Automatic generation of security argument graphs

Nils Ole Tippenhauer, William G. Temple, An Hoa Vu, Binbin Chen, David M. Nicol, Zbigniew Kalbarczyk, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Graph-based assessment formalisms have proven to be useful in the safety, dependability, and security communities to help stakeholders manage risk and maintain appropriate documentation throughout the system lifecycle. In this paper, we propose a set of methods to automatically construct security argument graphs, a graphical formalism that integrates various security-related information to argue about the security level of a system. Our approach is to generate the graph in a progressive manner by exploiting logical relationships among pieces of diverse input information. Using those emergent argument patterns as a starting point, we define a set of extension templates that can be applied iteratively to grow a security argument graph. Using a scenario from the electric power sector, we demonstrate the graph generation process and highlight its application for system security evaluation in our prototype software tool, Cyber SAGE.

Original languageEnglish (US)
Title of host publicationProceedings - 20th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2014
PublisherIEEE Computer Society
Pages33-42
Number of pages10
ISBN (Electronic)9781479964741
DOIs
StatePublished - Dec 3 2014
Event20th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2014 - Singapore, Singapore
Duration: Nov 19 2014Nov 21 2014

Publication series

NameProceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC
ISSN (Print)1541-0110

Other

Other20th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2014
CountrySingapore
CitySingapore
Period11/19/1411/21/14

Keywords

  • Security argument graph
  • argument patterns
  • automatic graph generation
  • extension templates
  • security assessment

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications
  • Hardware and Architecture
  • Software

Cite this