Integrated metamodel for security analysis
2015 (English)In: 2015 48TH HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS), IEEE Computer Society, 2015, 5192-5200 p.Conference paper (Refereed)Text
This paper proposes a metamodel for analyzing security aspects of enterprise architecture by combining analysis of cybersecurity with analysis of interoperability and availability. The metamodel extends an existing attack graph based metamodel for cybersecurity modeling and evaluation, (PCySeMoL)-Cy-2, and incorporates several new elements and evaluation rules. The approach improves security analysis by combining two ways of evaluating reachability: one which considers ordinary user activity and another, which considers technically advanced techniques for penetration and attack. It is thus permitting to evaluate security in interoperability terms by revealing attack possibilities of legitimate users. Combined with data import from various sources, like an enterprise architecture data repository, the instantiations of the proposed metamodel allow for a more holistic overview of the threats to the architecture than the previous version. Additional granularity is added to the analysis with the reachability need concept and by enabling the consideration of unavailable and unreliable systems.
Place, publisher, year, edition, pages
IEEE Computer Society, 2015. 5192-5200 p.
, Proceedings of the Annual Hawaii International Conference on System Sciences, ISSN 1060-3425
IdentifiersURN: urn:nbn:se:kth:diva-181009DOI: 10.1109/HICSS.2015.613ISI: 000366264105039ScopusID: 2-s2.0-84944219720ISBN: 978-1-4799-7367-5OAI: oai:DiVA.org:kth-181009DiVA: diva2:897785
48th Annual Hawaii International Conference on System Sciences (HICSS), JAN 05-08, 2015, Kauai, HI
QC 201601262016-01-262016-01-262016-02-26Bibliographically approved