Abstract
Security mechanisms are at the base of modern computer systems, demanded to be more and more reactive to changing environments and malicious intentions. Security policies unable to change in time are destined to be exploited and thus, system security compromised. However, the ability to properly change security policies is only possible once the most effective mechanism to adopt under specific conditions is known. To accomplish this goal, we propose to build a vulnerability model of the system by means of a model-based, layered security approach, then used to quantitatively evaluate the best protection mechanism at a given time and hence, to adapt the system to changing environments. The evaluation relies on the use of a powerful, flexible formalism such as Dynamic Bayesian Networks.
This work was partially supported by Spanish National Cybersecurity Institute (INCIBE) according to rule 19 of the Digital Confidence Plan (Digital Agency of Spain) and the University of León under contract X43.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Devanbu, P.T., Stubblebine, S.: Software engineering for security: a roadmap. In: Proceedings of the Conference on The Future of Software Engineering, ICSE’00, New York, pp. 227–239. ACM (2000)
Rodríguez, R.J., Trubiani, C., Merseguer, J.: Fault-tolerant techniques and security mechanisms for model-based performance prediction of critical systems. In: Proceedings of the 3rd ISARCS, pp. 21–30. ACM (2012)
de Lemos, R., et al.: Software engineering for self-adaptive systems: a second research roadmap. Software Engineering for Self-adaptive Systems II. Volume 7475 of Lecture Notes in Computer Science, pp. 1–32. Springer, Berlin (2013)
NIPP 2013-Partnering for Critical Infrastructure Security and Resilience. U.S. D.H.S., Technical report (2013)
Perez-Palacin, D., Mirandola, R., Merseguer, J.: On the relationships between QoS and software adaptability at the architectural level. J. Syst. Softw. 87, 1–17 (2014)
Dean, T., Kanazawa, K.: A model for reasoning about persistence and causation. Comput. Intell. 5(2), 142–150 (1989)
Macdonald, D., Clements, S., Patrick, S., Perkins, C., Muller, G., Lancaster, M., Hutton, W.: Cyber/physical security vulnerability assessment integration. In: Innovative Smart Grid Technologies (ISGT), 2013 IEEE PES., February 2013, pp. 1–6
Garcia, M.L.: Vulnerability Assessment of Physical Protection Systems, 1st edn. Butterworth-Heinemann (2005)
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Information Security and Cryptology–ICISC 2005, 8th International Conference, Seoul, Korea, 1–2 December 2005, pp. 186–198, Revised Selected Papers (2005)
Bistarelli, S., Fioravanti, F., Peretti, P., Santini, F.: Evaluation of complex security scenarios using defense trees and economic indexes. J. Exp. Theor. Artif. Intell. 24(2), 161–192 (2012)
Zonouz, S.A., Khurana, H., Sanders, W.H., Yardley, T.M.: RRE: a game-theoretic intrusion response and recovery engine. IEEE Trans. Parallel Distrib. Syst. 25(2), 395–406 (2014)
Ficco, M.: Security event correlation approach for cloud computing. Int. J. High Perform. Comput. Netw. 7(3), 173–185 (2013). September
Flammini, F., Marrone, S., Mazzocca, N., Vittorini, V.: Petri net modelling of physical vulnerability. Critical Information Infrastructure Security. Volume 6983 of LNCS, pp. 128–139. Springer, Berlin (2013)
Xie, P., Li, J.H., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June 2010, pp. 211–220
Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th ACM Workshop on Quality of Protection, QoP’08, New York, pp. 23–30. ACM (2008)
Tang, K., Zhou, M.T., Wang, W.Y.: Insider cyber threat situational awareness framwork using dynamic Bayesian networks. In: Proceedings of the 4th International Conference on Computer Science Education (ICCSE), pp. 1146–1150, July 2009
OMG: Unified Modelling Language: Superstructure. Object Management Group, August 2011. Version 2.4, formal/11-08-05
Chakravarthy, S., Mishra, D.: Snoop: an expressive event specification language for active databases. Data Knowl. Eng. 14(1), 1–26 (1994)
Flammini, F., Marrone, S., Mazzocca, N., Pappalardo, A., Pragliola, C., Vittorini, V.: Trustworthiness evaluation of multi-sensor situation recognition in transit surveillance scenarios. In: Security Engineering and Intelligence Informatics. Volume 8128 of Lecture Notes in Computer Science, pp. 442–456 (2013)
Casey, E.: Case study: network intrusion investigation—lessons in forensic preparation. Digit. Investig. 2(4), 254–260 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Rodríguez, R.J., Marrone, S. (2016). Model-Based Vulnerability Assessment of Self-Adaptive Protection Systems. In: Novais, P., Camacho, D., Analide, C., El Fallah Seghrouchni, A., Badica, C. (eds) Intelligent Distributed Computing IX. Studies in Computational Intelligence, vol 616. Springer, Cham. https://doi.org/10.1007/978-3-319-25017-5_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-25017-5_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25015-1
Online ISBN: 978-3-319-25017-5
eBook Packages: EngineeringEngineering (R0)