The Right Tool for the Job: A Case for Common Input Scenarios for Security Assessment
Motivated by the practical importance of security assessment, researchers have developed numerous model-based methodologies. However, the diversity of different methodologies and tool designs makes it challenging to compare their respective strengths or integrate their results. To make it more conducive to incorporate them for practical assessment tasks, we believe it is critical to establish a common foundation of security assessment inputs to support different methodologies and tools. As the initial effort, this paper presents an open repository of Common Input Scenarios for Security Assessment (CISSA) for different model-based security assessment tools. By proposing a CISSA design framework and constructing six initial scenarios based on real-world incidents, we experimentally show how CISSA can provide new insights and concrete reference points to both security practitioners and tool developers. We have hosted CISSA on a publicly available website, and envision that community effort in building CISSA would significantly advance the scientific and practical values of model-based security assessment.