The University of Southampton
University of Southampton Institutional Repository

SERSCIS: Semantic Modelling of Dynamic, Multi-Stakeholder Systems

SERSCIS: Semantic Modelling of Dynamic, Multi-Stakeholder Systems
SERSCIS: Semantic Modelling of Dynamic, Multi-Stakeholder Systems
This paper describes a novel approach to semantic system and security modelling developed in the SERSCIS project. The approach is designed to address dynamic multistakeholder systems that are composed from services at run-time. This presents several challenges for security risk modelling and management that are not well addressed by previous work. The biggest challenge is the fact that at design-time one only knows the structure but not the composition of the system, forcing an abstract modelling approach to be used. The SERSCIS approach deals with this by defining a set of OWL classes describing generic system assets, threats and security controls and the relationships between them. This dependability model captures security expertise concerning the types of threats that can arise in general and the controls that can be used to address them. An abstract system model can then be created using OWL subclasses, to capture the types of assets and their relationships in a specific system, but still without specifying how many assets, where they are deployed or what security controls they have. The resulting models can be used as inputs to run-time semantic monitoring tools, where the knowledge encoded in the abstract system model is used to automatically determine system threat activity and system vulnerabilities. The approach was validated in an Airport Collaborative Decision-Making scenario.
Surridge, Mike
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Chakravarthy, Ajay
d5f40fb2-e262-49e1-9fcc-e1368e764d03
Hall-May, Martin
f082897f-a6ec-4fae-b555-a514ae3bd717
Chen, Xiaoyu
dde6db8e-1cb1-4de4-87e9-64bab6e0220c
Nasser, Bassem
d601c873-8295-44e3-a4e1-d363a26ee086
Nossal, Roman
1d707af0-9118-4f63-8c98-f4c9eb8ad46f
Surridge, Mike
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Chakravarthy, Ajay
d5f40fb2-e262-49e1-9fcc-e1368e764d03
Hall-May, Martin
f082897f-a6ec-4fae-b555-a514ae3bd717
Chen, Xiaoyu
dde6db8e-1cb1-4de4-87e9-64bab6e0220c
Nasser, Bassem
d601c873-8295-44e3-a4e1-d363a26ee086
Nossal, Roman
1d707af0-9118-4f63-8c98-f4c9eb8ad46f

Surridge, Mike, Chakravarthy, Ajay, Hall-May, Martin, Chen, Xiaoyu, Nasser, Bassem and Nossal, Roman (2012) SERSCIS: Semantic Modelling of Dynamic, Multi-Stakeholder Systems. 2nd SESAR Innovations Days, Germany.

Record type: Conference or Workshop Item (Paper)

Abstract

This paper describes a novel approach to semantic system and security modelling developed in the SERSCIS project. The approach is designed to address dynamic multistakeholder systems that are composed from services at run-time. This presents several challenges for security risk modelling and management that are not well addressed by previous work. The biggest challenge is the fact that at design-time one only knows the structure but not the composition of the system, forcing an abstract modelling approach to be used. The SERSCIS approach deals with this by defining a set of OWL classes describing generic system assets, threats and security controls and the relationships between them. This dependability model captures security expertise concerning the types of threats that can arise in general and the controls that can be used to address them. An abstract system model can then be created using OWL subclasses, to capture the types of assets and their relationships in a specific system, but still without specifying how many assets, where they are deployed or what security controls they have. The resulting models can be used as inputs to run-time semantic monitoring tools, where the knowledge encoded in the abstract system model is used to automatically determine system threat activity and system vulnerabilities. The approach was validated in an Airport Collaborative Decision-Making scenario.

Text
SID 2012-09.pdf - Other
Download (1MB)

More information

Published date: 28 November 2012
Venue - Dates: 2nd SESAR Innovations Days, Germany, 2012-11-28
Organisations: Electronics & Computer Science, IT Innovation

Identifiers

Local EPrints ID: 349295
URI: http://eprints.soton.ac.uk/id/eprint/349295
PURE UUID: e07f88dc-9c66-47ab-8eeb-3c9c32395302

Catalogue record

Date deposited: 04 Mar 2013 10:20
Last modified: 09 Dec 2019 20:04

Export record

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×