Context-Aware Ontology-based Security Measurement Model

Abstract

Security measurement models (SMMs) and quantitative security metrics (QSMs) are crucial pillars of systematic security measurement. How to design the enhanced SMMs and effective QSMs has been seriously considered in recent years. However, to the best of our knowledge, a desirable SMM has not yet been provided to measure the security effectiveness of a national-level network (NLN) due to its specific attributes. NLN has three main attributes, including plurality and diversity of network components, continuous changes, and simultaneous functionalities. These attributes cause three major challenges to designing a desirable SMM for NLN, including complexity, dynamic measurement, and multidimensionality. Hence, a desirable SMM for NLN should fulfill five desirability criteria to overcome the challenges, including simplicity, dynamics, comprehensiveness, scalability, and simultaneous overall and granular measurement. Considering the comparison of SMMs, such a desirable model should exclusively be a context-aware ontology-based SMM (CAO-SMM). In this paper, we propose a three layers CAO-SMM in which a comprehensive set of contextual dynamic QSMs are embedded. Our proposed SMM measures the security effectiveness component of network security situation relying on three indices: (1) deterrence against threats; (2) resiliency versus attacks; (3) survivability to impacts. First, an ontology-based SMM is designed. Then, the context-awareness feature is embedded to turn it into a CAO-SMM. Eventually, the desirability of our proposed CAO-SMM and its embedded QSMs are evaluated. CAO-SMM desirability along with the comprehensive coverage and distribution of its embedded QSMs enable us to precisely measure the security effectiveness across the whole network and its contextual components, including the network functionalities.