research-article

Risk-Oriented Design Approach For Forensic-Ready Software Systems

Authors:

Raimundas MatulevičiusAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 48, Pages 1 - 10

https://doi.org/10.1145/3465481.3470052

Published: 17 August 2021 Publication History

Abstract

Digital forensic investigation is a complex and time-consuming activity in response to a cybersecurity incident or cybercrime to answer questions related to it. These typically are what happened, when, where, how, and who is responsible. However, answering them is often very laborious and sometimes outright impossible due to a lack of useable data. The forensic-ready software systems are designed to produce valuable on-point data for use in the investigation with potentially high evidence value. Still, the particular ways to develop these systems are currently not explored.

This paper proposes consideration of forensic readiness within security risk management to refine specific requirements on forensic-ready software systems. The idea is to re-evaluate the taken security risk decisions with the aim to provide trustable data when the security measures fail. Additionally, it also considers possible disputes, which the digital evidence can solve. Our proposed approach, risk-oriented forensic-ready design, composes of two parts: (1) process guiding the identification of the requirements in the form of potential evidence sources, and (2) supporting BPMN notation capturing the potential evidence sources and their relationship. Together they are aimed to provide a high-level overview of the forensic-ready requirements within the system. Finally, the approach is demonstrated on an automated valet parking scenario, followed by a discussion regarding its impact and usefulness within the forensic readiness effort.

References

[1]

Nurul Hidayah Ab Rahman, William Bradley Glisson, Yanjiang Yang, and Kim-Kwang Raymond Choo. 2016. Forensic-by-Design Framework for Cyber-Physical Cloud Systems. IEEE Cloud Computing 3, 1 (2016), 50–59. https://doi.org/10.1109/MCC.2016.5

[2]

Naved Ahmed and Raimundas Matulevičius. 2014. Securing business processes using security risk-oriented patterns. Computer Standards & Interfaces 36, 4 (2014), 723–733. https://doi.org/10.1016/j.csi.2013.12.007 Security in Information Systems: Advances and new Challenges.

Digital Library

[3]

Dalal Alrajeh, Liliana Pasquale, and Bashar Nuseibeh. 2017. On Evidence Preservation Requirements for Forensic-ready Systems. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (Paderborn, Germany) (ESEC/FSE 2017). ACM, New York, NY, USA, 559–569. https://doi.org/10.1145/3106237.3106308

Digital Library

[4]

Olga Altuhhova, Raimundas Matulevičius, and Naved Ahmed. 2013. An Extension of Business Process Model and Notation for Security Risk Management. International Journal of Information System Modeling and Design 4 (10 2013), 93–113. https://doi.org/10.4018/ijismd.2013100105

Digital Library

[5]

Edita Bajramovic, Karl Waedt, Antonio Ciriello, and Deeksha Gupta. 2016. Forensic readiness of smart buildings: Preconditions for subsequent cybersecurity tests. In 2016 IEEE International Smart Cities Conference (ISC2). 1–6. https://doi.org/10.1109/ISC2.2016.7580754

[6]

Eoghan Casey. 2011. Digital Evidence and Computer Crime(3rd ed ed.). Academic Press, Waltham, MA.

[7]

Eoghan Casey and Bruce Nikkel. 2020. Forensic analysis as iterative learning. In The Security of Critical Infrastructures. Springer, 177–192.

[8]

Mohammad Jabed Morshed Chowdhury, Raimundas Matulevičius, Guttorm Sindre, and Peter Karpati. 2012. Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions. In Requirements Engineering: Foundation for Software Quality. Springer Berlin Heidelberg, Berlin, Heidelberg, 132–139.

[9]

Lawrence Chung, Brian A Nixon, Eric Yu, and John Mylopoulos. 2012. Non-functional requirements in software engineering. Vol. 5. Springer Science & Business Media.

[10]

Anton Chuvakin, Kevin Schmidt, and Chris Phillips. 2012. Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management. Newnes.

