Quantifying Satisfaction of Security Requirements of Cloud Software Systems

Nhlabatsi, Armstrong; Khan, Khaled M.; Hong, Jin B.; Kim, Dong Seong Dan; Fernandez, Rachael; Fetais, Noora

doi:10.1109/tcc.2021.3097770

Cited by 2 publications

(2 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One of the main concerns in the new scenarios of blockchain is its security and risks of attacks. For evaluating the risks of static defensive strategy, there are a vast array of suitable methods in the literature, such as epistemological analysis [31], attack graph, artificial intelligence [32], entailment relationships-based methods [33], vulnerability evaluation [34]. In view of the difficulty with the Internet-of-Things (IoT) environment of assessing risk quantitatively due to uncontrollable risks in complex systems, Radanliev et al [31] proposed a set of methods based on epistemological analysis.…”

Section: Related Workmentioning

confidence: 99%

“…It also provides a transformation roadmap for the existing various risk assessment methods in different systems. Nhlabatsi et al [33] extended the entailment relationships from the field of requirements engineering in terms of the ability to describe information security. An evaluation method is proposed, which is based on relationships between defense strength, the exploitability of vulnerabilities, and attack severity.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

SPM: A Novel Hierarchical Model for Evaluating the Effectiveness of Combined ACDs in a Blockchain-Based Cloud Environment

Yang

Smahi

et al. 2022

Applied Sciences

View full text Add to dashboard Cite

Cloud computing provides blockchain a flexible and cost-effective service by on-demand resource sharing, which also introduces additional security risks. Adaptive Cyber Defense (ACD) provides a solution that continuously changes the attack surface according to the cloud environments. The dynamic characteristics of ACDs give defenders a tactical advantage against threats. However, when assessing the effectiveness of ACDs, the structure of traditional security evaluation methods becomes unstable, especially when combining multiple ACD techniques. Therefore, there is still a lack of standard methods to quantitatively evaluate the effectiveness of ACDs. In this paper, we conducted a thorough evaluation with a hierarchical model named SPM. The proposed model is made up of three layers integrating Stochastic Reward net (SRN), Poisson process, and Martingale theory incorporated in the Markov chain. SPM provides two main advantages: (1) it allows explicit quantification of the security with a straightforward computation; (2) it helps obtain the effectiveness metrics of interest. Moreover, the hierarchical architecture of SPM allows each layer to be used independently to evaluate the effectiveness of each adopted ACD method. The simulation results show that SPM is efficient in evaluating various ACDs and the synergy effect of their combination, which thus helps improve the system configuration accordingly.

show abstract