Your search keyword '"graphical security models"' showing total 3 results

1. A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking

Author

Taehoon Eom, Dong Seong Kim, Jong Sou Park, Seongmo An, and Jin B. Hong

Subjects

Security analysis, General Computer Science, Computer science, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Data modeling, Software, software defined networking, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, security analysis, business.industry, General Engineering, 020206 networking & telecommunications, Computer security model, Countermeasure, 010201 computation theory & mathematics, Threat model, lcsh:Electrical engineering. Electronics. Nuclear engineering, Software-defined networking, business, Risk assessment, lcsh:TK1-9971, computer, Attack graphs, graphical security models

Abstract

Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework.

Published

2019

2. Advanced metering infrastructures - security risks and mitigation

Author

Konstantinos-Panagiotis Grammatikakis, Stavros Shiaeles, Ioannis Koufos, Gueltoum Bendiab, and Nicholas Kolokotronis

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Smart meter, Computer science, 0211 other engineering and technologies, Context (language use), 02 engineering and technology, Intrusion detection system, Cyber-security, Computer security, computer.software_genre, Order (exchange), noissn, Graphical security models, 0202 electrical engineering, electronic engineering, information engineering, Intrusion detection, Consumption (economics), 021110 strategic, defence & security studies, 020206 networking & telecommunications, Computer security model, Variety (cybernetics), Attack mitigation, Human-Computer Interaction, Power grid, Software deployment, Malware detection, Computer Vision and Pattern Recognition, computer, Cryptography and Security (cs.CR), Software

Abstract

Energy providers are moving to the smart meter era, encouraging consumers to install, free of charge, these devices in their homes, automating consumption readings submission and making consumers life easier. However, the increased deployment of such smart devices brings a lot of security and privacy risks. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. In this context, this paper is exploring the problems of Advanced Metering Infrastructures (AMI) and proposing a novel Machine Learning (ML) Intrusion Prevention System (IPS) to get optimal decisions based on a variety of factors and graphical security models able to tackle zero-day attacks.

Published

2020

3. CloudSafe: A Tool for an Automated Security Analysis for Cloud Computing

Author

Dong Seong Kim, Noora Fetais, Taehoon Eom, Jin B. Hong, Armstrong Nhlabatsi, Jong Sou Park, Khaled M. Khan, and Seongmo An

Subjects

FOS: Computer and information sciences, Security analysis, Computer Science - Cryptography and Security, Exploit, Process (engineering), Computer science, Cloud computing, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Graphical security models, 0202 electrical engineering, electronic engineering, information engineering, Cloud computing security, business.industry, 020206 networking & telecommunications, Security assessment, Computer security model, Cloud service provider, 010201 computation theory & mathematics, Cloud security, business, computer, Cryptography and Security (cs.CR)

Abstract

Cloud computing has been adopted widely, providing on-demand computing resources to improve performance and reduce operational costs. However, these new functionalities also bring new ways to exploit the cloud computing environment. To assess the security of the cloud, graphical security models can be used, such as Attack Graphs and Attack Trees. However, existing models do not consider all types of threats, and also automating the security assessment functions are difficult. In this paper, we propose a new security assessment tool for the cloud named CloudSafe, an automated security assessment for the cloud. The CloudSafe tool collates various tools and frameworks to automate the security assessment process. To demonstrate the applicability of the CloudSafe, we conducted security assessment in Amazon AWS, where our experimental results showed that we can effectively gather security information of the cloud and carry out security assessment to produce security reports. Users and cloud service providers can use the security report generated by the CloudSafe to understand the security posture of the cloud being used/provided. - 2019 IEEE. This paper was made possible by Grant NPRP 8-531-1-111 from Qatar National Research Fund (QNRF). The statements made herein are solely the responsibility of the authors. Scopus

Published

2019