Resumen de A Framework For Security Assessment Of Systems Of Systems
The “Systems of Systems” (SoS) emerged as a new horizon with the predominant use of information systems. In this meaning, at the end of 20th century the Systems of Systems have been adopted to define a set of systems retaining operative and managerial independence. These systems temporary collaborate to reach a common goal in an organized way. SoS are complex systems that are not managed by a single accountant, and its outcomes have not a single author or owner. Some shared resources, as functionalities and data are a compositional feature. It means, SoS functionalities and data is a sum of shared resources among the constituent systems. SoS offer new challenges when defining general guidelines on its management, development or operative. Its dynamic composition involves additional complexity: constituent systems may join and disengage, affecting the SoS normal behavior. Diverse alternatives have been proposed with the aim of managing the SoS, analyze its functionalities or performance among others. The security of each constituent system does not compose the SoS security. Despite each constituent system is secure by itself, it is only securing a SoS component, but not the SoS as a whole. An unexpected or mal-intentioned combination of functionalities may produce harmful results on the SoS. SoS security is a complex feature to analyze, given the SoS evolutionary behavior and the no compositionality of security. Since more than 20 years ago software engineering have been designing guidelines to unify routines and create standards as in the case of information system development in computer engineering. These routines include values, strategies, guidelines and methodologies that assist in the development and maintenance of software systems. The use of guides, methodologies and frameworks have evolved with the systems. Technological advances in communication promoted the use of this kind of strategies, easing product and services control and management. However, these guidelines are usually designed for a single system. The use of these guidelines in complex systems as in Systems of Systems include additional challenges as progress and resources sharing. This PhD Thesis study emergent behavior as the origin of SoS vulnerabilities and design a standard framework to assess the SoS security. This research work is motivated by the importance of security in this context. It is based on studies that analyze the security according to the SoS composition, and the potential impact of analyzing the vulnerabilities originated on such collaboration. The general goal of this PhD Thesis is to research on a non-previously identify problem that arise when constituent systems are conducting a joint work. This goal is: to guarantee the security on data and functionalities that are shared on Systems of Systems. This work is based on two main research hypotheses: • Identify the effects of emergent behavior that may cause vulnerabilities. • Define a framework to assess and guarantee security on Systems of Systems. The literature review analyzed the current situation and detected a gap regarding strategies to manage SoS security. In particular those that could be applied by all the parties involved on the SoS. The gap is also confirmed by means a experts’ judgment technique that bolster the first hypothesis. Experts’ judgment provide knowledge to define the requirements for a solution approach. Therefore, this PhD Thesis contributes to the problem understanding, analyzing the initial hypothesis by applying a systematic literature review and a experts’ judgment technique. The solution approach for the identified problem is described as a framework that assist in the process of SoS security assessment by means of a organized set of stages. This approach is named TeSSoS “Testing for Security in System of Systems”. This framework has been communicated in Software Engineering for Systems-of-Systems conference and is inspired in agile methodologies, Deming cycle, Mitnick cycle and an attacker lifecycle. TeSSoS lifecycle is designed to be adapted with the use of other methodologies, guidelines or frameworks. This proposal composed of five stages that iteratively and incrementally systematize security management in SoS. These stages start with SoS Discovery. Its objective is to model and analyze the SoS, defining the constituent systems and shared resources (data and functionalities). In the second phase, Red Requirements, this model is used to detect vulnerabilities by simulating the behavior of an attacker. After that, the third phase, Blue Requirements, focuses on jointly defining a set of alternatives that prevent an attacker from taking advantage of each of these vulnerabilities. The development of countermeasures that protect against these vulnerabilities is carried out in the fourth phase, Development. The fifth phase of TeSSoS is called Evaluation. This fifth stage uses the catalog of previously detected vulnerabilities. The vulnerabilities are used as a guide to simulated attacks that can verify whether the developed countermeasures have been affected to protect the system. Finally, the Act stage resumes the work done and a retrospective is carried out with the aim of optimizing the use of resources in the successive iterations of TeSSoS. The thesis ends by presenting a case on which the TeSSoS framework is applied. This case study studying the resources and the vulnerabilities that may emerge on the SoS considering the Digital Persona as a virtual SoS. The constituent systems of this virtual SoS correspond to each one of the specific identities among the different systems. After analyzing the results, vulnerabilities were detected and countermeasures were proposed, improving the security on the Digital Personae. Therefore, the scientific production of this thesis contributes to solving the problem with the design and use of a framework, which enabled the second hypothesis to be answered.
