Robert K. Abercrombie

Quantifying security threats and their potential impacts: a case study

In earlier works we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper we illustrate this infrastructure by means of an e-commerce application.

A Methodology to Evaluate Agent Oriented Software Engineering Techniques

Systems using software agents (or multi-agent systems, MAS) are becoming more popular within the development mainstream because, as the name suggests, an agent aims to handle tasks autonomously with intelligence. To benefit from autonomous control and reduced running costs, system functions are performed automatically. Agent-oriented considerations are being steadily accepted into the various software design paradigms. Agents may work alone, but most commonly, they cooperate toward achieving some application goal(s). MASs are components in systems that are viewed as many individuals living in a society working together. From a SE perspective, solving a problem should encompass problem realization, requirements analysis, architecture design and implementation. These steps should be implemented within a life-cycle process including testing, verification, and reengineering to proving the built system is sound. In this paper, we explore the various applications of agent-based systems categorized into different application domains. A baseline is developed herein to help us focus on the core of agent concepts throughout the comparative study and to investigate both the object-oriented and agent-oriented techniques that are available for constructing agent-based systems. In each respect, we address the conceptual background associated with these methodologies and how available tools can be applied within specific domains

Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. This paper proposes a Cyberspace Security Econometrics System (CSES) that provides a measure (i.e., a quantitative indication) of reliability, performance and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders’ interests in that requirement. For a given stakeholder, CSES accounts for the variance that may exist among the stakes one attaches to meeting each requirement. This paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings.

A study of scientometric methods to identify emerging technologies via modeling of milestones

This work examines a scientometric model that tracks the emergence of an identified technology from initial discovery (via original scientific and conference literature), through critical discoveries (via original scientific, conference literature and patents), transitioning through Technology Readiness Levels (TRLs) and ultimately on to commercial application. During the period of innovation and technology transfer, the impact of scholarly works, patents and on-line web news sources are identified. As trends develop, currency of citations, collaboration indicators, and on-line news patterns are identified. The combinations of four distinct and separate searchable on-line networked sources (i.e., scholarly publications and citation, patents, news archives, and on-line mapping networks) are assembled to become one collective network (a dataset for analysis of relations). This established network becomes the basis from which to quickly analyze the temporal flow of activity (searchable events) for the example subject domain we investigated.

Synopsis of Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission Value

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with the goal of improved enterprise and business risk management. Economic uncertainty, intensively collaborative work styles, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation of a balanced approach. The cyberspace security econometrics system (CSES) provides a measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholderspsila interests in that requirement. For a given stakeholder, CSES reflects the variance that may exist among the stakes one attaches to meeting each requirement. This paper summarizes the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural underpinnings.

Evaluating security controls based on key performance indicators and stakeholder mission

Good security metrics are required to make good decisions about how to design security countermeasures, to choose between alternative security architectures, and to improve security during operations. Therefore, in essence, measurement can be viewed as a decision aid. The lack of sound practical security metrics is severely hampering progress in the development of secure systems. The Cyberspace Security Econometrics System (CSES) offers the following advantages over traditional measurement systems: (1) CSES reflects the variances that exist amongst different stakeholders of the same system. Different stakeholders will typically attach different stakes to the same requirement or service (e.g., a service may be provided by an information technology system or process control system, etc.). (2) For a given stakeholder, CSES reflects the variance that may exist among the stakes she/he attaches to meeting each requirement. The same stakeholder may attach different stakes to satisfying different requirements within the overall system specification. (3) For a given compound specification (e.g., combination(s) of commercial off the shelf software and/or hardware), CSES reflects the variance that may exist amongst the This manuscript has been authored by a contractor of the U.S. Government under contract DE-AC05-00OR22725. Accordingly, the U.S. Government retains a nonexclusive, royalty-free license to publish or reproduce the published form of this contribution, or allow others to do so, for U.S. Government purposes. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. CSIIRW’08, May 12–14, 2008, Oak Ridge, Tennessee, USA Copyright 2008 ACM 1-60558-098-2...

