A property based security risk analysis through weighted simulation

Winkelvos, Timo; Rudolph, Carsten; Repp, Jürgen

doi:10.1109/issa.2011.6027534

Cited by 6 publications

(3 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Examples of a simulation-based handling of safety without inclusion of security are [3,35]. Similar considerations from the security risk point of view were made in [15,23,25,63,79,90]. A simulation-based analysis of system models from the perspectives of both safety and security can be found in [11,18].…”

Section: Related Workmentioning

confidence: 87%

Formalized Risk Assessment for Safety and Security

Draeger¹,

Hahndel²

2017

Preprint

View full text Add to dashboard Cite

The manifold interactions between safety and security aspects makes it plausible to handle safety and security risks in an unified way. The paper develops a corresponding approach based on the discrete event systems (DEVS) paradigm. The simulation-based calculation of an individual system evolution path provides the contribution of this special path of dynamics to the overall risk of running the system. Accidentally and intentionally caused failures are distinguished by the way, in which the risk contributions of the various evolution paths are aggregated to the overall risk.The consistency of the proposed risk assessment method with 'traditional' notions of risk shows its plausibility. Its non-computability, on the other hand, makes the proposed risk assessment better suitable to the IT security domain than other concepts of risk developed for both safety and security. Power grids are discussed as an application example and demonstrates some of the advantages of the proposed method.

show abstract

Section: Related Workmentioning

confidence: 87%

Formalized Risk Assessment for Safety and Security

Draeger¹,

Hahndel²

2017

Preprint

View full text Add to dashboard Cite

show abstract

“…For example, as the traditional risk assessment method, the information technology‐security risk assessment is based on the likelihood of occurrence of a hazardous event and potential consequence caused by the event . Contemporary approaches often focus on requirements of confidentiality, integrity, and availability (CIA) and are mostly model or system‐based . The typical quantitative assessment methods include the Markov analysis, statistical parameter analysis, Bayesian network models, and clustering methods .…”

Section: Introductionmentioning

confidence: 99%

“…6,24 Contemporary approaches often focus on requirements of confidentiality, integrity, and availability (CIA) and are mostly model or system-based. [25][26][27] The typical quantitative assessment methods include the Markov analysis, statistical parameter analysis, Bayesian network models, 11,28 and clustering methods. 29 Quantitative methods aim to estimate the loss of assets, vulnerabilities of organization systems, frequency of threats, and cost of the risk.…”

Section: Introductionmentioning

confidence: 99%

Probabilistic modeling and analysis of sequential cyber‐attacks

Liu

Xing

Zhou

2019

Engineering Reports

View full text Add to dashboard Cite

Security is one of the major challenges for promoting the computer industry. Existing models for assessing security have mostly assumed that different hazards causing the security breach are independent of each other. Dependencies however can exist among different hazardous actions and they may affect the system security attribute greatly. This paper advances the state of the art in quantitative security risk assessment by modeling one such dependency, where multiple sequence‐dependent hazardous actions are performed to launch a successful security cyber‐attack. Continuous‐time Markov chain and semi‐Markov process–based methods are proposed to estimate the occurrence probability of a security risk for systems undergoing the sequential cyber‐attacks. While the CTMC method is limited to the exponential state transition time, the proposed semi‐Markov process–based approach is applicable to analyzing attacks with any arbitrary types of transition time distributions. Both methods are illustrated using case studies where Trojan attacks in the banking application are modeled and analyzed.

show abstract

Taxonomy of security risk assessment approaches for researchers

Paintsil

2012

2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)

View full text Add to dashboard Cite

A property based security risk analysis through weighted simulation

Cited by 6 publications

References 27 publications

Formalized Risk Assessment for Safety and Security

Formalized Risk Assessment for Safety and Security

Probabilistic modeling and analysis of sequential cyber‐attacks

Taxonomy of security risk assessment approaches for researchers

Contact Info

Product

Resources

About