The Right Tool for the Job: A Case for Common Input Scenarios for Security Assessment

  • Xinshu Dong
  • Sumeet Jauhar
  • William G. Temple
  • Binbin Chen
  • Zbigniew Kalbarczyk
  • William H. Sanders
  • Nils Ole Tippenhauer
  • David M. Nicol
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9987)

Abstract

Motivated by the practical importance of security assessment, researchers have developed numerous model-based methodologies. However, the diversity of different methodologies and tool designs makes it challenging to compare their respective strengths or integrate their results. To make it more conducive to incorporate them for practical assessment tasks, we believe it is critical to establish a common foundation of security assessment inputs to support different methodologies and tools. As the initial effort, this paper presents an open repository of Common Input Scenarios for Security Assessment (CISSA) for different model-based security assessment tools. By proposing a CISSA design framework and constructing six initial scenarios based on real-world incidents, we experimentally show how CISSA can provide new insights and concrete reference points to both security practitioners and tool developers. We have hosted CISSA on a publicly available website, and envision that community effort in building CISSA would significantly advance the scientific and practical values of model-based security assessment.

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Xinshu Dong
    • 1
  • Sumeet Jauhar
    • 1
  • William G. Temple
    • 1
  • Binbin Chen
    • 1
  • Zbigniew Kalbarczyk
    • 2
  • William H. Sanders
    • 2
  • Nils Ole Tippenhauer
    • 3
  • David M. Nicol
    • 2
  1. 1.Advanced Digital Sciences CenterSingaporeSingapore
  2. 2.University of Illinois at Urbana-ChampaignChampaignUSA
  3. 3.Singapore University of Technology and DesignSingaporeSingapore

Personalised recommendations