Hierarchical Model-Based Cybersecurity Risk Assessment During System Design

Hierarchical Model-Based Cybersecurity Risk Assessment During System Design

연구 분야: Strategies

학회: IFIP International Conference on ICT Systems Security and Privacy Protection

Cybersecurity risk assessment has become a critical priority in systems development and the operation of complex networked systems. However, current state-of-the-art approaches for detecting vulnerabilities, such as automated security testing or penetration testing, often result in late detections. Thus, there is a growing need for security by design, which involves conducting security-related analyses as early as possible in the system development life cycle. This paper proposes a novel hierarchical model-based security risk assessment approach that enables the early assessment of security risks during the system design process. The approach uses different OMG UML-based models, supplemented by a lightweight extension using profiles and stereotypes. Various security attributes, including vulnerability information and asset values, are then used by algorithms to compute relevant properties including threat space, possible attack paths, and selected network-based security metrics. A real-life industrial example is then used to demonstrate the approach.