Assume-Guarantee Reasoning Using a Cyber Security Ontology
Alfageeh, Ali Abdurhman
MetadataShow full item record
Design of a network is a challenging problem as it involves the integration of several complex components such as routers, servers, computers, smart devices. This is further complicated by the need to have robust security policies implemented to prevent violation of confidentiality as the networked devices interact. The design of such complex networked systems demand a more rigorous approach to the modeling and analysis, which can be inherited from the field of Software engineering. Presently, network or security engineers do not use a system/software engineering approach to design and build cybersecurity systems. Thus, we propose a system/software engineering approach to model and analyze security of a network. To illustrate our approach we chose insider threats problem as the use case from the cybersecurity domain. Significant research effort has been conducted that focused on perimeter protection based on the philosophy of not trusting the nodes outside the network, whereas fully trusting the nodes inside the network in developing solutions for cybersecurity. Several attacks have shown that insiders can play a significant role in cybersecurity attacks, so it is essential to model and analyze insider threats and build the needed rules to restrict the actions of the authorized employees. Our research effort in this thesis is focused on developing a system/software engineering approach based on the philosophy of zero trust for insiders in the network. Our formal approach includes: developing a cybersecurity ontology, creating an assume-guarantee formal grammar, and developing an automated assume-guarantee based reasoner. We used Web Ontology Language (OWL) to formally represent cyber knowledge for a network, a distributed system with relevant network elements to reason over the relationships between classes and the actions of insiders. Our ontology includes the representation of message transaction scenarios in the internal network which focused on modeling security policies to prevent violation of confidentiality of messages benign exchanged within the internal network of an organization. We analyzed the designed ontology by developing Semantic Web Rule Language (SWRL) rules. SWRL rules were developed and used to infer new knowledge based on computed logical inferences. These developed rules become recommended network security policies that should be implemented to prevent violations in the internal networks. Moreover, our ontology guided the creation of an assume-guarantee formal language to allow the network engineers to model the network including the cybersecurity properties at a high level of abstraction. Finally, we designed an assume-guarantee automated reasoner to go over the language that we have developed and check if the implemented security properties for the network are satisfied or not.