organisations to train and test their skills in complex cyber attack situations. In order to effectively organise and conduct such exercise, the exercise control team must have accurate situational awareness of the exercise teams. In this paper, the communication patterns collected during a large-scale cyber exercise, and their possible use in improving Situational awareness of exercise control team were analysed. Communication patterns were analysed using graph visualisation and time-series based methods. In addition, suitability of a new reporting tool was analysed. The reporting tool was developed for improving situational awareness and exercise control flow. The tool was used for real-time reporting and communication in various exercise related tasks. Based on the results, it can be stated that the communication patterns can be effectively used to infer performance of exercise teams and improve situational awareness of exercise control team in a complex large-scale cyber security exercise. In addition, the developed model and state-of-the-art reporting tool enable real-time analysis for achieving a better situational awareness for the exercise control of the cyber security exercise

Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design

This paper addresses quantifying security risks associated with data assets within design models of embedded systems. Attack and system behaviours are modelled as time-dependent stochastic processes. The presence of the time dimension allows accounting for dynamic aspects of potential attacks and a system: the probability of a success- ful attack changes as time progresses; and a system possesses different data assets as its execution unfolds. These models are used to quan- tify two important attributes of security: confidentiality and integrity. In particular, likelihood/consequence-based measures of confidentiality and integrity losses are proposed to characterise security risks to data assets. In our method, we consider attack and system behaviours as two sepa- rate models that are later elegantly combined for security analysis. This promotes knowledge reuse and avoids adding extra complexity in the system design process. We demonstrate the effectiveness of the proposed method and metrics on smart metering devices.

Examining human individual differences in cyber security and possible implications for human-machine interface design

With society now heavily invested in cyber-technology and most cyber-attacks due to human error, it has never been more vital to focus research on human-centric interventions. Whilst some studies have previously investigated the importance of end-user individual differences (gender, age, education, risk-taking preferences, decision-making style, personality and impulsivity) the current study extended the research to also include acceptance of the internet and the constructs used to explain behavior within the Theory of Planned Behavior (TPB) and Protection Motivation Theory (PMT). Seventy-one participants completed a battery of questionnaires on personality, risk-taking preferences, decision-making style, personality, impulsivity, acceptance of the internet, the combined PMT and TPB questionnaire, as well as an online cyber-security behaviors questionnaire. Gender, age and education did not relate to any cyber-security behaviors, however a number of individual differences were associated. These behaviors include financial risk-taking, avoidant decision-making plus ease of use, facilitating conditions, and trust in the internet. It was also found that safer cyber-security behaviors are seen in those who appraise threat as high, perceive themselves to have the required skills to protect themselves, see value in this protection and understand their place in the cyber-security chain. These findings emphasize the importance of understanding how individual differences relate to cyber-security behaviors in order to create more tailored human-centric interventions such as computer-based decision support systems and other human-machine interface solutions