{"id":2040,"date":"2025-05-01T20:58:30","date_gmt":"2025-05-02T00:58:30","guid":{"rendered":"https:\/\/carleton.ca\/cybersea\/?p=2040"},"modified":"2026-01-26T10:41:49","modified_gmt":"2026-01-26T15:41:49","slug":"new-publication-an-approach-to-determine-a-systems-behavioural-security-posture","status":"publish","type":"post","link":"https:\/\/carleton.ca\/cybersea\/2025\/new-publication-an-approach-to-determine-a-systems-behavioural-security-posture\/","title":{"rendered":"New Publication: An Approach to Determine a System\u2019s Behavioural Security Posture"},"content":{"rendered":"\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n            <div class=\"cu-textmedia flex flex-col lg:flex-row mx-auto gap-6 md:gap-10 my-6 md:my-12 first:mt-0 max-w-5xl\">\n        <div class=\"justify-start cu-textmedia-content cu-prose-first-last\" style=\"flex: 0 0 100%;\">\n            <header class=\"font-light prose-xl cu-pageheader md:prose-2xl cu-component-updated cu-prose-first-last\">\n                                    <h1 class=\"cu-prose-first-last font-semibold !mt-2 mb-4 md:mb-6 relative after:absolute after:h-px after:bottom-0 after:bg-cu-red after:left-px text-3xl md:text-4xl lg:text-5xl lg:leading-[3.5rem] pb-5 after:w-10 text-cu-black-700 not-prose\">\n                        New Publication: An Approach to Determine a System\u2019s Behavioural Security Posture\n                    <\/h1>\n                \n                                \n                            <\/header>\n\n                    <\/div>\n\n            <\/div>\n\n    <\/div>\n<\/section>\n\n<p>Our recent paper &#8220;<a href=\"https:\/\/doi.org\/10.1007\/978-3-031-87499-4_7\">An Approach to Determine a System\u2019s Behavioural Security Posture<\/a>&#8221; is now available online. In this paper, we introduce an approach to enhance system security during the early design phase, targeting the creation of a system\u2019s behavioural view. We derived two sound security metrics, Critical Element Risk Index (CERI) and Corruption Propagation Potential (CPP). These metrics inform a system\u2019s Behavioural Security Posture (BSP), which we define as a system\u2019s resilience to knowable threats based on its flows, as determined by its security policies and threat model. To best support designers, we expanded on previous work and updated our BSP analysis tool, Dubhe. In this expanded approach, Dubhe (1) identifies threats and mitigation patterns present within UML activity diagrams, (2) calculates a system\u2019s average CERI and CPP through pattern matching and depth-first flow traversal, and (3) presents a system\u2019s BSP to designers, alongside identified threats and recommended mitigation strategies. We demonstrate this approach by applying it to an Online Seller of Merchandise (OSM) system, analyzing a login use case to ensure target security requirements are adequately addressed. Using the information from Dubhe, designers have the tools and support needed to make meaningful security improvements to their systems during the design phase of the SDLC. This paper was presented at&nbsp;the <a href=\"https:\/\/fps-2024.hec.ca\">17th International Symposium on Foundations &amp; Practice of Security (FPS 2024).<\/a>. See <a href=\"https:\/\/carleton.ca\/cybersea\/publications\/\">Publications<\/a> for more details!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our recent paper &#8220;An Approach to Determine a System\u2019s Behavioural Security Posture&#8221; is now available online. In this paper, we introduce an approach to enhance system security during the early design phase, targeting the creation of a system\u2019s behavioural view. We derived two sound security metrics, Critical Element Risk Index (CERI) and Corruption Propagation Potential [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":431,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[41],"tags":[],"class_list":["post-2040","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-publication"],"acf":{"cu_post_thumbnail":""},"_links":{"self":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts\/2040","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/comments?post=2040"}],"version-history":[{"count":3,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts\/2040\/revisions"}],"predecessor-version":[{"id":2046,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts\/2040\/revisions\/2046"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/media\/431"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/media?parent=2040"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/categories?post=2040"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/tags?post=2040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}