SecureWeaver: Intent-Driven Secure System Designer

SecureWeaver: Intent-Driven Secure System Designer

연구 분야: Cryptography

학회: Sat-CPS '22: Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems

Design and management of networked systems, such as Information Technology/Network (IT/NW) or IoT systems, are inherently complex. Moreover, the need to adhere to security requirements adds even more complexity, as the manual audit and security mitigation of system design are time, skill, and labour intensive. In this paper, we present SecureWeaver, a secure system designer that generates a system design which meets functional, quantitative and security service requirements. SecureWeaver is based on the intent-based designer for IT/NW services named Weaver, and security support was implemented by improving the Weaver design stage via a threat mitigation knowledge base, specific refinement rules, and a security verification mechanism. A case study on video surveillance service requirements is used to illustrate the security threats and their mitigation during the automatic design process. Our results show that SecureWeaver is able to mitigate and verify the solutions from a security perspective without incurring a significant overhead: in our experiments, average overhead is 0.04% for systems with more than 100 elements. We also present a feature comparison with three other related systems that emphasizes the practical advantages of SecureWeaver.