ABSTRACT
We propose a multi-criteria framework for ranking controlling strategies based on several weights, such as delay-time, resource cost, and success-probability of attacks defined via quantitative threat analysis. Therefore, by assigning a different priority to weight-dimensions, we can rank controllers in an adaptive way. We exemplify our approach on the Customer Energy Management System, that acting as an interface among different systems, is open to attacks. We consider the Man in the Middle and Denial of Service attacks.
- S. Bistarelli, U. Montanari, and F. Rossi. Semiring-based Constraint Solving and Optimization. JACM, 44(2):201--236, 1997. Google ScholarDigital Library
- G. Caravagna, G. Costa, and G. Pardini. Lazy security controllers. In STM, pages 33--48, 2012.Google Scholar
- V. Ciancia, F. Martinelli, I. Matteucci, and C. Morisset. Quantitative evaluation of enforcement strategies - position paper. In FPS, pages 178--186, 2013. Google ScholarDigital Library
- P. Drábik, F. Martinelli, and C. Morisset. Cost-aware runtime enforcement of security policies. In STM, pages 1--16, 2012.Google Scholar
- A. Easwaran, S. Kannan, and I. Lee. Optimal control of software ensuring safety and functionality. Technical Report MS-CIS-05-20, University of Pennsylvania, 2005.Google Scholar
- G. Elahi, E. Yu, and N. Zannone. Security risk management by qualitative vulnerability analysis. In Proceedings of METRISEC '11, pages 1--10. IEEE Computer Society, 2011. Google ScholarDigital Library
- C. Hägerling, F. M. Kurtz, C. Wietfeld, D. Iacono, A. Daidone, and F. Di Giandomenico. Security Risk Analysis and Evaluation of Integrating Customer Energy Management Systems into Smart Distribution Grids. In CIRED Workshop Proc., 2014.Google Scholar
- E. LeMay, M. D. Ford, K. Keefe, W. H. Sanders, and C. Muehrcke. Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE). In Proc. of QEST, pages 191--200, 2011. Google ScholarDigital Library
- Y. Mallios, L. Bauer, D. K. Kaynar, F. Martinelli, and C. Morisset. Probabilistic cost enforcement of security policies. In STM, pages 144--159, 2013.Google ScholarCross Ref
- M. Mont, R. Brown, S. Arnell, and N. Passingham. Security analytics: risk analysis for an organisation's incident management process. HP Lab., TR HPL-2012-206, 2012.Google Scholar
- NIST. Framework for improving critical infrastructure cybersecurity, February 12, 2014. http://goo.gl/X3Uvtj, (accessed Dec. 2015).Google Scholar
- N. Nostro, I. Matteucci, A. Ceccarelli, F. Di Giandomenico, F. Martinelli, and A. Bondavalli. On security countermeasures ranking through threat analysis. In SAFECOMP 2014Google Scholar
Index Terms
- A multi-criteria ranking of security countermeasures
Recommendations
Improving offensive cyber security assessments using varied and novel initialization perspectives
ACMSE '18: Proceedings of the ACMSE 2018 ConferenceOffensive cyber security assessment methods such as red teaming and penetration testing have grown in parallel with evolving threats to evaluate traditional and diverging attack surfaces. This paper provides a taxonomy of ethical hacker conducted ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Analysis and countermeasures of security vulnerability on portal sites
ICUIMC '11: Proceedings of the 5th International Conference on Ubiquitous Information Management and CommunicationRecently, major portal sites are suffering from a number of attacks and it is growing exponentially. July 2009, there has been system failure on government sites and some of the major portal sites due to the DDoS (Distributed Denial of Service) attack. ...
Comments