product iamge

CyberSecurity in a DevOps Environment: From Requirements to Monitoring

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

This book provides an overview of software security analysis in a DevOps cycle including requirements formalisation, verification and continuous monitoring. It presents an overview of the latest techniques and tools that help engineers and developers verify the security requirements of large-scale industrial systems and explains novel methods that enable a faster feedback loop for verifying security-related activities, which rely on techniques such as automated testing, model checking, static analysis, runtime monitoring, and formal methods.

The book consists of three parts, each covering a different aspect of security engineering in the DevOps context. The first part, "Security Requirements", explains how to specify and analyse security issues in a formal way. The second part, "Prevention at Development Time", offers a practical and industrial perspective on how to design, develop and verify secure applications. The third part, "Protection at Operations", eventually introduces tools for continuous monitoring of security events and incidents. Overall, it covers several advanced topics related to security verification, such as optimizing security verification activities, automatically creating verifiable specifications from security requirements and vulnerabilities, and using these security specifications to verify security properties against design specifications and generate artifacts such as tests or monitors that can be used later in the DevOps process.

The book aims at computer engineers in general and does not require specific knowledge. In particular, it is intended for software architects, developers, testers, security professionals, and tool providers, who want to define, build, test, and verify secure applications, Web services, and industrial systems.

Author(s): Andrey Sadovykh (editor), Dragos Truscan (editor), Wissam Mallouli (editor), Ana Rosa Cavalli (editor), Cristina Seceleanu (editor), Alessandra Bagnato (editor)
Publisher: Springer
Year: 2023

