Our recent paper “An Approach to Determine a System’s Behavioural Security Posture” is now available online. In this paper, we introduce an approach to enhance system security during the early design phase, targeting the creation of a system’s behavioural view. We derived two sound security metrics, Critical Element Risk Index (CERI) and Corruption Propagation Potential (CPP). These metrics inform a system’s Behavioural Security Posture (BSP), which we define as a system’s resilience to knowable threats based on its flows, as determined by its security policies and threat model. To best support designers, we expanded on previous work and updated our BSP analysis tool, Dubhe. In this expanded approach, Dubhe (1) identifies threats and mitigation patterns present within UML activity diagrams, (2) calculates a system’s average CERI and CPP through pattern matching and depth-first flow traversal, and (3) presents a system’s BSP to designers, alongside identified threats and recommended mitigation strategies. We demonstrate this approach by applying it to an Online Seller of Merchandise (OSM) system, analyzing a login use case to ensure target security requirements are adequately addressed. Using the information from Dubhe, designers have the tools and support needed to make meaningful security improvements to their systems during the design phase of the SDLC. This paper was presented at the 17th International Symposium on Foundations & Practice of Security (FPS 2024).. See Publications for more details!
Home / Publication / New Publication: An Approach to Determine a System’s Behavioural Security Posture
New Publication: An Approach to Determine a System’s Behavioural Security Posture