This paper describes a novel approach to semantic system and security modelling developed in the SERSCIS project. The approach is designed to address dynamic multistakeholder systems that are composed from services at run-time. This presents several challenges for security risk modelling and management that are not well addressed by previous work. The biggest challenge is the fact that at design-time one only knows the structure but not the composition of the system, forcing an abstract modelling approach to be used. The SERSCIS approach deals with this by defining a set of OWL classes describing generic system assets, threats and security controls and the relationships between them. This dependability model captures security expertise concerning the types of threats that can arise in general and the controls that can be used to address them. An abstract system model can then be created using OWL subclasses, to capture the types of assets and their relationships in a specific system, but still without specifying how many assets, where they are deployed or what security controls they have. The resulting models can be used as inputs to run-time semantic monitoring tools, where the knowledge encoded in the abstract system model is used to automatically determine system threat activity and system vulnerabilities. The approach was validated in an Airport Collaborative Decision-Making scenario.
展开▼
