Ellis Research Institute Center for Cyber Strategy and Studies

Research

Contents

On-going research

Strategy modeling framework
Modeling software

Research archive

Automating security analysis

On-Going Research

Strategy Modeling Framework

For it’s first formal research project, the Ellis Research Institute is focusing on creating a modeling framework for producing clear, comparable, and sharable descriptions of strategic options. Stemming from a need to have objective analysis of potential decisions, this modeling framework is designed to address the requirement-cause-effect nature of actions taken by attackers and defenders in relation to the connected nature of people, assets, and data. The framework is built to be compatible with existing methodologies such as MITRE’s ATT&CK; framework, the Cyber Kill Chain, and other taxonomies for abstracting security. The institute plans to use this framework to guide future research and to provide output in a common and standardized format.

Modeling Software

In addition to the modeling framework methodology, the Ellis Research Institute is working to produce software which will aide in the creation and analysis of models. This software is based on graph technology used to capture the relationships between objects, requirements, and actions.

Research Archive

The Ellis Research Institute has a small body of existing research which can be downloaded, for free, below.

Automating Security Analysis

Automation is becoming a ubiquitous component of modern security analysis. Acting as an extension of the analyst, automation increases the overall potential for review and therefore, the benefits of automation cannot be ignored. The size of security-related data sets are constantly growing, while incident mitigation time-lines steady fall – leaving little room for conducting analysis at the “speed of humans.” Automation and custom-developed tools are a critical part of addressing these time-line concerns as well as the other issues that arise from large-scale analysis. Producing and supporting these new tools, processes or capabilities introduces additional complexity and potential for error that must also be considered for automation to be considered successful. With benefits, concerns, and mitigations in mind security teams can identify new and valuable places to focus research and development on automated capabilities. [Download]