liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering. (Real-time Systems Laboratory)
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering. (Real-time Systems Laboratory)
2015 (English)In: Computer Safety, Reliability, and Security: 34th International Conference, SAFECOMP 2015, Delft, The Netherlands, September 23-25, 2015, Proceedings / [ed] Floor Koornneef; Coen van Gulijk, Springer, 2015, Vol. 9337, 347-361 p.Conference paper (Refereed)
Abstract [en]

This paper addresses quantifying security risks associated with data assets within design models of embedded systems. Attack and system behaviours are modelled as time-dependent stochastic processes. The presence of the time dimension allows accounting for dynamic aspects of potential attacks and a system: the probability of a success- ful attack changes as time progresses; and a system possesses different data assets as its execution unfolds. These models are used to quan- tify two important attributes of security: confidentiality and integrity. In particular, likelihood/consequence-based measures of confidentiality and integrity losses are proposed to characterise security risks to data assets. In our method, we consider attack and system behaviours as two sepa- rate models that are later elegantly combined for security analysis. This promotes knowledge reuse and avoids adding extra complexity in the system design process. We demonstrate the effectiveness of the proposed method and metrics on smart metering devices. 

Place, publisher, year, edition, pages
Springer, 2015. Vol. 9337, 347-361 p.
Series
Lecture Notes in Computer Science, ISSN 0302-9743 (print), 1611-3349 (online) ; 9337
Keyword [en]
Security risks; Confidentiality loss; Integrity loss; Data assets; Attack modelling; Stochastic modelling; Model-based; Embedded systems; Smart meter
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:liu:diva-123546DOI: 10.1007/978-3-319-24255-2_25ISBN: 978-3-319-24254-5 (print)ISBN: 978-3-319-24255-2 (online)OAI: oai:DiVA.org:liu-123546DiVA: diva2:886172
Conference
34th International Conference, SAFECOMP 2015, Delft, The Netherlands, September 23-25, 2015
Available from: 2015-12-21 Created: 2015-12-21 Last updated: 2016-09-23Bibliographically approved

Open Access in DiVA

fulltext(455 kB)2 downloads
File information
File name FULLTEXT01.pdfFile size 455 kBChecksum SHA-512
73fad591bfb93b634ead47daca3c1a0c5e4c7ba27ef5a00cb743c7cc3a25ccd7d0c959724d67c91b36d4e6b2be5aae8623f71d39334802db48130647be537225
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Vasilevskaya, MariaNadjm-Tehrani, Simin
By organisation
Software and SystemsFaculty of Science & Engineering
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 2 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 29 hits
ReferencesLink to record
Permanent link

Direct link