Tutorial: Investigating Advanced Exploits for System Security Assurance

2021 ◽  
Author(s):  
Salman Ahmed ◽  
Long Cheng ◽  
Hans Liljestrand ◽  
N. Asokan ◽  
Danfeng Daphne Yao
Keyword(s):  
System Security ◽  
Security Assurance

Assessment of Information System Assurance Capability Based on SVM

2012 ◽  
Vol 241-244 ◽  
pp. 275-279
Author(s):  
Deng Hui Wu ◽  
Yu Fu ◽  
Jia Sheng Wang
Keyword(s):  
Neural Network ◽  
Information System ◽  
System Security ◽  
Assessment Methods ◽  
Minimum Point ◽  
Security Assurance ◽  
Information System Security ◽  
Subjective Bias

Aiming at the shortcoming of commonly used assessment methods, this paper introduces SVM to information system security assurance capability assessment, builds a corresponding assess model. The simulation result shows that the method can get high assessment accuracy, and can solve the problem of subjective bias brought by experts and the problems of easily trapped into minimum point and over-fitting of neural network, the method is suitable for information system security assurance capability assessment.

A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance

2021 ◽  
Vol 12 (1) ◽  
pp. 46-62
Author(s):  
Zhengshu Zhou ◽  
Qiang Zhi ◽  
Zilong Liang ◽  
Shuji Morisaki
Keyword(s):  
System Development ◽  
Greedy Algorithms ◽  
System Security ◽  
Project Managers ◽  
Constraint Condition ◽  
Security Assurance ◽  
Effectiveness And Efficiency ◽  
Assurance Cases ◽  
Requirements Development

When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.

A Document-based View of the Risk Management Framework

2020 ◽  
Author(s):  
Joshua Lubell
Keyword(s):  
Risk Management ◽  
System Security ◽  
Security Risk ◽  
Management Framework ◽  
Security Assurance ◽  
Risk Management Framework ◽  
Key Participants ◽  
The Way

Cybersecurity professionals know the Risk Management Framework (RMF) as a rigorous yet flexible process for managing security risk. But the RMF lacks a document focus, even though much of the process requires authoring, reviewing, revising, and accessing plans and reports. It is possible to build such a focus by looking more closely at these documents, starting with the System Security Plan and the roles of key participants responsible for it. Such a document- and role-centric view of the RMF process can lead the way toward more efficient and less error-prone security assurance.

Sign in / Sign up

Export Citation Format

Share Document