A cybersecurity approach using systemic functional grammars
Cybersecurity Assessment and Risk Enumeration for Systems (CARES)
CARES helps designers and cyber analysts build cybersecurity into components for Navy systems. CARES uses systemic functional grammars (SFGs), a technique from computational linguistics, to provide an expressive enumeration of the entire attack space. Then CARES automatically generates a quantitative list of security vulnerabilities for the system, along with consistent recommendations for fixing vulnerabilities. These recommendations account for other system and design needs, such as performance and cost.
“During the system design stage, designers and cyber analysts need detailed information to accurately assess and model cybersecurity. However, cybersecurity is typically ‘bolted on’ to deployed systems and rarely built during early design stages. Bolted-on cybersecurity components are costly and often produce conflicting recommendations.”
Software Engineer and Principal Investigator on the CARES effort
Our CARES approach provides risk assessment and cyberattack mitigations for systems early in the design stage. This cost-effective and reliable solution helps designers and cyber analysts better equip Navy systems with cybersecurity before they are deployed.
CARES reflects our commitment to developing novel, intelligent solutions for cyber defense. In addition, under our GearCASE effort, we are using SFGs to automatically generate cybersecurity requirements.
This material is based upon work supported by the Naval Sea Systems Command under Contract No. N6833519C0724. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Naval Sea Systems Command. Statement A: Approved for Release. Distribution is unlimited.