Stakeholder security analysis - a new approach to security design with example application

PhD Thesis


Hadaad, Nabeel Mahdy Hadaad. 2020. Stakeholder security analysis - a new approach to security design with example application. PhD Thesis Doctor of Philosophy. University of Southern Queensland. https://doi.org/10.26192/05r4-0365
Title

Stakeholder security analysis - a new approach to security design with example application

TypePhD Thesis
Authors
AuthorHadaad, Nabeel Mahdy Hadaad
SupervisorAddie, Ron
Li, Yan
Institution of OriginUniversity of Southern Queensland
Qualification NameDoctor of Philosophy
Number of Pages185
Year2020
Digital Object Identifier (DOI)https://doi.org/10.26192/05r4-0365
Abstract

Stakeholder security analysis (SSA) is a rigorous approach to analysing and designing systems from the point of view of cybersecurity which is defined and applied in this dissertation. SSA starts by identifying the objectives of the stakeholders, and then seeks to find rules which can be enforced to ensure that these objectives are met. It is shown by several detailed examples in this dissertation, and proved theoretically, by means of Hilbert's thesis, that first order logic is able to express any mathematical model and correctly explains the concept of logical proof; and that stakeholder security analysis can be used systematically to design secure systems. The relationship between the different cybersecurity rules is illustrated by means of inference graphs, which show how the rules which are enforced ensure that the objectives are met.

Chapter 1 provides an introduction, background, and presents outcomes of research significance. Chapter 2 reviews the relevant literature on the philosophy of security design that is applied to the application areas of web security, network security, and emergency networks. Chapter 3 defines stakeholder security analysis, including its theoretical justification, by means of Hilbert's thesis, and explains the use of inference graphs, which were developed as part of this research. Service protection rules are defined, in this chapter, as rules which, without appearing to define or ensure security, are nevertheless essential because they ensure that a service fulfils its objectives. Examples of these are provided in subsequent chapters, where it becomes clear that unless this type of rule is included, the system being designed is logically incomplete. In Chapter 4, stakeholder security analysis is applied to web services, and, in particular, to the Netml system for network analysis, design and simulation. It is used to design and prove the security of certain aspects of the system.

In Chapter 5, the design of network filters and firewalls is considered, together with the security implications of virtual private networks. The use of simulation for security analysis of networks is explored practically, and the capability and limitations of simulation as a tool for security analysis of networks are investigated, using stakeholder security analysis as a rigorous framework that underpins all the proposed methods. It is shown that simulation can be rigorously used to prove the consistency
of policies, and the sense in which simulation is able to prove the validity of cybersecurity is identified. In Chapter 6, the stakeholder security analysis is applied to emergency networks. The purpose of emergency networks is to save lives. The possibility of misuse and attacks upon an emergency network is also considered. A key consideration in the management of power for the devices which form the network. Five experiments concerned with the management of battery life to save lives in emergency situations are presented. Conclusions are presented in Chapter 7.

Keywordsstakeholders, security network, web service, emergency network, inference graph, service protection rules
ANZSRC Field of Research 2020460407. System and network security
Byline AffiliationsSchool of Sciences
Permalink -

https://research.usq.edu.au/item/q6496/stakeholder-security-analysis-a-new-approach-to-security-design-with-example-application

Download files


Published Version
nabeelthesisFinal2_D3F8.pdf
File access level: Anyone

  • 122
    total views
  • 73
    total downloads
  • 0
    views this month
  • 0
    downloads this month

Export as

Related outputs

Experiments and proofs in web-service security
Sheniar, Dawood, Hadaad, Nabeel, Martin, David, Addie, Ron and Abdulla, Shahab. 2018. "Experiments and proofs in web-service security." Harris, Richard, Gregory, Mark, Tran-Gia, Phuoc and Pawlikowski, Krys (ed.) 28th International Telecommunication Networks and Application Conference: Experiments and Proofs in Web-service Security (ITNAC 2018). Sydney, Australia 21 - 23 Nov 2018 New York, United States. https://doi.org/10.1109/ATNAC.2018.8615367
Emergency Network Design – Saving Lives by Saving Power
Hadaad, Nabeel, Pitsillides, Andreas, Kolios, Panayiotis, Addie, Ronald G. and Kuras, Alan. 2016. "Emergency Network Design – Saving Lives by Saving Power." 26th International Telecommunication Networks and Applications Conference (ITNAC 2016). Dunedin, New Zealand 07 - 09 Dec 2016 United States. https://doi.org/10.1109/ATNAC.2016.7878775
Protecting services from security mis-configuration
Hadaad, Nabeel, Drury, Luke and Addie, Ronald G.. 2015. "Protecting services from security mis-configuration." 25th International Telecommunication Networks and Applications Conference (ITNAC 2015). Sydney, Australia 18 - 20 Nov 2015 United States. https://doi.org/10.1109/ATNAC.2015.7366799
The Inference Graph of Cybersecurity Rules
Sheniar, Dawood, Hadaad, Nabeel and Addie Ron. 2016. "The Inference Graph of Cybersecurity Rules." 29th International Telecommunication Networks and Applications Conference (ITNAC 2019). Auckland, New Zealand 27 - 29 Nov 2019 New Zealand. IEEE (Institute of Electrical and Electronics Engineers). https://doi.org/10.1109/ITNAC46935.2019.9077958