Cyber Security Analysis and Assurance using Cloud-Based Security Measurement system
Cyber security attacks are one of the critical threats to NATO and partner countries’ critical cyber infrastructure. A major hurdle in the development of cyber security techniques is the lack of well established security metrics, models and tools which enable enterprises to determine the effectiveness of security mechanisms and allow them to evaluate the tradeoffs between levels of security, performance and security investment cost. The development of a science of security and security metrics has been advocated as a major goal by industry, government, standards organizations and academia. A methodological approach to a science of security would in a fashion similar to physical sciences require the development of measurement techniques, metrics and models by which hypothesis could be verified or invalidated by experimental studies. Measurements involve gathering empirical data about the outcome or absence of an event or attribute. Security metrics map the measured data onto a scale to represent the attribute under study. The scale may be qualitative (e.g., low, medium, high) or a quantitative.
Models provide a formal representation of the system under study and are often required when there is a non-trivial relationship between measurement data and the attribute to be studied. For example, measurement data may be gathered at the subsystem or component level and may need to be combined through a model to determine system wide metrics. In the physical sciences several desirable properties have been identified for metrics, such as, they should be directly measureable or computable from measurements in an accurate fashion, scalable, independently reproducible and consistent for the same experimental conditions.
This project plans to develop quantifiable security metrics, models, evaluation methods and supporting stools aimed at enterprise system analysis and decision making for security assessment and enhancement. We believe that a combined approach of measurements, analytic models and security metrics will be an effective way of quantifying and enhancing security. We will carry out the following activities to achieve the goals. We will further develop a new attack tree model type called attack countermeasure trees (ACT) which takes into account a variety of cyber attacks, detection and countermeasures. We will develop a cloud-based security measurement (CBSM) system which can monitor and measure security events and metrics of a system in a cost-effective way. A software tool which supports both ACT construction and CBSM will be developed. The results using the tool will help a decision maker to assess, improve and assure security of systems.
