MASCOTS: Mapping security mechanisms to socio-technical requirements
Summary
Ever since the advent of Security Requirement Engineering (SRE)—when the need for inclusion of security considerations during the development phase became clear—the field has grown tremendously and nowadays even accounts for the human factor with its consideration for socio-technical systems. There have been many different methods and tools to gather, process, and model security requirements of a system under development, and there have also been many initiatives that expanded our grasp of security requirements and properties as well as our ability to address different kinds of threats and security vulnerabilities, but this also means that there is more and more to consider when attempting to secure a system under development, and security experts are still only human. Moreover, despite the tremendous contributions to the field in the recent years, there has yet to be a method or a tool that allows direct transition from the security requirements of a socio-technical system to the security mechanisms that address them.
In this project, we introduce a semi-automated mapping process that connects socio-technical security requirements to a selection of appropriate security mechanisms; we call it MASCOTS. The mapping process is meant to serve as a decision support tool for security experts—especially for those who are meant to secure larger segments with many variables to consider. And because it flattens the learning curve, it can also be used by non-experts and people with less experience in the field.
When designing the MASCOTS process, our first order of business was to choose a way to represent the socio-technical security requirements of a system. Naturally, we could attempt to create our own way to accomplish this, but we decided to find something already accepted within the field, and there was also no reason for us to re-invent the wheel with the many different and proven approaches already available. We ultimately chose the Socio-Technical Security modelling language (STS-ml), and its accompanying STS method, by considering various trends supported by the relevant literature. Next, we had to devise or to find a commonality (e.g., variable) that is or can be shared by both the system under development and security mechanisms, and—after investigating different approaches—we found the commonality in context. We describe the context with the use of security environmental variables (SEV) that represent the security context of the system under development, as well as the required or suitable security context to implement different security mechanisms. These SEV became the foundation of our MASCOTS ontology (MASCOTS-O) that extends STS-ml not only with information on the security context that can be matched against security context required by security mechanisms, but also with concepts foreign to STS-ml (e.g., segments). With MASCOTS-O, we could finally describe the security context and security properties of a system under development to our satisfaction, and the next step was to take all that we can extract from the system under development, and use it to identify an optimal selection of security mechanisms; we rely on OptiMathSAT algorithm in this regard. Finally, we designed the mapping process in a way that not only facilitates automation, it thrives with automation as it allows for quite assessment for even large systems and any number of security mechanisms from which to choose.
Based on our verification scenarios, our MASCOTS process proved a viable way to accomplish our goal of mapping socio-technical security requirements to security mechanisms. However, it is crucial to have a well-developed repository of security mechanisms—with appropriate description (e.g., SEV)—otherwise the process can never yield a truly optimal selection for the context at hand.
Unfortunately, our current repository of security mechanisms is far from representative, and we were therefore unable to properly evaluate the real-world applicability of the MASCOTS process—especially its accuracy and reliability. And this should therefore be one of the first things to investigate in the future research of MASCOTS. However, this process has a great potential to bridge the mapping gap, as well as to flatten the learning curve for security experts.