Building a Cybersecurity Risk Metamodel for Improved Method and Tool Integration

• URL: http://arxiv.org/abs/2409.07906v1
• Date: Thu, 12 Sep 2024 10:18:26 GMT
• Title: Building a Cybersecurity Risk Metamodel for Improved Method and Tool Integration
• Authors: Christophe Ponsard,
• Abstract summary: We report on our experience in applying a model-driven approach on the initial risk analysis step in connection with a later security testing. Our work rely on a common metamodel which is used to map, synchronise and ensure information traceability across different tools.
• Score: 0.38073142980732994
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Nowadays, companies are highly exposed to cyber security threats. In many industrial domains, protective measures are being deployed and actively supported by standards. However the global process remains largely dependent on document driven approach or partial modelling which impacts both the efficiency and effectiveness of the cybersecurity process from the risk analysis step. In this paper, we report on our experience in applying a model-driven approach on the initial risk analysis step in connection with a later security testing. Our work rely on a common metamodel which is used to map, synchronise and ensure information traceability across different tools. We validate our approach using different scenarios relying domain modelling, system modelling, risk assessment and security testing tools.

Related papers

• Quantitative analysis of attack-fault trees via Markov decision processes [0.7179506962081079]
  We introduce a novel method to find the front between the metrics reliability (safety) and attack cost (security) using Markov decision processes. This gives us the full interplay between safety and security while being considerably more lightweight and faster than the automaton approach.
  arXiv  Detail & Related papers  (2024-08-13T14:06:07Z)
• Model-Driven Security Analysis of Self-Sovereign Identity Systems [2.5475486924467075]
  We propose a model-driven security analysis framework for analyzing architectural patterns of SSI systems. Our framework mechanizes a modeling language to formalize patterns and threats with security properties in temporal logic. We present typical vulnerable patterns verified by SecureSSI.
  arXiv  Detail & Related papers  (2024-06-02T05:44:32Z)
• Mapping LLM Security Landscapes: A Comprehensive Stakeholder Risk Assessment Proposal [0.0]
  We propose a risk assessment process using tools like the risk rating methodology which is used for traditional systems. We conduct scenario analysis to identify potential threat agents and map the dependent system components against vulnerability factors. We also map threats against three key stakeholder groups.
  arXiv  Detail & Related papers  (2024-03-20T05:17:22Z)
• ASSERT: Automated Safety Scenario Red Teaming for Evaluating the Robustness of Large Language Models [65.79770974145983]
  ASSERT, Automated Safety Scenario Red Teaming, consists of three methods -- semantically aligned augmentation, target bootstrapping, and adversarial knowledge injection. We partition our prompts into four safety domains for a fine-grained analysis of how the domain affects model performance. We find statistically significant performance differences of up to 11% in absolute classification accuracy among semantically related scenarios and error rates of up to 19% absolute error in zero-shot adversarial settings.
  arXiv  Detail & Related papers  (2023-10-14T17:10:28Z)
• An Adaptable Approach for Successful SIEM Adoption in Companies [0.3441021278275805]
  This paper develops a holistic procedure model for implementing respective SIEM systems in corporations. According to the study during the validation phase, the procedure model was verified to be applicable.
  arXiv  Detail & Related papers  (2023-08-02T10:28:08Z)
• Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
  Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
  arXiv  Detail & Related papers  (2023-07-14T16:03:27Z)
• Towards Safer Generative Language Models: A Survey on Safety Risks, Evaluations, and Improvements [76.80453043969209]
  This survey presents a framework for safety research pertaining to large models. We begin by introducing safety issues of wide concern, then delve into safety evaluation methods for large models. We explore the strategies for enhancing large model safety from training to deployment.
  arXiv  Detail & Related papers  (2023-02-18T09:32:55Z)
• Evaluating Model-free Reinforcement Learning toward Safety-critical Tasks [70.76757529955577]
  This paper revisits prior work in this scope from the perspective of state-wise safe RL. We propose Unrolling Safety Layer (USL), a joint method that combines safety optimization and safety projection. To facilitate further research in this area, we reproduce related algorithms in a unified pipeline and incorporate them into SafeRL-Kit.
  arXiv  Detail & Related papers  (2022-12-12T06:30:17Z)
• Modeling and mitigation of occupational safety risks in dynamic industrial environments [0.0]
  This article proposes a method to enable continuous and quantitative assessment of safety risks in a data-driven manner. A fully Bayesian approach is developed to calibrate this model from safety data in an online fashion. The proposed model can be leveraged for automated decision making.
  arXiv  Detail & Related papers  (2022-05-02T13:04:25Z)
• Evaluating the Safety of Deep Reinforcement Learning Models using Semi-Formal Verification [81.32981236437395]
  We present a semi-formal verification approach for decision-making tasks based on interval analysis. Our method obtains comparable results over standard benchmarks with respect to formal verifiers. Our approach allows to efficiently evaluate safety properties for decision-making models in practical applications.
  arXiv  Detail & Related papers  (2020-10-19T11:18:06Z)
• SAMBA: Safe Model-Based & Active Reinforcement Learning [59.01424351231993]
  SAMBA is a framework for safe reinforcement learning that combines aspects from probabilistic modelling, information theory, and statistics. We evaluate our algorithm on a variety of safe dynamical system benchmarks involving both low and high-dimensional state representations. We provide intuition as to the effectiveness of the framework by a detailed analysis of our active metrics and safety constraints.
  arXiv  Detail & Related papers  (2020-06-12T10:40:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.