Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design
2015 (English)In: Computer Safety, Reliability, and Security: 34th International Conference, SAFECOMP 2015, Delft, The Netherlands, September 23-25, 2015, Proceedings / [ed] Floor Koornneef; Coen van Gulijk, Springer, 2015, Vol. 9337, 347-361 p.Conference paper (Refereed)
This paper addresses quantifying security risks associated with data assets within design models of embedded systems. Attack and system behaviours are modelled as time-dependent stochastic processes. The presence of the time dimension allows accounting for dynamic aspects of potential attacks and a system: the probability of a success- ful attack changes as time progresses; and a system possesses different data assets as its execution unfolds. These models are used to quan- tify two important attributes of security: confidentiality and integrity. In particular, likelihood/consequence-based measures of confidentiality and integrity losses are proposed to characterise security risks to data assets. In our method, we consider attack and system behaviours as two sepa- rate models that are later elegantly combined for security analysis. This promotes knowledge reuse and avoids adding extra complexity in the system design process. We demonstrate the effectiveness of the proposed method and metrics on smart metering devices.
Place, publisher, year, edition, pages
Springer, 2015. Vol. 9337, 347-361 p.
Lecture Notes in Computer Science, ISSN 0302-9743 (print), 1611-3349 (online) ; 9337
Security risks; Confidentiality loss; Integrity loss; Data assets; Attack modelling; Stochastic modelling; Model-based; Embedded systems; Smart meter
Computer and Information Science
IdentifiersURN: urn:nbn:se:liu:diva-123546DOI: 10.1007/978-3-319-24255-2_25ISBN: 978-3-319-24254-5 (print)ISBN: 978-3-319-24255-2 (online)OAI: oai:DiVA.org:liu-123546DiVA: diva2:886172
34th International Conference, SAFECOMP 2015, Delft, The Netherlands, September 23-25, 2015