Language: English
Pages: 340

Preface
Part I: Security Requirements Engineering
Part II: Prevention at Development Time
Part III: Protection at Operations
Contents
Part I Security Requirements Engineering
1 A Taxonomy of Vulnerabilities, Attacks, and Security Solutions in Industrial PLCs
1.1 Introduction
1.2 Background: Industrial Control Systems
1.3 Related Work
1.4 Method
1.4.1 Taxonomy Protocol
1.4.1.1 Planning
1.4.1.2 Identification and Extraction
1.4.1.3 Design
1.4.2 Mapping Study Protocol
1.4.2.1 Research Goal
1.4.2.2 Research Questions
1.4.2.3 Keywords and Search String
1.4.2.4 Digital Libraries
1.4.2.5 Selection Criteria
1.4.2.6 Query Search
1.4.2.7 Selection Criteria Application
1.4.2.8 Classification, Extraction, and Analysis
1.5 Search Results
1.6 Taxonomy Results
1.6.1 Security Vulnerabilities
1.6.2 Attacks
1.6.3 Security Solutions
1.6.4 A Taxonomy for PLC-Based Vulnerabilities, Attacks, and Security Solutions
1.7 Validity Threats
1.8 Conclusions and Relation to DevOps
1.9 Annex: Primary Studies
References
2 Natural Language Processing with Machine Learning for Security Requirements Analysis: Practical Approaches
2.1 Introduction
2.2 Security Requirements Engineering
2.3 Natural Language Processing for Requirements Engineering (NLP4RE)
2.3.1 Statistical and Classical Machine Learning Methods
2.3.2 Deep Learning
2.3.3 Transfer Learning
2.4 Practical Examples of NLP4RE
2.4.1 ReqExp: Requirements Extraction from a Text
2.4.2 SeqReq: Security Requirements Classification
2.4.3 STIGSearch: Semantic Search for Security Technology Implementation Guides
2.5 Discussion
2.6 Conclusions
References
3 Security Requirements Formalization with RQCODE
3.1 Introduction
3.1.1 Context
3.1.2 Motivation
3.2 Related Work
3.2.1 Requirements Formalization Methods
3.2.1.1 Formalization Through Verification
3.2.2 Static Verification and Security Patterns
3.2.3 Dynamic Verification and Security Patterns
3.3 The RQCODE Approach
3.3.1 Seamless Object-Oriented Requirements (SOOR)
3.3.2 Requirements as Code (RQCODE)
3.3.3 RQCODE and Temporal Requirements Patterns
3.3.4 RQCODE and Security Technical Implementation Guide (STIG)
3.3.5 RQCODE Framework
3.4 Discussion
3.4.1 Approach for Evaluation
3.4.2 Comparison to Other Requirements Formalization Methods
3.5 Conclusions
References
Part II Prevention at Development Time
4 Vulnerability Detection and Response: Current Status and New Approaches
4.1 Introduction
4.2 Background
4.3 State of the Art of Vulnerability Analysis in ESs
4.3.1 Vulnerability Analysis in Security Standards
4.3.1.1 ISA/IEC 62443
4.3.1.2 Common Criteria
4.3.2 Vulnerability Analysis in the Literature
4.4 Vulnerability Analysis Approaches: Analyzing Extended Dependency Graphs (EDG)
4.4.1 Description of the Model
4.4.2 Types of Node
4.4.3 Types of Edge
4.4.4 Steps to Build the Model
4.5 Security Metrics
4.5.1 Basic Definitions
4.5.2 Metrics
4.5.3 Properties
4.5.3.1 Automatic Inference of Root Causes
4.5.3.2 Spatial and Temporal Distribution of Vulnerabilities
4.5.3.3 Patching Policies Prioritization Support
4.6 Use Case
4.6.1 Structure of OpenPLC
4.6.2 Building the EDG
4.6.3 Analysis of the EDG
4.7 Conclusions
References
5 Metamorphic Testing for Verification and Fault Localization in Industrial Control Systems
5.1 Introduction
5.2 Prerequisites
5.2.1 Metamorphic Testing
5.2.2 Fault Localization
5.2.2.1 Spectrum-Based Fault Localization
5.2.2.2 Program Slicing
5.3 Overview of the Approach
5.3.1 Metamorphic Testing Phase
5.3.2 Fault Localization Phase
5.3.2.1 Test Selection
5.3.2.2 Instrumenting Source Code
5.3.2.3 Test Execution
5.3.2.4 Suspiciousness Scores Calculation
5.3.2.5 Suspicious Elements Extraction
5.3.2.6 Call Graph and Control-Flow Graph Generation
5.3.2.7 Data-Flow Analysis for Suspicious Variables
5.3.2.8 Fault Report
5.4 Evaluation
5.4.1 Metamorphic Testing Phase
5.4.1.1 The Output of the LPS
5.4.1.2 Metamorphic Relation
5.4.1.3 Creating the Seed Input
5.4.1.4 The Morphed Input
5.4.2 Fault Localization Phase
5.4.3 Tool Support
5.5 Threats to Validity
5.5.1 Construct Validity
5.5.2 External Validity
5.5.3 Conclusion Validity
5.6 Related Work
5.7 Conclusions and Future work
References
6 Interactive Application Security Testing with Hybrid Fuzzing and Statistical Estimators