[11]

Daimler. 2020. Driverless in the parking lot. Automated Valet Parking. https://www.daimler.com/innovation/case/autonomous/driverless-parking.html

[12]

Lukas Daubner, Martin Macak, Barbora Buhnova, and Tomas Pitner. 2020. Towards verifiable evidence generation in forensic-ready systems. In 2020 IEEE International Conference on Big Data (Big Data). 2264–2269. https://doi.org/10.1109/BigData50022.2020.9378035

[13]

Lukas Daubner, Martin Macak, Barbora Buhnova, and Tomas Pitner. 2020. Verification of Forensic Readiness in Software Development: A Roadmap. In Proceedings of the 35th Annual ACM Symposium on Applied Computing (Brno, Czech Republic) (SAC ’20). Association for Computing Machinery, New York, NY, USA, 1658–1661. https://doi.org/10.1145/3341105.3374094

Digital Library

[14]

Melike Erol-Kantarci and Hussein T. Mouftah. 2013. Smart grid forensic science: applications, challenges, and open issues. IEEE Communications Magazine 51, 1 (2013), 68–74. https://doi.org/10.1109/MCOM.2013.6400441

[15]

Simson L. Garfinkel. 2010. Digital forensics research: The next 10 years. Digital Investigation 7(2010), S64 – S73. https://doi.org/10.1016/j.diin.2010.05.009 The Proceedings of the Tenth Annual DFRWS Conference.

Digital Library

[16]

Johannes Geismann and Eric Bodden. 2020. A systematic literature review of model-driven security engineering for cyber–physical systems. Journal of Systems and Software 169 (2020), 110697. https://doi.org/10.1016/j.jss.2020.110697

[17]

George Grispos, William Bradley Glisson, and Kim-Kwang Raymond Choo. 2017. Medical Cyber-Physical Systems Development: A Forensics-Driven Approach. In 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE). 108–113. https://doi.org/10.1109/CHASE.2017.68

Digital Library

[18]

C. P. Grobler and C. P. Louwrens. 2007. Digital Forensic Readiness as a Component of Information Security Best Practice. In New Approaches for Security, Privacy and Trust in Complex Environments. Springer US, Boston, MA, 13–24.

[19]

Jan Jürjens. 2002. UMLsec: Extending UML for Secure Systems Development. In «UML» 2002 — The Unified Modeling Language. Springer Berlin Heidelberg, Berlin, Heidelberg, 412–425.

[20]

Jeff Mutunda Kazadi and Husin Jazri. 2015. Using digital forensic readiness model to increase the forensic readiness of a computer system. In 2015 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC). 131–137. https://doi.org/10.1109/ETNCC.2015.7184822

[21]

Raimundas Matulevičius. 2017. Fundamentals of secure system modelling. Springer.

[22]

Raimundas Matulevičius, Nicolas Mayer, Haralambos Mouratidis, Eric Dubois, Patrick Heymans, and Nicolas Genon. 2008. Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development. In Advanced Information Systems Engineering. Springer Berlin Heidelberg, Berlin, Heidelberg, 541–555.

[23]

Nicolas Mayer. 2009. Model-based Management of Information System Security Risk. Theses. University of Namur. https://tel.archives-ouvertes.fr/tel-00402996

[24]

Jianbing Ni, Xiaodong Lin, and Xuemin Shen. 2019. Toward Privacy-Preserving Valet Parking in Autonomous Driving Era. IEEE Transactions on Vehicular Technology 68, 3 (2019), 2893–2905. https://doi.org/10.1109/TVT.2019.2894720

[25]

Anita Onyinye Nwaokolo. 2020. A Comparison of Privacy Enhancing Technologies in Internet of Vehicle Systems. Master’s thesis. University of Tartu. https://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=70162&year=2020

[26]

Liliana Pasquale, Dalal Alrajeh, Claudia Peersman, Thein Tun, Bashar Nuseibeh, and Awais Rashid. 2018. Towards Forensic-ready Software Systems. In Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results (Gothenburg, Sweden) (ICSE-NIER ’18). ACM, New York, NY, USA, 9–12. https://doi.org/10.1145/3183399.3183426

Digital Library

[27]

Fanny Rivera-Ortiz and Liliana Pasquale. 2020. Automated Modelling of Security Incidents to Represent Logging Requirements in Software Systems. In Proceedings of the 15th International Conference on Availability, Reliability and Security (Virtual Event, Ireland) (ARES ’20). Association for Computing Machinery, New York, NY, USA, Article 35, 8 pages. https://doi.org/10.1145/3407023.3407081

Digital Library

[28]

Robert Rowlingson. 2004. A Ten Step Process for Forensic Readiness. International Journal of Digital Evidence 2 (01 2004).

[29]

Bruce Silver. 2009. BPMN Method and Style: A levels-based methodology for BPM process modeling and improvement using BPMN 2.0.

[30]

Ian Sommerville. 2010. Software Engineering(9th ed.). Addison-Wesley Publishing Company, USA.

Digital Library

[31]

Inam Soomro and Naved Ahmed. 2013. Towards Security Risk-Oriented Misuse Cases. In Business Process Management Workshops. Springer Berlin Heidelberg, Berlin, Heidelberg, 689–700.

