Go with the Flow: Toward Workflow-Oriented Security Assessment

Provided by: Association for Computing Machinery
Topic: Security
Format: PDF
In this paper, the authors advocate the use of workflow-describing how a system provides its intended functionality-as a pillar of cybersecurity analysis and propose a holistic workflow-oriented assessment framework. While workflow models are currently used in the area of performance and reliability assessment, these approaches are designed neither to assess a system in the presence of an active attacker, nor to assess security aspects such as confidentiality. On the other hand, existing security assessment methods typically focus on modeling the active attacker (e.g., attack graphs), but many rely on restrictive models that are not readily applicable to complex (e.g., cyber-physical or cyber-human) systems.

Find By Topic