TY - GEN
T1 - Looking for a Black Cat in a Dark Room
T2 - 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018
AU - Bakirtzis, Georgios
AU - Simon, Brandon J.
AU - Fleming, Cody H.
AU - Elks, Carl R.
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2019/5/7
Y1 - 2019/5/7
N2 - Today, there is a plethora of software security tools employing visualizations that enable the creation of useful and effective interactive security analyst dashboards. Such dashboards can assist the analyst to understand the data at hand and, consequently, to conceive more targeted preemption and mitigation security strategies. Despite the recent advances, model-based security analysis is lacking tools that employ effective dashboards∗to manage potential attack vectors, system components, and requirements. This problem is further exacerbated because model-based security analysis produces significantly larger result spaces than security analysis applied to realized systems∗where platform specific information, software versions, and system element dependencies are known. Therefore, there is a need to manage the analysis complexity in model-based security through better visualization techniques. Towards that goal, we propose an interactive security analysis dashboard that provides different views largely centered around the system, its requirements, and its associated attack vector space. This tool makes it possible to start analysis earlier in the system lifecycle. We apply this tool in a significant area of engineering design∗the design of cyber-physical systems∗where security violations can lead to safety hazards.
AB - Today, there is a plethora of software security tools employing visualizations that enable the creation of useful and effective interactive security analyst dashboards. Such dashboards can assist the analyst to understand the data at hand and, consequently, to conceive more targeted preemption and mitigation security strategies. Despite the recent advances, model-based security analysis is lacking tools that employ effective dashboards∗to manage potential attack vectors, system components, and requirements. This problem is further exacerbated because model-based security analysis produces significantly larger result spaces than security analysis applied to realized systems∗where platform specific information, software versions, and system element dependencies are known. Therefore, there is a need to manage the analysis complexity in model-based security through better visualization techniques. Towards that goal, we propose an interactive security analysis dashboard that provides different views largely centered around the system, its requirements, and its associated attack vector space. This tool makes it possible to start analysis earlier in the system lifecycle. We apply this tool in a significant area of engineering design∗the design of cyber-physical systems∗where security violations can lead to safety hazards.
KW - Embedded systems security
KW - Graph drawings
KW - Human-centered computing
KW - Human-centered computing
KW - Security and privacy
KW - Security and privacy
KW - Security in hardware
KW - Systems Security
KW - Visualization
KW - Visualization
KW - Visualization systems and tools
KW - Visualization techniques
KW - Visualization toolkits
KW - Vulnerability management
UR - https://www.scopus.com/pages/publications/85066399623
U2 - 10.1109/VIZSEC.2018.8709187
DO - 10.1109/VIZSEC.2018.8709187
M3 - Conference contribution
AN - SCOPUS:85066399623
T3 - 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018
BT - 2018 IEEE Symposium on Visualization for Cyber Security, VizSec 2018
A2 - Trent, Stoney
A2 - Kohlhammer, Jorn
A2 - Sauer, Graig
A2 - Gove, Robert
A2 - Best, Daniel
A2 - Paul, Celeste Lyn
A2 - Prigent, Nicolas
A2 - Staheli, Diane
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 22 October 2018
ER -