Security Engineering (SE) Workbench

Return to the SE-Workbench Project Page

Project Origins

The term "Cyber and Information Security" has been used as an emcompassing reference for the field of Security Engineering that considers: Information System Security, Trustworthy Computing, Data Security, Data Privacy and Cybersecurity.

Cyber and Information Security can be studied from several perspectives, to include: organizational policies and principles, system development lifecycle practices, attacker behaviors, defensive strategies, vulnerability identification and remediation, testing methodologies, etc. Cyber and Information Security is most often taught using security-related taxonomies, such as: security concepts and paradigms, organizational governance, security controls and countermeasures, security vulnerability instances, system architectural patterns, coding techniques, hacking approaches, etc.

The Security Engineering Workbench Project is built on a set of observations and ideas: (1) security-related taxonomies are constantly changing; (2) the usefulness of security knowledge absorbed by learners loses currency over time; (3) the ability for Security Engineers to apply critical thinking and situation analysis over a range of Cyber and Information Security problems is a key learning objective; and (4) interactive decision support tools with current information sources are integral elements of the Cyber and Information Security learning process.

This project will investigate an approach for teaching and learning about Cyber and Information Security that is grounded in authoritative references and augmented with exploratory software tools and series of thought-provoking problems and exercises.

Security Engineering

According to NIST Special Publication 800-53R5, Cybersecurity is defined as... "prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation."

Cybersecurity is considered by many to be a "dark art" practiced by hooded hermits with expertise built on a combination of years of isolated experimentation and apprenticeship within mysterious on-line communities. In reality, cybersecurity is a mix of science and art in a branch of Systems Engineering referred to as Security Engineering. Security Engineering involves the application of technical knowledge and analytical methods in the design, implementation, operation and evaluation of security functions of complex information technology systems.

Security engineers use techniques such as critical thinking, situational analysis and deductive reasoning to analyze systems in order to identify, prevent and remediate weaknesses, defects and operational anomalies in the system. Security engineers are guided by abstract concepts and principles to include: confidentiality, integrity, availability, resilience and least privilege. Security engineers may practice their craft in a solitary way or engage as adversaries in red teams and blue teams that test and refine security controls countermeasures, mechanisms and services.

Each system or incident analyzed is unique. Each analysis may be constrained by time, resources, knowledge, tools, and other factors. These constraints may drive decisions that affect the completeness of an analysis. Constraints may lead a security engineer to focus on familiar issues, well-known countermeasures and convenient security mechanisms. Constraints may lead a security engineer to prioritize work based on statistical analysis or a qualitative measure of risk, rather than enumerate and evaluate the complete attack surface for the system.

Security Engineers rely heavily on reference information when performing security analysis. Security reference information is spread across hundreds of documents and thousands of web pages. Security reference information can be found in a combination of international, national and industry standards, best practice technical guides, catalogs of architectural patterns, security controls, attack patterns, vulnerabilities and weaknesses, attacker techniques and tactics, alerts, incident summaries, and more. Some security reference information sources are available to the public, while others must be purchased, or require membership in a Professional Society or Special Interest Group.

The current practice of Security Engineering is constrained by: the shortage of skilled personnel, the amount of information to digest, the time needed to perform complete analysis, and the rate of change of the "security problem". Availability and Useability of security reference information is a core issue for each of these constraints.

The Security-Engineering Workbench

The Security Engineering Workbench is a project that supports the study and practice of Security Engineering. The goal of the Security Engineering (SE) Workbench Project is to demonstrate how automated tools can support critical thinking for security analysis by improving the availability and useability of security reference information.

The primary motivation for this project is to support of academic course offerings related to Cybersecurity. The secondary motivation is to influence the practice of Security Engineering over time.

SE-Workbench Tools

The SE-Workbench tools combine publicly available authoritative information sources related to cybersecurity with modern software and data analysis techniques to enable Information-Driven Security Analysis. Information-Driven Security Analysis is defined as the use of tools and techniques in combination with foundational security concepts and authoritative reference information to improve the consistency, completeness and defensibility of security analysis.

The SE-Workbench tools will support critical thinking, situational analysis and deductive reasoning by aggregating, correlating, manipulating and visualizing security information from authorative data sources in new ways.

The capability of the SE-workbench tools to support and/or provide automated analysis will evolve and mature over time.

Maturity Model for SE-Workbench Tools

Software tooling can take many forms, from simple information display, to data aggregation, to advanced analytics. Tool functionality can be represented with a Maturity Model:

  • Manual Methods: to include, using internet searches and common client/server tools to gather and correlate reference information from authoritative sources
  • Explorers: Visualization of Multiple Data Sources, to include, Data Aggregation and Data Manipulation, etc.
  • Advisors: i.e., Exploration with Augmented Data, to include, Resolution of Missing Values, Cross Reference & Cross Correlation, Relationship Identification and Affinity Grouping, etc.
  • Assistants: Cooperative Computing using advanced analytics, to include, Comparative Analysis between Baselines, Benchmarks versus Local Parameters and Values
  • Experts: Autonomous Computing using advanced analytics, to include, System Modeling, System Optimization, Scenario Creation and Testing, Constraint Analysis, etc.

See the SE-Workbench Tools Section of the project to learn about the current implementations.

top of the page

Copyright © 2021, 2022 Jim Whitmore.

LAST UPDATE: 06 September 2022