SERSCIS: Semantically Enhanced Resilient and Secure Critical Infrastructure Services
Cloud infrastructure enables agile, definition, composition and deployment of IT resources. These are used to meet in-house IT requirements by dynamic scaling of IT resources, and increasingly to create shared IT resources to support inter-enterprise applications, including social networking assets and Big Data systems. Conventional information security risk analysis approaches are not well suited to managing risks in such dynamic and evolving systems. Real-time threat analysis, detection and mitigation methods are needed, that can be applied during the design or operation of cloud-based virtualised infrastructure and services.
The development of state-of-the-art risk management and modelling techniques suitable for dynamic ICT systems, where the run-time configuration of the system is unknown at design time. SERSCIS developed a layered semantic modelling approach that can be adapted to any domain, and allows security experts and system designers to insert their knowledge, e.g. the security experts define generic assets, security threats and controls, while the system designer models their own system via intuitive and easy to use graphical user interfaces. Machine reasoning is then used to apply security expertise to analyse the system design and automatically identify security risks. The output from this analysis can also be used to analyse monitoring data from the system at run-time, using Bayesian and semantic inference to determine which threats are active and estimate the most likely root cause.
The results of SERSCIS have been published in high quality conferences and journals. The semantic modelling work is being extended via further projects e.g. in FP7 OPTET which deals with socio-economics issues in trustworthy ICT systems, and the UK TRIFORM project which is investigating trust monitoring approaches in eHealth systems. SERSCIS models are also being applied in other application domains, e.g. to model risks for long-term archive service operations. The System Composer from SERSCIS is being developed into a risk management tool for system designers, so they can exploit these semantic knowledge bases to automatically identify potential security risks within their own system designs.