Title: Structuring Knowledge for a Security Trade-offs Knowledge Base
1Structuring Knowledge for a Security Trade-offs
Knowledge Base
- Golnaz Elahi
- Department of Computer Science
- Eric Yu
- Faculty of Information Study
- University of Toronto
Identity, Privacy and Security Initiative
Research Symposium May 2nd 2008
2Strategic Dependencies among Actors
3Modelling Strategic Actor Relationships and
Rationales -the i modelling framework
- Strategic Actors
- have goals, beliefs, abilities, commitments
- are semi-autonomous
- freedom of action, constrained by relationships
with others - not fully knowable or controllable
- has knowledge to guide action, but only partially
explicit - depend on each other
- for goals to be achieved, tasks to be performed,
resources to be furnished
4Strategic Rationales about alternative
configurations of relationships with other actors
Why? How? How else?
5i Evaluation Procedure
- Semi-automatable propagation of qualitative
evaluation labels uses evaluation guidelines and
human judgment.
Goal Achievable
Goal Not Achievable
6Security Trade-offs Modeling and Analysis using i
7Structuring Knowledge for a Security Trade-offs
Knowledge Base
8Problems
9Security Knowledge Sources
- Textbooks
- Guidelines
- Standards
- Checklists
- Documentation from past projects
- Security Design Patterns
- Structured Catalogues Knowledge Bases
10Structuring Knowledge
11Motivations and Questions
- What would be a good way to organize and
structure knowledge to assist designers in making
security trade-offs? - We suggest a Goal-Oriented approach for
structuring security trade-offs knowledge.
12Analyzing the Structure of the Knowledge in the
NIST 800-36 Guidelines
Quality Goals
Actor
Attacker
Goals
Attack
Vulnerability
Security Mechanism
Impacts
13The KB Schema
- Actors and their goals
-
- Mechanisms and contributions of mechanisms on
goals and other mechanisms - Attackers and attacks
- Impact of attacks on goals and impact of security
mechanisms on attacks
14Example of Structured Knowledge
15Reusable Unit of Knowledge
- What are the consequences of applying a
particular security mechanism on malicious and
non-malicious goals and mechanisms? - Which actor or systems component should employ a
particular security mechanism?
16Reusable Unit of Knowledge
- What attacks threaten a particular mechanism,
asset, or goal?
- Who may threaten the system?
- What is the impact of a particular attack on
other goals and mechanisms? - What vulnerabilities exist in a particular asset
or mechanism?
17Reusable Unit of Knowledge
- What security mechanisms prevent or detect a
particular attack or recover the system after the
occurrence of the attack?
18Reusable Unit of Knowledge Example
19Conclusion
- Trade-offs between competing goals and the
alternative solutions are expressed by relating
consequences of applying each alternative to the
goals. - The knowledge models enable goal model evaluation
techniques to evaluate the goals satisfaction. - During the process modeling, missing points and
relationships are discovered.
20Limitations and Ongoing work
- The visual goal-oriented knowledge models are not
well scalable - This makes the browsing, understating, and
analyzing knowledge expressed in the visual goal
models difficult. - Therefore, to solve the scalability problem
- 1. It is needed to store the goal-oriented
knowledge structure in goal-oriented text
formats. - 2. It is required to have query languages to
extract a fragment of the large chunk of
knowledge. - 3. The unit of knowledge to extract from the KB
needs to be defined.
21Eric Yu www.fis.utoronto.ca/yu Golnaz Elahi
http//www.cs.toronto.edu/gelahi/
- References
- Mead 05 Mead, N. R., McGraw, G., A portal for
software security, IEEE Security Privacy, 2(4),
75-79 (2005) - Barnum 05 Barnum, S., McGraw, G., Knowledge for
software security, IEEE Security Privacy 3(2),
74-78 (2005) - NIST 800-36 Grance, T., Stevens, M., Myers, M.,
Guide to Selecting Information Technology
Security Products, Recommendations of the
National Institute of Standards and Technology,
NIST Special Publication 800-36 (2003) - ER07 G. Elahi, E. Yu, A goal oriented approach
for modeling and analyzing security trade-offs,
In Proceeding of 26th International Conference of
Conceptual Modeling, 2007, 375-390. - RE03 L. Liu, E. Yu, J. Mylopoulos, Security and
Privacy Requirements Analysis within a Social
Setting. In IEEE Joint Int. Conf. on Requirements
Engineering, 2003, 151-161.