[32]

Ioannis Stellios, Panayiotis Kotzanikolaou, Mihalis Psarakis, Cristina Alcaraz, and Javier Lopez. 2018. A Survey of IoT-Enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services. IEEE Communications Surveys Tutorials 20, 4 (2018), 3453–3495. https://doi.org/10.1109/COMST.2018.2855563

Digital Library

[33]

John Tan. 2001. Forensic readiness. Technical Report. @stake, Inc.

[34]

Wil van der Aalst. 2016. Process Mining: Data Science in Action(2nd ed.). Springer Publishing Company, Incorporated.

[35]

Maria Vasilevskaya. 2015. Security in Embedded Systems: A Model-Based Approach with Risk Metrics. Ph.D. Dissertation. Linköping University Electronic Press.

[36]

Jasmin Ćosić and Miroslav Bača. 2010. (Im)proving chain of custody and digital evidence integrity with time stamp. In The 33rd International Convention MIPRO. 1226–1230.

Cited By

Henriques JCaldeira FCruz TSimões P(2024)A Survey on Forensics and Compliance Auditing for Critical Infrastructure ProtectionIEEE Access10.1109/ACCESS.2023.334855212(2409-2444)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2023.3348552
Daubner LMaksović SMatulevičius RBuhnova BSedlác̆ek T(2024)Forensic-Ready Analysis Suite: A Tool Support for Forensic-Ready Software Systems DesignResearch Challenges in Information Science10.1007/978-3-031-59468-7_6(47-55)Online publication date: 4-May-2024
https://doi.org/10.1007/978-3-031-59468-7_6
Daubner LMacak MMatulevičius RBuhnova BMaksović SPitner T(2023)Addressing insider attacks via forensic-ready risk managementJournal of Information Security and Applications10.1016/j.jisa.2023.10343373:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103433
Show More Cited By

Recommendations

Verification of forensic readiness in software development: a roadmap
SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied Computing

Nowadays, a growing need for the forensic investigation of cybercrimes emerges. It is because of the rising threat of those crimes in cyberspace. Nevertheless, such investigations are highly time-consuming with delicate supportive processes. The problem ...
Addressing insider attacks via forensic-ready risk management
Abstract
Cyberattacks perpetrated by insiders are difficult to prevent using traditional security approaches. Often, such attackers misuse legitimate access to the system to conduct an attack, or an external attacker manipulates or masquerades ...
Graphical abstract

Display Omitted
Highlights
- Security practices are limited in preventing attacks from or enabled by insiders.
Aligning mal-activity diagrams and security risk management for security requirements definitions
REFSQ'12: Proceedings of the 18th international conference on Requirements Engineering: foundation for software quality

[Context and motivation] Security engineering is one of the important concerns during system development. It should be addressed throughout the whole system development process. There are several languages for security modelling that help dealing with ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
136
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Henriques JCaldeira FCruz TSimões P(2024)A Survey on Forensics and Compliance Auditing for Critical Infrastructure ProtectionIEEE Access10.1109/ACCESS.2023.334855212(2409-2444)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2023.3348552
Daubner LMaksović SMatulevičius RBuhnova BSedlác̆ek T(2024)Forensic-Ready Analysis Suite: A Tool Support for Forensic-Ready Software Systems DesignResearch Challenges in Information Science10.1007/978-3-031-59468-7_6(47-55)Online publication date: 4-May-2024
https://doi.org/10.1007/978-3-031-59468-7_6
Daubner LMacak MMatulevičius RBuhnova BMaksović SPitner T(2023)Addressing insider attacks via forensic-ready risk managementJournal of Information Security and Applications10.1016/j.jisa.2023.10343373:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103433
Daubner LMatulevičius RBuhnova BPitner T(2023)BPMN4FRSS: An BPMN Extension to Support Risk-Based Development of Forensic-Ready Software SystemsEvaluation of Novel Approaches to Software Engineering10.1007/978-3-031-36597-3_2(20-43)Online publication date: 8-Jul-2023
https://doi.org/10.1007/978-3-031-36597-3_2
Daubner LMatulevičius RBuhnova B(2023)A Model of Qualitative Factors in Forensic-Ready Software SystemsResearch Challenges in Information Science: Information Science and the Connected World10.1007/978-3-031-33080-3_19(308-324)Online publication date: 23-May-2023
https://doi.org/10.1007/978-3-031-33080-3_19
Daubner LBuhnova BPitner T(2023)Forensic experts' view of forensic‐ready software systemsJournal of Software: Evolution and Process10.1002/smr.259836:5Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1002/smr.2598

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents