PUMA
Istituto di Scienza e Tecnologie dell'Informazione     
Nostro N., Matteucci I., Ceccarelli A., Di Giandomenico D. G., Martinelli F., Bondavalli A. On security countermeasures ranking through threat analysis. In: Computer Safety, Reliability, and Security. SAFECOMP 2014 Workshops: ASCoMS, DECSoS, DEVVARTS, ISSE, ReSA4CI, SASSUR (Florence, Italy, 8-9 September 2014). Proceedings, pp. 243 - 254. Andrea Bondavalli, Andrea Ceccarelli, Frank Ortmeier (eds.). (Lecture Notes in Computer Science, vol. 8696). Springer, 2014.
 
 
Abstract
(English)
Security analysis and design are key activities for the protection of critical systems and infrastructures. Traditional approaches consist first in apply- ing a qualitative threat assessment that identifies the attack points. Results are then used as input for the security design such that appropriate countermeasures are selected. In this paper we propose a novel approach for the selection and ranking of security controlling strategies which is driven by quantitative threat analysis based on attack graphs. It consists of two main steps: i) a threat analysis, performed to evaluate attack points and paths identifying those that are feasi- ble, and to rank attack costs from the perspective of an attacker; ii) controlling strategies, to derive the appropriate monitoring rules and the selection of coun- termeasures are evaluated, based upon the provided values and ranks. Indeed, the exploitation of such threat analysis allows to compare different controlling strategies and to select the one that fits better the given set of functional and se- curity requirements. To exemplify our approach, we adopt part of an electrical power system, the Customer Energy Management System (CEMS), as reference scenario where the steps of threat analys is and security strategies are applied
URL: http://link.springer.com/chapter/10.1007%2F978-3-319-10557-4_27#
DOI: 10.1007/978-3-319-10557-4_27
Subject Threat analysis
Security countermeasures
Customer Energy Management System
D.4.6 Security and Protection
C.4 PERFORMANCE OF SYSTEMS


Icona documento 1) Download Document PDF


Icona documento Open access Icona documento Restricted Icona documento Private

 


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional