CISSA Framework

Understanding the system security level against cyber threats is critical for today's IT or IT-enabled infrastructures, such as cloud storage and computing services, banking and payment systems or cyber-physical systems such as smart grids. Despite promoting security in general, adopting various compliance standards often do not sufficiently capture the inherent relationships among different security related aspects of the studied infrastructure. Witnessing the surge of interest in model-based security assessment in the recent years, various aspects of systems, threats, security measures, and more importantly, how these aspects interact with each other, are abstracted into models, often through rigorous defined formalisms.

To assess this, we present an open repository of Common Input Scenarios for Security Assessment (CISSA) for different model-based security assessment tools. By proposing a CISSA design framework and constructing six initial scenarios based on real-world incidents, we experimentally show how CISSA can provide new insights and concrete reference points to both security practitioners and tool developers.

Fig. 1 - Security assessment process driven by CISSA

Fig. 2 - Elements in an input scenario and their relationships

As illustrated in Figure 1, a rich and open repository of input scenarios based on real-world incidents, showing the feasibility of building a diverse, realistic, structured, and precise set of CISSA based on the framework. Guided by certain design considerations, we propose a schema for representing security-relevant information. While there may be other ways to represent such information, the schema that we propose, as depicted in Figure 2, could serve as a valuable starting point for the CISSA concept. Existing resources such as security incident reports are largely unstructured, and it would require human comprehension and transformation before they can be used by security assessment tools. Databases such as NVD provide machine-readable format, but only include information on the specifics of the vulnerabilities, which is far from sufficient for most model-based security assessment tools. In the design of CISSA, the identified elements and their attributes provide a unified way to represent information on both the target systems and the security incident.