Security patterns considered harmful?

While a useful source of repeatable security knowledge, ambiguity about what security patterns are and how they might be applied call into question their reliability as a design tool. To provoke discussion about their usefulness, this paper claims that security patterns should be considered harmful because: (i) they abdicate design responsibility, (ii) their implications are unclear, and (iii) abstractions are still an enemy. We also consider Strong Concepts as a more useful alternative for security design

Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems

Risk-driven approaches are dominant in secure systems design; these aim to elicit and treat vulnerabilities and the threats exploiting them. Such approaches, however, are so focused on driving risks out of system design, they fail to recognise the usefulness of failure as a vehicle for security innovation. To explore the role of failure as a design tool, we present the security premortem: a participative design technique where participants assume that a system has been exploited, and plausible reasons are given for explaining why. We describe this approach and illustrate how software tools can be used to support it

Human-centered specification exemplars for critical infrastructure environments.

Specification models of critical infrastructure focus on parts of a larger environment. However, to consider the security of critical infrastructure systems, we need approaches for modelling the sum of these parts; these include people and activities, as well as technology. This paper presents human-centered specification exemplars that capture the nuances associated with interactions between people, technology, and critical infrastructure environments. We describe requirements each exemplar needs to satisfy, and present preliminary results in developing and evaluating them

DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexity to the risk assessment process when attempting to ascertain what privacy risks this might impose on an organisation. In addition, privacy regulations, such as the General Data Protection Regulation (GDPR), mandate assessment of privacy risks, including making Data Protection Impact Assessments (DPIAs) compulsory. We present the DPIA Data Wheel, a holistic privacy risk assessment framework based on Contextual Integrity (CI), that practitioners can use to inform decision making around the privacy risks of CPS. This framework facilitates comprehensive contextual inquiry into privacy risk, that accounts for both the elicitation of privacy risks, and the identification of appropriate mitigation strategies. Further, by using this DPIA framework we also provide organisations with a means of assessing privacy from both the perspective of the organisation and the individual, thereby facilitating GDPR compliance. We empirically evaluate this framework in three different real-world settings. In doing so, we demonstrate how CI can be incorporated into the privacy risk decision-making process in a usable, practical manner that will aid decision makers in making informed privacy decisions

Ethical Hazards and Safeguards in Penetration Testing

Penetration testing entails attacking a system to identify and report insecurity, but doing so without harming the system nor encroaching on the dignity of those affected by it. To improve the interaction between penetration testers and their processes and technology, we need to understand the factors that affect decisions they make with ethical import. This paper presents four ethical hazards faced by penetration testers, and three safeguards that address them. We also present preliminary results validating the hazards and safeguards

Assessing System of Systems Security Risk and Requirements with OASoSIS

When independent systems come together as a System of Systems (SoS) to achieve a new purpose, dealing with requirements conflicts across systems becomes a challenge. Moreover, assessing and modelling security risk for independent systems and the SoS as a whole is challenged by a gap in related research and approaches within the SoSs domain. In this paper, we present an approach for bridging SoS and Requirements Engineering by identifying aligning SoSs concepts to assess and model security risk and requirements. We introduce our OASoSIS approach modifying OCTAVE Allegro for SoSs using CAIRIS (Computer Aided Integration of Requirements and Information Security) with a medical evacuation (MEDEVAC) SoS exemplar for Security Requirements Engineering tool-support. Index Terms—System of Systems, Security, Risk, Human Factors, Requirements Engineering, CAIRIS

The application of useless Japanese inventions for requirements elicitation in information security

Rules of requirements elicitation in security are broken through the use of Chindōgu, by designing impractical security countermeasures in the first instance, then using these to create usable security requirements. We present a process to conceive the requirements in Chindōgu form. We evaluate the usefulness of this process by applying it in three workshops with data gathered from a European rail company, and comparing requirements elicited by this process with a set of control requirements

From cyber-security deception to manipulation and gratification through gamification

Over the last two decades the field of cyber-security has experienced numerous changes associated with the evolution of other fields, such as networking, mobile communications, and recently the Internet of Things (IoT) [3]. Changes in mindsets have also been witnessed, a couple of years ago the cyber-security industry only blamed users for their mistakes often depicted as the number one reason behind security breaches. Nowadays, companies are empowering users, modifying their perception of being the weak link, into being the center-piece of the network design [4]. Users are by definition "in control" and therefore a cyber-security asset. Researchers have focused on the gamification of cyber- security elements, helping users to learn and understand the concepts of attacks and threats, allowing them to become the first line of defense to report anoma- lies [5]. However, over the past years numerous infrastructures have suffered from malicious intent, data breaches, and crypto-ransomeware, clearly showing the technical "know-how" of hackers and their ability to bypass any security in place, demonstrating that no infrastructure, software or device can be consid- ered secure. Researchers concentrated on the gamification, learning and teaching theory of cyber-security to end-users in numerous fields through various techniques and scenarios to raise cyber-situational awareness [2][1]. However, they overlooked the users’ ability to gather information on these attacks. In this paper, we argue that there is an endemic issue in the the understanding of hacking practices leading to vulnerable devices, software and architectures. We therefore propose a transparent gamification platform for hackers. The platform is designed with hacker user-interaction and deception in mind enabling researchers to gather data on the techniques and practices of hackers. To this end, we developed a fully extendable gamification architecture allowing researchers to deploy virtualised hosts on the internet. Each virtualised hosts contains a specific vulnerability (i.e. web application, software, etc). Each vulnerability is connected to a game engine, an interaction engine and a scoring engine

Evaluating the implications of attack and security patterns with premortems.

Security patterns are a useful way of describing, packaging and applying security knowledge which might otherwise be unavailable. However, because patterns represent partial knowledge of a problem and solution space, there is little certainty that addressing the consequences of one problem won't introduce or exacerbate another. Rather than using patterns exclusively to explore possible solutions to security problems, we can use them to better understand the security problem space. To this end, we present a framework for evaluating the implications of security and attack patterns using premortems: scenarios describing a failed system that invites reasons for its failure. We illustrate our approach using an example from the EU FP 7 webinos project