Jennifer L. Bayuk

An architectural systems engineering methodology for addressing cyber security

This paper discusses important shortcomings of current approaches to systems security engineering. The value and limitations of perimeter security designs are examined. An architectural approach to systems security engineering is introduced as a complementary means for strengthening current approaches. Accordingly, this paper outlines a methodology to identify classes of new reusable system security solutions and an architectural framework based on reuse of the patterns of solutions. It also introduces a new methodology for security metrics intended to stimulate critical solution design tradeoff analyses as part of security design reuse considerations. Examples of problems, potential architectural solutions, and corresponding security metrics are provided.

Measuring systems security

Security metrics have evolved side by side with the advent of security tools and techniques. They have been derived from the techniques rather than specified as system requirements. This paper surveys the evolution and state of the practice of security metrics from both a technical and historical perspective. It describes the evolution of currently popular security metrics, and classifies them to illustrate their utility in systems engineering verification and validation activities. It provides criteria with which to evaluate security metrics based on system purpose and architecture. The criteria are illustrated using a case study of Cloud System security. ©2012 Wiley Periodicals, Inc. Syst Eng 16:

Systems Security Engineering

Systems engineers solve large problems by breaking them down into well-defined pieces, while preserving the problem definition for use in validating the solution. A new systems-engineering security road map recommends that systems engineers and security engineers converge on empirical methods. The trend should be to escape from best-practices checklists and return to core systems-engineering methods, processes, and tools.

The utility of security standards

This paper describes a method for analyzing systems security using a soft systems engineering approach. It uses a systems engineering modeling tool to demonstrate systemic attributes of security that are common across systems. It describes how the approach is being used to model security standards.

Security as a theoretical attribute construct

This paper provides an overview of the field of security metrics and discusses results of a survey of security experts on the topic. It describes a new framework for developing security metrics that focuses on effectiveness measures while maintaining measures of correctness. It introduces a view of security as a theoretical concept which encapsulates multiple aspects of a system. Viewing security as a theoretical attribute construct promotes the recognition that multiple characteristics and features of a system are required to make it secure. The view also motivates a sharp focus on system aspects which exhibit a measurable security attribute. The framework is illustrated with a case study.

Cloud security metrics

Cloud security had not yet distinguished itself as a field separate from information assurance. Its security metrics are currently synonymous with what a security professional would refer to as a third-party or vendor security audit. Where cloud services are viewed in a systems-of-systems context, any comprehensive security validation approach should rely on the ability of a cloud service to meet customer security requirements; that is, to provide the basis by which customers may assess the efficacy of their own security controls which may be dependent on those in the cloud. This requires a systems-level approach to security validation that is extensible to systems-of-systems environments. This paper describes such an approach)

Measuring cyber security in intelligent urban infrastructure systems

An important consideration in secure system design is the ability to verify and validate the level of security of alternative systems architectures. In the case of smart infrastructure, verification and validation processes require suitable metrics that both represent the security of the cyber network as well as the physical processes it supports. Current literature in security metrics offers a plethora of choices which are considered accurate, valid, consistent, current, replicable, comparable and. In this paper, we describe categories of security metrics that can be customized for different intelligent urban infrastructure systems such as intelligent transportation systems (ITS), smartgrids and cognitive radios among others. It includes a smart grid case study.

Book review: A programmer's perspective

The Tangled Web is a book for a software developer who is already well versed in web applications. It is a collection of discussions on how various types of web software function, presented with comments on how obviously dangerous the situation. Unfortunately for those who are not web programmers, the implications of the examples are not always intuitively obvious. The book’s at once paternal and gossipy tone suggests an exclusive club of expert developers facing problems in the security field for which this book provides profound revelations and fills knowledge gaps. Nevertheless, a less skilled programmerwilling to supplement the bookwith their own web searches and code exercises should be able to learn as much as the experts for whom the connections are intuitive. However, those who view systems security from a higherthan-code level may find this book hard to digest. For example, on page 2, Zalewski compares the definition of a secure system to Victor Hugo’s definition of love, and those notmotivated to become secure programming expertsmay be tempted to give up there. Especially upon recognition that the definition used for “secure system,” that is, “one that does what it is supposed to do and nothing more” is attributed to a software vulnerability professional in “circa 2000.” More seasoned professionals will recognize this as a software correctness principle which has been profitably applied to software assurance since the early 1990s (Abrams and Zelkowitz, 1994; Schneider, 1999). Such cultural assumptions

Security Via Related Disciplines

Abstract The Systems Engineering Research Center (SERC) System Security Engineering Research Roadmap recommends that systems security research proceed in part by studying systems engineering methods, processes, and tools (MPTs) that are well established in disciplines that are related to security or have similar goals or objectives. Successful MPTs in these areas should be examined for possible application to systems security. If the MPTs in the toolset of nearby disciplines seem to be applicable to system security, this could provide a quick and easy method of expanding the toolset of metrics currently available to SSE. This study follows the recommendation with a critical examination of methods for diversity in reactor protection systems where the goal is safety. It adapts the reactor-specific method for achieving diversity for the purposes of safety into a method for systems security engineering that may be applied generally to any system.

Alternative Security Metrics

Todays security metrics support management practices rather than measure system capability to withstand attacks. This eliminates consideration of security features that are not currently used to manage systems as the basis for security metrics. Rather than judge security metrics by a utility standard with respect to current security management practices, they should instead be appreciated for proposing alternatives ways to identify security attributes that may or may not be of use in designing new security management practices. System capabilities such as adaptation to threat, proactive deterrence, and resilience to attack require system capabilities that may be measured using engineering methods for verification and validation of system function.