6.1 Introduction
6.2 Related Work
6.2.1 Interactive Application Security Testing
6.3 Methodology
6.3.1 Interactive Application Security Testing: Combining Static Analysis and Security Testing
6.3.2 Our Approach to IAST
6.3.2.1 Dynamic Verification of Static Analysis Findings
6.3.2.2 Improving DAST with SAST Results
6.3.2.3 Improving SAST with DAST Results
6.4 Implementation
6.4.1 Static Analysis
6.4.2 Test Case Generation
6.4.3 Test Data Generation
6.4.4 Test Oracle
6.5 Evaluation
6.5.1 Experimental Plan
6.5.2 RQ1: Information Exchange
6.5.3 RQ2: Is IAST Worth the Effort?
6.5.4 RQ3 and RQ4: Identifying True and False Positives and Uncertainty
6.5.5 Threats to Validity
6.6 Conclusion, Limitations, and Outlook
References
Part III Protection at Operations
7 Ctam: A Tool for Continuous Threat Analysis and Management
7.1 Introduction
7.2 Related Work
7.2.1 Threat Modeling Support During Development
7.2.2 Quality Assessment in Continuous IntegrationPipelines
7.3 Continuous Threat Analysis and Management
7.3.1 Threat Analysis Inputs
7.3.1.1 DFD Model
7.3.1.2 Security and Privacy Solutions
7.3.1.3 Attacker Profiles
7.3.1.4 Threat-Type Catalog
7.3.2 Threat Analysis Engine
7.3.3 Analysis Activities
7.3.4 Server
7.4 Functional Validation
7.4.1 Description of the Case
7.4.2 Change Scenarios
7.4.3 Results
7.5 Evaluation
7.5.1 Modeling Approach
7.5.2 Results
7.5.2.1 Evolution of the Model
7.5.2.2 Threat Analysis Results
7.6 Discussion
7.6.1 Using Another Threat Elicitation Engine
7.6.2 Scope of the Model
7.6.3 Model Granularity
7.6.4 Triggering the Analysis Process
7.6.5 Avoiding Model Drift
7.6.6 Using Detailed Threat Analysis Information
7.6.7 Security Metrics
7.7 Future Work
7.7.1 DFD Model Inputs
7.7.2 Monitoring and Aligning the Operational System
7.7.3 Project-Centric Risk Analysis and Management Use Cases
7.8 Conclusion
References
8 EARLY: A Tool for Real-Time Security Attack Detection
8.1 Introduction
8.2 Overview of the Early Tool
8.2.1 Flow Processing
8.2.1.1 Packet Filtering
8.2.1.2 Flow Identification
8.2.1.3 Packet Preprocessing
8.2.2 Training
8.2.3 Monitoring
8.3 Evaluation
8.3.1 Datasets
8.3.1.1 Web-Based Network Attack Detection
8.3.1.2 MQTT-Based Attack Detection
8.3.2 Model Architectures
8.3.2.1 EARLYCNN
8.3.2.2 EARLYRNN
8.3.3 Evaluation Metrics
8.3.4 RQ1: Classification Performance
8.3.5 RQ2: Earliness Performance
8.4 Related Work
8.5 Conclusion
References
9 A Stream-Based Approach to Intrusion Detection
9.1 Introduction
9.2 Related Work
9.3 Formalizing Intrusion Detection
9.3.1 Formal Preliminaries
9.3.2 Monitors
9.3.3 Pattern Detection as Monitoring
9.4 State-Based Simplifications
9.4.1 Processor State
9.4.2 A State-Aware Detection Algorithm
9.4.3 Progressing Subsequences
9.4.4 Combining Reduction Strategies
9.5 A Compositional Approach to Pattern Detection
9.5.1 Building Blocks for Pattern Detection
9.5.1.1 Generic Processors
9.5.1.2 Elementary Monitors
9.5.2 Progressive Subsequences for Processor Pipelines
9.5.2.1 Pipeline Definition
9.5.2.2 Input-Output Associations
9.6 Experimental Evaluation
9.6.1 Implementation
9.6.2 Empirical Analysis
9.7 Discussion and Conclusion
References
10 Toward Anomaly Detection Using Explainable AI
10.1 Introduction
10.2 Network Monitoring Approaches: MMT Monitoring Framework Example
10.2.1 Classification Techniques
10.2.1.1 Rule-Based Network Classification
10.2.1.2 AI-Based Network Classification
10.2.2 Global MMT Monitoring Architecture
10.2.2.1 Feature Extraction
10.2.2.2 Rule-Based Analysis
10.2.2.3 Machine Learning-Based Anomaly Detection
10.2.2.4 Root Cause Analysis
10.2.3 Application of MMT for Anomaly Detection
10.2.3.1 Settings
10.2.3.2 Results and Interpretation
10.3 Interpreting ML Models for User Network ActivityClassification
10.3.1 Motivation
10.3.1.1 Context
10.3.1.2 Proposal
10.3.2 Classification of User Network Activities
10.3.2.1 Overview
10.3.2.2 Types of Activities
10.3.2.3 Dataset Generation
10.3.2.4 Dataset Preprocessing
10.3.2.5 Feature Extraction
10.3.2.6 Classification
10.3.3 Evaluation
10.3.3.1 Metrics
10.3.3.2 Supervised Classification Models
10.3.4 Explainable AI (XAI)
10.3.4.1 State-of-the-Art of XAI Method
10.3.4.2 SHAP
10.3.4.3 LIME
10.3.4.4 Shapash
10.4 Discussion
10.4.1 Conclusion and Future Work
References