A framework for evaluating security risk in system design
Abstract Design and development of ubiquitous computer network systems has become increasingly difficult as technology continues to grow. From the introduction of new technologies to the discovery of existing threats, weaknesses, and vulnerabilities there is a constantly changing landscape of potent...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
Springer
2022-12-01
|
Series: | Discover Internet of Things |
Subjects: | |
Online Access: | https://doi.org/10.1007/s43926-022-00027-w |
_version_ | 1811203828152795136 |
---|---|
author | Paul A. Wortman John A. Chandy |
author_facet | Paul A. Wortman John A. Chandy |
author_sort | Paul A. Wortman |
collection | DOAJ |
description | Abstract Design and development of ubiquitous computer network systems has become increasingly difficult as technology continues to grow. From the introduction of new technologies to the discovery of existing threats, weaknesses, and vulnerabilities there is a constantly changing landscape of potential risks and rewards. The cyber security community, and industry at large, is learning to account for these increasing threats by including protections and mitigations from the beginning of the design V process. However, issues still come from limitations in time for thoroughly exploring a potential design space and the knowledge base required to easily account for potential vulnerabilities in each. To address this problem we propose the G-T-S framework, which is an automated tool that allows a user to provide a set of inputs relating to the desired design space and returns a monetary security risk evaluation of each. This methodology first generates a series of potential designs, then dissects their contents to associate possible vulnerabilities to device elements, and finally evaluates the security risk poised to a central asset of importance. We exemplify the tools, provide methodologies for required background research, and discuss the results in evaluating a series of IoT Home models using the GTS framework. Through implementation of our framework we simplify the information an individual will require to begin the design process, lower the bar for entry to perform evaluating security risk, and present the risk as an easily understood monetary metric. |
first_indexed | 2024-04-12T03:01:33Z |
format | Article |
id | doaj.art-3cbc6c7af6ec4dc6b28d2fce4ea74579 |
institution | Directory Open Access Journal |
issn | 2730-7239 |
language | English |
last_indexed | 2024-04-12T03:01:33Z |
publishDate | 2022-12-01 |
publisher | Springer |
record_format | Article |
series | Discover Internet of Things |
spelling | doaj.art-3cbc6c7af6ec4dc6b28d2fce4ea745792022-12-22T03:50:37ZengSpringerDiscover Internet of Things2730-72392022-12-012113010.1007/s43926-022-00027-wA framework for evaluating security risk in system designPaul A. Wortman0John A. Chandy1University of ConnecticutUniversity of ConnecticutAbstract Design and development of ubiquitous computer network systems has become increasingly difficult as technology continues to grow. From the introduction of new technologies to the discovery of existing threats, weaknesses, and vulnerabilities there is a constantly changing landscape of potential risks and rewards. The cyber security community, and industry at large, is learning to account for these increasing threats by including protections and mitigations from the beginning of the design V process. However, issues still come from limitations in time for thoroughly exploring a potential design space and the knowledge base required to easily account for potential vulnerabilities in each. To address this problem we propose the G-T-S framework, which is an automated tool that allows a user to provide a set of inputs relating to the desired design space and returns a monetary security risk evaluation of each. This methodology first generates a series of potential designs, then dissects their contents to associate possible vulnerabilities to device elements, and finally evaluates the security risk poised to a central asset of importance. We exemplify the tools, provide methodologies for required background research, and discuss the results in evaluating a series of IoT Home models using the GTS framework. Through implementation of our framework we simplify the information an individual will require to begin the design process, lower the bar for entry to perform evaluating security risk, and present the risk as an easily understood monetary metric.https://doi.org/10.1007/s43926-022-00027-wSystem security modelingSecurity risk analysisSecurity metricsSecurity design exploration |
spellingShingle | Paul A. Wortman John A. Chandy A framework for evaluating security risk in system design Discover Internet of Things System security modeling Security risk analysis Security metrics Security design exploration |
title | A framework for evaluating security risk in system design |
title_full | A framework for evaluating security risk in system design |
title_fullStr | A framework for evaluating security risk in system design |
title_full_unstemmed | A framework for evaluating security risk in system design |
title_short | A framework for evaluating security risk in system design |
title_sort | framework for evaluating security risk in system design |
topic | System security modeling Security risk analysis Security metrics Security design exploration |
url | https://doi.org/10.1007/s43926-022-00027-w |
work_keys_str_mv | AT paulawortman aframeworkforevaluatingsecurityriskinsystemdesign AT johnachandy aframeworkforevaluatingsecurityriskinsystemdesign AT paulawortman frameworkforevaluatingsecurityriskinsystemdesign AT johnachandy frameworkforevaluatingsecurityriskinsystemdesign |