A Philosophy of Security Architecture Design

Køien, Geir M.

doi:10.1007/s11277-020-07310-5

Cited by 4 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper, we consider how to avoid system downtime due to natural incidents caused by vulnerabilities. Two earlier papers [5,23] discuss how to prevent downtime due to attackers that intentionally exploit vulnerabilities.…”

Section: Vulnerabilities and Failuresmentioning

confidence: 99%

“…Many published principles [2,5,7,11,51,52] provide foundations for various aspects of antifragility (see [5,7,11] for examples). Although this paper's author has only discussed principles for antifragility to downtime, the presented principles are valid for other types of antifragility, including antifragility to malware attacks [2].…”

Section: More Principles?mentioning

confidence: 99%

“…The literature discusses many types of antifragility in, for example, cybersecurity [3][4][5], software [6][7][8], complex adaptive systems [9][10][11] and biology [12]. However, the current tutorial focuses solely on avoiding downtime in socio-technical systems that change over time.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Tutorial on systems with antifragility to downtime

Hole

2021

Computing

View full text Add to dashboard Cite

An antifragile system of software and stakeholders, including designers, developers, and operators, learn from incidents how to avoid outages and maintain high uptime. This tutorial article reviews how to design and operate such socio-technical systems with antifragility to downtime. It documents the importance of four design principles and two operational principles by exploring the polar opposite anti-principles and the interplay between the principles and the anti-principles. The design principles mandate a software design of separate and isolatable processes with sufficient diversity and redundancy. The processes should communicate asynchronously over an external network. The operational principles imply that the software development teams should repeatedly inject artificial failures into the production system to understand its behavior and detect and mitigate vulnerabilities as the system and its environment change.

show abstract

Section: Vulnerabilities and Failuresmentioning

confidence: 99%

Section: More Principles?mentioning

confidence: 99%

See 1 more Smart Citation

Tutorial on systems with antifragility to downtime

Hole

2021

Computing

View full text Add to dashboard Cite

show abstract

“…It involves a structured analysis of a system's components, data flows, and potential attack vectors to evaluate the likelihood and impact of different security risks. By understanding potential threats early in the development process, organizations can implement robust security measures to safeguard their assets and sensitive information [1].…”

Section: Introductionmentioning

confidence: 99%

A Systematic Evaluation of Artificial Intelligence's Impact on the Landscape of Threat Modeling

Pai,

R.Kunte,

Najee

2023

STAIQC

View full text Add to dashboard Cite

This article systematically evaluates the influence of Artificial Intelligence (AI) on the landscape of Threat modelingin cybersecurity. The study involves an extensive review of relevant journal articles, books, and conference papers to comprehensively assess the current state of the field. By synthesizing existing literature, we identify and analyze the ways in which AItechnologies are applied in Threat modelingmethodologies. The evaluation explores the strengths and limitations of these applications, shedding light on the advancements that have significantly enhancedThreat modeling.Furthermore, the research includes a meticulous gap analysis within the existing literature, revealing areas where further investigation is warranted. Identified gaps in the current research landscape serve as a foundation for proposing future research directions in AI-enhanced Threat modeling. The current literature related to the current landscape of Artificial Intelligence research in cybersecurity predominantly focuses on articles and active studies pertaining to the detection and prevention of cyber-attacks. However, there is a noticeable gap in the existing literature when it comes to leveraging Artificial Intelligence to enhance Threat modeling. While numerous innovative methods have been proposed in recent articles, these predominantly concentrate on Threat modeling within specific domains, such as unmanned vehicles, Cyber-Physical Systems, and Healthcare. There is a lack of generalization in applying these findings to improve Threat modeling practices more broadly. A promising avenue for further research lies in the automation of Threat modeling. Existing literature predominantly emphasizes the study of Threat generation areas, leaving other crucial aspects, such as Architecture representation and Model validation,in need of more comprehensive exploration and analysis

show abstract