Paul M. Beach

Paul M. Beach

PhD student at the Air Force Institute of Technology

Publications

Developing a Methodology for the Identification of Alternative NoSQL Data Models via Observation of Relational Database Usage

Published in The 18th International Conference on Information and Knowledge Engineering, 2019

NoSQL databases are largely synonymous with Big Data applications, however there is existing research to support their usage for smaller scale applications (even on a single desktop). This work seeks to reinforce this notion by proposing a methodology to identify when a NoSQL database may be better suited than an existing Relational Database Management System (RDBMS). First, approaches to characterizing database workloads are discussed, along with a summary of relevant benchmarking metrics. Then, we present a methodology for evaluating the suitability of an existing RDBMS against possible alternative NoSQL databases.

Recommended citation: Beach, P. M., Langhals, B. T., Grimaila, M. R., Hodson, D. D., & Engle, R. D. Developing a Methodology for the Identification of Alternative NoSQL Data Models via Observation of Relational Database Usage. http://0xbeaker.github.io/files/Beach-et-al.-2019-Developing-a-Methodology-for-the-Identification-of-Alternative-NoSQL-Data-Models-via_Observation-of-Relational-Database-Usage.pdf

Analysis of Systems Security Engineering Design Principles for the Development of Secure and Resilient Systems

Published in IEEE Access, 2019

The increasing prevalence of cyber-attacks highlights the need for improved systems security analysis and engineering in safety-critical and mission-essential systems. Moreover, the engineering challenge of developing secure and resilient systems that meet specified constraints of cost, schedule, and performance is progressively difficult given the trend towards increasingly complexity, interrelated systems-of-systems. This paper analyzes the 18 design principles presented in National Institute of Standards and Technology Special Publication (NIST SP) 800-160 Volume 1 and considers their applicability for the development of secure and resilient systems of interest. The purpose of this work is to better understand how these design principles can be consistently and effectively employed to meet stakeholder defined security and resiliency needs as part of a comprehensive systems security engineering approach. Specifically, this work uses Design Structure Matrix (DSM) analysis to study the 18 design principles presented in NIST SP 800-160 Vol. 1, Appendix F, along with their intra-and inter-dependencies to develop complex cyber-physical systems that are secure, trustworthy, and resilient. The DSM analysis results increase understanding of the various relationships between the 18 design principles and identifies two clusters for secure systems design: Architecture and Trust. Lastly, this work provides a notional command and control system case study, along with a detailed listing of engineering considerations, to demonstrate how these principles and their groupings can be systematically applied as part of a comprehensive approach for developing cyber-physical systems which are designed to operate in hostile environments.

Recommended citation: P. M. Beach, L. O. Mailloux, B. T. Langhals and R. F. Mills, "Analysis of Systems Security Engineering Design Principles for the Development of Secure and Resilient Systems," in IEEE Access, vol. 7, pp. 101741-101757, 2019. http://0xbeaker.github.io/files/Beach-et-al.-2019-Analysis-of-Systems-Security-Engineering-Design-Principles-for-the-Development-of-Secure-and-Resilient-Systems.pdf

A STAMP-Based Approach to Developing Quantifiable Measures of Resilience

Published in The 16th International Conference on Embedded Systems, Cyber-physical Systems, and Applications, 2018

The quality of resilience is a desirable attribute in todays complex cyber-physical systems, but there is little consensus on what constitutes a suitable metric for resiliency. This work seeks to build upon an existing method for developing suitable resiliency metrics for complex cyber-physical systems. Specifically, several definitions of resilience are presented and their applicability to quantifiable measures of resilience is discussed. Next, methods for identifying and evaluating the impact of disruptive events on a system of interest and the development of resilience strategies is discussed. Finally, a detailed case study demonstrating a systems-based approach for the development and analysis of quantifiable measures of resiliency is presented.

Recommended citation: Beach, P. M., Mills, R. F., Burfeind, B. C., Langhals, B. T., & Mailloux, L. O. (2018). A STAMP-based approach to developing quantifiable measures of resilience. In Proceedings of the 16th International Conference on Embedded Systems, Cyber–Physical Systems, and Applications (ESCS 2018), Las Vegas, NV, USA (Vol. 30). http://0xbeaker.github.io/files/Beach-et-al.-2018-A-STAMP-based-Approach-to-Developing-Quantifiable-Measures-of-Resilience.pdf

Examination of Security Design Principles from NIST SP 800-160

Published in 2018 IEEE Systems Conference, 2018

This paper explores the engineering of secure and resilient systems through a detailed examination of security strategies and principles as presented in Appendix F of the recently published National Institute of Standards and Technology Special Publication (NIST SP) 800-160. First, a brief introduction to systems security engineering is provided with recommended readings for those who desire to become more familiar with the specialty domain. Next, the NIST SP 800-160 Appendix F systems security strategies and principles are described, as well as, examined for implementation considerations. This examination and mapping provides a linkage of abstract security strategies to concrete security principles which can be more directly implemented, traced, and tested.

Recommended citation: Mailloux, L. O., Beach, P. M., & Span, M. T. (2018). Examination of Security Design Principles from NIST SP 800-160. In 2018 IEEE International Systems Conference (pp. 488–495). Vancouver, BC, Canada. http://0xbeaker.github.io/files/Mailloux-Beach-Span-(2018)-Examination-of-Security-Design-Principles-from-NIST-SP-800-160.pdf