Abstract
Security assurance is the confidence that a system meets its security requirements and is resilient against security vulnerabilities and failures. Existing approaches can be characterized as (1) qualitative in nature, (2) tend to achieve their goals manually to a large extent, (3) very costly, (4) development-process oriented, and finally, (3) treat all security requirements within one domain equally for all applications regardless of the context. In this chapter, the authors propose a security assurance framework and its assurance evaluation process. The framework and process depend on a quantitative security assurance metrics that were developed too. The proposed metric considers both the security requirements and vulnerability. Weight has been introduced to the security requirement metric to measure the importance of security requirements that need to be fulfilled. The framework with the proposed quantitative assurance metrics are evaluated and validated using two field case studies related to two operational REST APIs that belong to and are used by Statistics Norway.
TopIntroduction And Background
Assurance can be defined as the estimate of the likelihood that a system will not fail in some particular way (Anderson, 2010). Consequently, security assurance can be defined as the estimate that the system will not be compromised in some particular way. According to the National Institute of Standard and Technology (NIST) (Kissel., 2013), assurance is defined as following as the “Grounds for confidence that the other four security goals (integrity, availability, confidentiality and accountability) have been adequately met by a specific implementation. “Adequately met” includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or bypass.”. According to (Ouedraogo, Mouratidis, Khadraoui, Dubois, & Palmer-Brown, 2009) security assurance is defined as the confidence that the system meets its security requirements. Further, authors in (Spears, Barki, & Barton, 2013) define security assurance as the degree of confidence that security needs are satisfied, and it represents the level of trust we give to the system (Bischop, 2002).
We define security assurance as the confidence that a system meets its security requirements and is resilient against security vulnerabilities and failures. The confidence indicated by the security assurance represents the level of trust we give to a system that is safe to use. We assume that an assurance scheme (will be defined later) contains the set of goals and objectives that need to be achieved to reach a particular level of assurance. Such goals can be defined in terms of requirements that need to be fulfilled, or vulnerabilities and threats that need to be avoided. Evaluation, on the other hand, can be defined as (Anderson, 2010) (Bischop, 2002) “the process of gathering and analyzing evidence that a system meets, or fails to meet, a prescribed assurance target”. Assurance technique (Such, Gouglidis, Knowles, Misra, & Rashid, 2016), or activity, is defined as a method of assessing an assurance target.
This means that evaluation represents the process of evidence assembly and level assessment, while an assurance technique, represents the technical method that is used in the evaluation process for assessment. Assurance scheme in some standards, like the Common Criteria (CC)1, can be defined in terms of security requirements and assurance requirements.
Evidence collected in the evaluation process will be defined in terms of measurements associated with a set of defined security metrics. A security metrics can be defined as a measure that depicts the security level, security performance or security strength of a system [5]. Authors in [35] categorize security metrics based on four key dimensions (1) metrics of system vulnerabilities (2) metrics of system defense strength (3) metrics of attack (or threat) severity (4) metrics of system dimension or situations. In the context of security assurance, we define a security assurance metric, shortly assurance metric, as the indicator that provides an evidence that the assurance target meets a particular level of the assurance scheme.
Key Terms in this Chapter
Security Assurance: A security assurance can be defined as the confidence that a system meets its security requirements and is resilient against security vulnerabilities and failures. The confidence indicated by the security assurance represents the level of trust we give to a system that is safe to use.
Security Assurance Evaluation Process: Shortly “evaluation process,” can be defined as the process of evaluating the security assurance level of the assurance target. The input is an assurance profile catalog and information about the assurance target to be evaluated and the output is the assurance level.
Assurance Target: An assurance target can be defined as the system under evaluation, for which assurance level will be assessed.
Assurance Profile: An assurance profile indicates the set of the security objectives, based upon the assurance level for a class of systems will be decided. Additionally, it contains the basic design and components of a system and its environment in that specific class. The security objectives are specified as a set of (1) security requirements and their fulfillment conditions and a set of (2) potential vulnerabilities and threats, and their existence conditions.
Assurance Metrics: An assurance metric can be defined as a quantitative measure that provides an evidence that the assurance target meets a particular level of the assurance scheme. It indicates to which degree the assurance target fulfills the security requirements’ conditions and the vulnerabilities’ conditions.
Assurance Technique: An assurance technique can be defined as a method that can be used for evaluating and assessing the assurance target.
Evaluation Evidence: Evaluation evidence can be defined as a set of measurements that can result from applying the assurance technique on the assurance target.
Assurance Scheme: An assurance scheme is an instance of an assurance profile defined for a specific system, called an assurance target. It contains the same security objectives taken from the assurance profile it instantiates in terms of security requirements and vulnerabilities, and their fulfillment and existence conditions, respectively. Also, it contains specific details about the system design and its environment. Furthermore, it specifies the weight for each security requirement and the risk for each vulnerability, or threat, specified in the assurance profile.