Quantifying risks to data assets using formal metrics in embedded system design

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 9337, Issue , 2015, Pages 347-361

  Vasilevskaya, Maria ^a   Nadjm Tehrani, Simin ^a  

^a LINKÖPING UNIVERSITY   (Sweden)

Author keywords

Attack modelling; Confidentiality loss; Data assets; Embedded systems; Integrity loss; Model based; Security risks; Smart meter; Stochastic modelling

Indexed keywords

EMBEDDED SOFTWARE; RANDOM PROCESSES; RISK ASSESSMENT; SMART METERS; STOCHASTIC MODELS; STOCHASTIC SYSTEMS; SYSTEMS ANALYSIS;

ATTACK MODELLING; DATA ASSETS; DYNAMIC ASPECTS; MODEL-BASED OPC; POTENTIAL ATTACK; SECURITY ANALYSIS; SECURITY RISKS; SYSTEM DESIGN PROCESS;

EMBEDDED SYSTEMS;

EID: 84969802885     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-319-24255-2_25     Document Type: Conference Paper

References (24)

1. CCTA Risk Analysis and Management Method. www.cramm.com, October 2013
2. The SecFutur project: Design of Secure and Energy-efficient Embedded Systems for Future Internet Application. http://www.secfutur.eu
3. IEC/ISO 31010 - Risk Management - Risk Assessment Techniques (2009)
4. DHS Risk Lexicon. Technical report, DHS Risk Steering Committee (2010)
5. Almasizadeh, J., Azgomi, M.A.: A stochastic model of attack process for the evaluation of security metrics. J. Compt. Networks 57(10), 2159–2180 (2013). (Elsevier)
6. Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014)
7. Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: ACM Conference on Computer and Communications Security (2012)
8. Ciardo, G., German, R., Lindemann, C.: A characterization of the stochastic process underlying a stochastic Petri net. IEEE Trans. Softw. Eng. 20(7), 506–515 (1994)
9. Flammini, F., Marrone, S., Mazzocca, N., Vittorini, V.: Petri net modelling of physical vulnerability. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds.) CRITIS 2011. LNCS, vol. 6983, pp. 128–139. Springer, Heidelberg (2013)
10. Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, New York (2009)
11. Herrera, F., Posadas, H., Peñil, P., Villar, E., Ferrero, F., Valencia, R., Palermo, G.: The COMPLEX methodology for UML/MARTE modeling and sesign space exploration of embedded systems. J. Syst. Archit. 60(1), 55–78 (2014). (Elsevier)
12. Howard, R.A.: Dynamic Probabilistic Systems. Wiley, New York (1971)
13. Jobst, M.E.: Security and privacy in the smart energy grid. In: Smart Grid Security Workshop at CSS. ACM (2014)
14. Kordy, B., Piètre-Cambacèdès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014). (Elsevier)
15. Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2010)
16. Madan, B.B., Goševa-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Perform. Eval. 56(1–4), 167–186 (2004). (Elsevier)
17. Ouchani, S., Mohamed, O., Debbabi, M.: A formal verification framework for SysML activity diagrams. J. Expert Syst. Appl. 41(6), 2713–2728 (2014)
18. Parsons, S.: Current approaches to handling imperfect information in data and knowledge bases. IEEE Trans. Knowl. Data Eng. 8(3), 353–372 (1996)
19. Sommestad, T., Ekstedt, M., Johnson, P.: A probabilistic relational model for security risk analysis. Comput. Secur. 29(6), 659–679 (2010). (Elsevier)
20. Stoneburner, G., Goguen, A.Y., Feringa, A.: SP 800–30. Risk Management Guide for Information Technology Systems. In: NIST (2002)
21. Vasilevskaya, M., Gunawan, L.A., Nadjm-Tehrani, S., Herrmann, P.: Integrating security mechanisms into embedded systems by domain-specific modelling. J. Secur. Commun. Networks 7(12), 2815–2832 (2013). (Wiley)
22. Vasilevskaya, M., Nadjm-Tehrani, S.: Model-based security risk analysis for networked embedded systems. In: Conference on Critical Information Infrastructures Security. Springer (2014)
23. Verendel, V.: Quantified security is a weak hypothesis: a critical survey of results and assumptions. In: New Security Paradigms Workshop. ACM (2009)
24. Weiss, J.: A system security engineering process. In: National Computer Security Conference. National Institute of Standards and Technology/National Computer Security Center, pp. 572–581 (1991)