Abstract-In Europe, measuring instruments subject to legal control are responsible for an annual turnover of 500 billion Euros and need to pass a conformity assessment with respect to European directives or national legislation before they can be used. Today, measuring instruments are frequently integrated into open networks and even branch into the areas of cloud computing and Internet of Things. Since software is one of the key components of such devices, Germany's national metrology institute, the Physikalisch-Technische Bundesantalt, is developing a method to assess the risks and evaluate current threats associated with software. The method uses the structure of and combines elements from the international ISO/IEC standards 27005 and 15408. It could be helpful for conformity assessment bodies and industry alike and supports the comparability of risk assessment results. Despite its focus on legal metrology, the method is applicable to other areas where software risk assessment is required, too.
Abstract-Since software plays an ever more important role in measuring instruments, risk assessments for such instruments required by European regulations will usually include also a risk assessment of the software. Although previously introduced methods still lack efficient means for the representation of attacker motivation and have no prescribed way of constructing attack scenarios, attack trees have been used for several years in similar application scenarios. These trees are here developed into attack probability trees, specifically tailored to meet the requirements for software risk assessment. A real-world example based on taximeters is given to illustrate the application of attack probability trees approach and their advantages.
Abstract. While facing an increasingly globalized market place, the ever-increasing drive for efficiency and rapidly developing consumer demands make the successful digital transformation of Legal Metrology unavoidable. This will include the use of contemporary technologies, such as embedded systems, Internet of Things, Cloud Computing and Big-data. There is a need for legally compatible system architectures, digital services and an appropriate infrastructure to benefit the industry, the notified bodies and the market surveillance authorities, by removing barriers to innovation and reducing costs and time to market for new products which use these technologies. This paper focuses on the development of a digital quality infrastructure; the "European Metrology Cloud", designed to support the processes of conformity assessment and market surveillance and the development of reference architectures and new technologyand data-driven services for this infrastructure, fostering the digital single market that the European Commission envisions.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.