Modeling Network Security: Case Study of Email System
This work addresses the need for a foundational security framework for network administrators, but it is incremental as it builds on existing ontology-based approaches without introducing new technical methods.
The authors tackled the problem of lacking a holistic security methodology in computer networks by developing a diagrammatic representation called a 'thinging machine' to model security systems, applying it to email security as a case study.
We study operational security in computer network security, including infrastructure, internal processes, resources, information, and physical environment. Current works on developing a security framework focus on a security ontology that contributes to applying common vocabulary, but such an approach does not assist in constructing a foundation for a holistic security methodology. We focus on defining the bounds and creating a representation of a security system by developing a diagrammatic representation (i.e. a model) as a means to describe computer network processes. The model, referred to a thinging machine, is a first step toward developing a security strategy and plan. The general aim is to demonstrate that the representation of the security system plays a key role in making thinking visible through conceptual description of the operational environment, a region in which active security operations are undertaken. We apply the proposed model for email security by conceptually describing a real email system.