Integration of Graphical Modeling Techniques as a Structural Framework for System-Aware Cyber Security Architecture Selection

As a consequence of increased risks of insider and supply chain attacks, it has become more apparent recently that cyber attacks cannot be completely addressed by traditional perimeter security solutions alone. In order to better protect systems, a new systems engineering focused approach, called System-Aware Cyber Security, has been developed. Previous research efforts have led to the development of an expansive portfolio of System-Aware Cyber Security design patterns, which creates a complex multiple criteria decision analysis (MCDA) problem of how to best allocate and implement the protection to create an integrated system security architectural solution that best shifts the asymmetry from favoring an adversary to favoring the US defense.
While MCDA is a very well developed research area with an expansive literature in existence, there are several critical issues that are introduced when considering the cyber security architecture selection process which prompt the need for the development of a decision support tool. In addition to the vast decision space, the tremendous potential for uncertainty in the initial parameter estimates, and the large, diverse group of stakeholders involved, the most critical difference is the presence of an intelligent adversary. While it's obvious that an attacker’s actions could cause uncertainty for the defense’s system, it's important to recognize that the defense’s choices regarding the system can also cause uncertainty for the attacker. This seemingly simple notion – that the design decisions can affect the attacker just as the attacker’s decisions affect the system outcome – became a driving force in the development of the current relational methodology for the System-Aware Cyber Security architecture selection decision process.
This research effort proposes a schematic framework designed to utilize a combination of well-known graphical modeling techniques to provide guidance and insight to the decision makers regarding the overall structure of the system and the impacts of their decisions. This methodology involves multiple iterations of Directed Acyclic Graphs and Attack Trees to create a graphical depiction that formalizes the complex structure of the decision process, captures both the attacker and defensive perspectives, and recognizes potential uncertainty in cost and security benefit estimates by providing a more robust approach than scoring alone. In addition to detailing the need for a decision support tool set and describing the developed relational methodology and the graphical modeling techniques it utilizes, this thesis outlines a series of case study workshops conducted on an initial example application. Working through the methodology with a project team provided insight about the usefulness of the framework in a real-word project scenario and provided feedback which has been used to refine the methodology.