- This event has passed.
Leveraging External Data Sources to Enhance Secure System Design
June 3, 2021 @ 6:00 pm - 7:00 pm
FreeABSTRACT:
Today’s software systems are riddled with security vulnerabilities that invite attack. We envisage a secure software design process at the architectural level, in which the security requirements are adequate, thus enabling appropriate security controls to be implemented to mitigate known threats and vulnerabilities. How can we ensure that the security requirements are adequate? In this talk, we tackle this question by focusing on how external online data sources for vulnerabilities, attack patterns, threat intelligence, and other security information can be leveraged, using Natural Language Processing (NLP), to assist designers in validating the adequacy of the security requirements. This validation is done by determining which requirements map to known threats (identified from the external data), which requirements may be extraneous, and which threats may need a closer look to identify new requirements. We will discuss the availability and nature of the external data sources and describe how we employ NLP to process the data to support the design of secure systems.
BIOGRAPHY:
Dr. Jason Jaskolka is an Assistant Professor in the Department of Systems and Computer Engineering and the Director of the Cyber Security Evaluation and Assurance (CyberSEA) Research Lab at Carleton University, Ottawa, ON, Canada. He received his Ph.D. in Software Engineering in 2015 from McMaster University, Hamilton, ON, Canada. His research interests include cyber security evaluation and assurance, threat modeling, security-by-design, and formal methods and data-driven approaches for software and security engineering. He is interested in applying his research to critical infrastructures, industrial control systems, cyber-physical and distributed systems, and the Internet of Things (IoT).