Security Quantification of Container-Technology-Driven E-Government Systems

Abstract

With the rapidly increasing demands of e-government systems in smart cities, a myriad of challenges and issues are required to be addressed. Among them, security is one of the prime concerns. To this end, we analyze different e-government systems and find that an e-government system built with container-based technology is endowed with many features. In addition, overhauling the architecture of container-technology-driven e-government systems, we observe that securing an e-government system demands quantifying security issues (vulnerabilities, threats, attacks, and risks) and the related countermeasures. Notably, we find that the Attack Tree and Attack–Defense Tree methods are state-of-the-art approaches in these aspects. Consequently, in this paper, we work on quantifying the security attributes, measures, and metrics of an e-government system using Attack Trees and Attack–Defense Trees—in this context, we build a working prototype of an e-government system aligned with the United Kingdom (UK) government portal, which is in line with our research scope. In particular, we propose a novel measure to quantify the probability of attack success using a risk matrix and normal distribution. The probabilistic analysis distinguishes the attack and defense levels more intuitively in e-government systems. Moreover, it infers the importance of enhancing security in e-government systems. In particular, the analysis shows that an e-government system is fairly unsafe with a 99% probability of being subject to attacks, and even with a defense mechanism, the probability of attack lies around 97%, which directs us to pay close attention to e-government security. In sum, our implications can serve as a benchmark for evaluation for governments to determine the next steps in consolidating e-government system security.