Defining and computing a value based cyber-security measure

5.00. levels of verification and validation (i.e., certification) performed on components of the specification. The certification activity may produce higher levels of assurance across different components of the specification than others. Consequently, this paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs and the basic structural and mathematical underpinnings. Measurement Criteria Some qualities of a good metric include: (1) Ability to measure the right thing (e.g., supports the decisions that need to be made), (2) Quantitatively measurable (e.g., damages in dollars of profit loss), (3) Capability to be measured accurately, (4) Ability to be validated against ground truth, and (5) Confidence level one has in the assertions made within the framework of the metric. To these criteria, one should add the following desirable properties: (1) Inexpensive in time and cost to execute, (2) ability to be refereed independently, (3) repeatable so the outputs are independent of the analyst performing the measurement, and (4) scalable from small, single computer systems to large, nationscale enterprise networks. MFC Characterization System security should be characterized, not by some abstract discrete scale, but rather by the very concrete determinant, mean failure cost (MFC) [1]. MFC reveals how much each stakeholder stands to lose from mission value due to the lack of security. Subsequent use of this quantification enables us to derive an economic model that captures the tradeoffs involved in deploying security counter measures. The CSES measurement process proceeds in three steps (Generation of Stake Matrix, Dependency Matrix, and Impact Matrix), discussed in the subsequent subsections [2]. Let us consider the fundamental elements needed for evaluating security controls. Fundamentals Figure 1 shows essential I/O components and phases (i.e., discovery, evaluation and metrics) including data collection/analysis and consists of the following parts: System Stakeholders refers to any person or organization that has a stake in the operation of the system (i.e., users, operators of the system, hosts of the systems, etc.); Security Specification is used in the same way that correctness is a relative attribute (i.e., a system is correct with respect to it’s functional specification) and refers to a representation of the security attributes that a system must satisfy to be deemed secure; Security Requirement is used in the same way that a complex functional specification is typically composed of simpler components (i.e., representing elementary functional properties), and is also more generally composed of simpler security requirements; Mean Failure Cost is used in an operational sense because the lack of security within the system may cause damage, in terms of lost productivity, lost business, lost data, resulting in security violations. We represent this loss by a random variable, and define MFC as the mean of this random variable [1]. As discussed further, this quantity is not intrinsic to the system, but varies by stakeholder. Generation of Stakes Matrix The MFC estimation depends on the following principles: (1) a stakeholder may have different stakes in different security requirements, and (2) a security requirement may carry different stakes for different stakeholders. The best way to represent these dependencies is through a 2D matrix, where the rows represent stakeholders Si, the columns represent security requirements Rj and the entries represent stakes (see Table 1). The FC entry at row i, column j, represents the cost that stakeholder Si would lose if the system failed to meet the security requirement Rj (i.e., also represented as FC(Si,Rj)). Each row is filled by the corresponding stakeholder, possibly in their own (possibly distinct) financial / economic terms (Dollars, Person Months, Euros, etc). The estimation of MFC presumes that 1) the same stakeholder may have different stakes in different security requirements, and 2) the same security requirement may carry different stakes for different stakeholders. Generation of Dependency Matrix The Dependency Matrix is used to estimate the probability that a particular security requirement is violated in the course of operating the system for some period of time. In this way, we link the probability of failing a particular requirement with the probability of failure of a component in the system. The elucidation of this probabilistic link involves an analysis of the system’s architecture, to determine which component contributes to meeting which requirement. The analysis of the system architecture, by architecture subject matter experts, enables the derivation of conditional probabilities that link the probability of component failures with the probabilities of failing to meet specific requirements. The term π(Ej) represents the probability of event Ej and the term π(R|Ej) represents the probability of Figure 1. Cyber Security Econometrics (CSE) Table 1. Stakes (ST) Matrix: Cost of failing a security requirement. Security Requirements

Quantifying security threats and their impact

In past work[1,3,4], we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

Risk Assessment Methodology Based on the NISTIR 7628 Guidelines

In earlier works, we present a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper, we illustrate this infrastructure by means of an e-commerce application.

Modeling stakeholder/value dependency through mean failure cost

Earlier work describes computational models of critical infrastructure that allow an analyst to estimate the security of a system in terms of the impact of loss per stakeholder resulting from security breakdowns. Here, we consider how to identify, monitor and estimate risk impact and probability for different smart grid stakeholders. Our constructive method leverages currently available standards and defined failure scenarios. We utilize the National Institute of Standards and Technology (NIST) Interagency or Internal Reports (NISTIR) 7628 as a basis to apply Cyberspace Security Econometrics system (CSES) for comparing design principles and courses of action in making security-related decisions.