Computer Science Program and Dean of the College Present
The Challenge of CyberSecurity Decision-Support Systems Under Uncertainty
Tuesday, December 5, 2017
RKC 111
4:45 pm EST/GMT-5
4:45 pm EST/GMT-5
Hanan Hibshi, Carnegie Mellon University
Organizations rely on security experts to evaluate the security of their systems. These professionals use background knowledge and experience to assess risk and decide on mitigations. Despite the abundance of security controls, guidelines, and checklists, security experts rely mostly on their background knowledge and experience to make security-related decisions. The substantial depth of expertise in any one area (e.g., databases, networks, operating systems) precludes the possibility that an expert would have complete knowledge about all threats and vulnerabilities. To begin addressing this problem of fragmented knowledge, we investigate the challenge of developing a security requirements rule base that mimics multi-human expert reasoning to enable new decision-support systems. In this talk, I will highlight the challenges in security decision-making process. I will also explain how we collect experts assessments of security measures nested in scenarios, and extract security mitigation rules. These rules could be used to build an intelligent system, which captures the knowledge of many experts in combination. Extracting security knowledge from experts is done empirically with user-studies by applying factorial vignettes to capture the experts' assessments of mitigations in scenarios composed of many components affecting the decision-making process. The outcome of the analysis will be used to generate membership functions for a type-2 fuzzy logic system. The corresponding fuzzy rule-sets encode the interpersonal and intra-personal uncertainties among experts in decision-making. This work explores security decision-making in presence of: composite security requirements, varying expertise, and uncertainty.For more information, call 845-752-2359, or e-mail [email protected].
Time: 4:45 pm EST/GMT-5
Location: RKC 111