Ms Chadni Islam
|Org Unit||School of Computer Science|
|Telephone||+61 8 8313 4729|
Software Engineering, Software Architecture, Cyber Security, Security Orchestration and Automation, Incident Response.
- Chadni Islam, Muhammad Ali Babar, and Surya Nepal. 2019. A Multi-Vocal Review of Security Orchestration. 52, 2, Article 37 (April 2019), 45 pages. DOI: https://doi.org/10.1145/3305268 (Core Rank A*)
Abstract: Organizations use diverse types of security solutions to prevent cyber-attacks. Multiple vendors provide security solutions developed using heterogeneous technologies and paradigms. Hence, it is a challenging rather impossible to easily make security solutions to work an integrated fashion. Security orchestration aims at smoothly integrating multivendor security tools that can effectively and efficiently interoperate to support security staff of a Security Operation Centre (SOC). Given the increasing role and importance of security orchestration, there has been an increasing amount of literature on different aspects of security orchestration solutions. However, there has been no effort to systematically review and analyze the reported solutions. We report a Multivocal Literature Review that has systematically selected and reviewed both academic and grey (blogs, web pages, white papers) literature on different aspects of security orchestration published from January 2007 until July 2017. The review has enabled us to provide a working definition of security orchestration and classify the main functionalities of security orchestration into three main areas—unification, orchestration, and automation. We have also identified the core components of a security orchestration platform and categorized the drivers of security orchestration based on technical and socio-technical aspects. We also provide a taxonomy of security orchestration based on the execution environment, automation strategy, deployment type, mode of task and resource type. This review has helped us to reveal several areas of further research and development in security orchestration.
- Chadni Islam, Muhammad Ali Babar and Surya Nepal. An Ontology-Driven Approach to Automating the Process of Integrating Security Software Systems. In ICSSP 2019 International Conference on Software and Systems Process, May 25-26, 2019, Montreal, Canada. (Core Rank A)
Abstract: A wide variety of security software systems need to be integrated into a Security Orchestration Platform (SecOrP) to streamline the processes of defending against and responding to cybersecurity attacks. Lack of interpretability and interoperability among security systems are considered the key challenges to fully leverage the potential of the collective capabilities of different security systems. The processes of integrating security systems are repetitive, time-consuming and error-prone; these processes are carried out manually by human experts or using ad-hoc methods. To help automate security systems integration processes, we propose an Ontologydriven approach for Security OrchestrAtion Platform (OnSOAP). The developed solution enables interpretability, and interoperability among security systems, which may exist in operational silos. We demonstrate OnSOAP's support for automated integration of security systems to execute the incident response process with three security systems (Splunk, Limacharlie, and Snort) for a Distributed Denial of Service (DDoS) attack. The evaluation results show that OnSOAP enables SecOrP to interpret the input and output of different security systems, produce error-free integration details, and make security systems interoperable with each other to automate and accelerate an incident response process.
Abstract: A security orchestration platform aims at integrating the activities performed by multi-vendor security tools to streamline the required incident re-sponse process. To make such a platform useful in practice in a Security Opera-tion Center (SOC), we need to address three key challenges: interpretability, in-teroperability, and automation. In this paper, we proposed a novel semantic in-tegration approach to automatically select and integrate security tools with essential capability for auto-execution of an incident response process in a secu-rity orchestration platform. The capability of security tools and the activities of the incident response process are formalized using ontologies, which have been used for NLP based approach to classify the activities for the emerging incident response processes. The developed ontologies and NLP approaches have been used for an interoperability model for selection and integration of security tools at runtime for the successful execution of an incident response process. Exper-imental results demonstrate the feasibility of the classifier and interoperability model for achieving interpretability, interoperability, and automation of security tools integrated into a security orchestration platform.
The information in this directory is provided to support the academic, administrative and business activities of the University of Adelaide. To facilitate these activities, entries in the University Phone Directory are not limited to University employees. The use of information provided here for any other purpose, including the sending of unsolicited commercial material via email or any other electronic format, is strictly prohibited. The University reserves the right to recover all costs incurred in the event of breach of this policy.
Entry last updated: Thursday, 26 Sep 2019
To link to this page, please use the following URL: https://www.adelaide.edu.au/directory/chadni.islam