Security analysis of the Dependability, Security Reconfigurability framework

Hartog, Tim den; Kleinhuis, Geert

doi:10.1109/crisis.2008.4757468

Cited by 3 publications

(2 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, although not directly related with PbD for the sake of completeness are worth to mention approaches solely focused on either (i) quantitative threat modeling (e.g., in TMAP [19] which quantifies threats related with Commercial Off The Shelf systems -COTS -), (ii) security requirements elicitation methodologies based on risk analysis (e.g., CORAS [14], OCTAVE [20] and ISRAM [21] although they are not embedded into a TMM and -except for ISRAM -do not consider the quantitative aggregation of risks), (iii) rigorous methods for analyzing security specifications (e.g., Weldemariam and Villafiorita [22], [23] where model checking is used to derive security attacks in a e-voting scenario) and, (iv) qualitative methods to elicit security requirements (e.g., DESEREC [24]). …”

Section: Related Workmentioning

confidence: 99%

Privacy-by-design based on quantitative threat modeling

Luna

Suri

Krontiris

2012

2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)

View full text Add to dashboard Cite

Abstract-While the general concept of "Privacy-by-Design (PbD)" is increasingly a popular one, there is considerable paucity of either rigorous or quantitative underpinnings supporting PbD. Drawing upon privacy-aware modeling techniques, this paper proposes a quantitative threat modeling methodology (QTMM) that can be used to draw objective conclusions about different privacy-related attacks that might compromise a service. The proposed QTMM has been empirically validated in the context of the EU project ABC4Trust, where the end-users actually elicited security and privacy requirements of the socalled privacy-Attribute Based Credentials (privacy-ABCs) in a real-world scenario. Our overall objective, is to provide architects of privacy-respecting systems with a set of quantitative and automated tools to help decide across functional system requirements and the corresponding trade-offs (security, privacy and economic), that should be taken into account before the actual deployment of their services.

show abstract

Section: Related Workmentioning

confidence: 99%

Privacy-by-design based on quantitative threat modeling

Luna

Suri

Krontiris

2012

2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)

View full text Add to dashboard Cite

show abstract

“…CIS reconfiguration was the highest mechanism for survivability. [33] Incidents were defined as being caused by the sequential occurrence of certain events, be it accidental or deliberate. A CORRELATION of these events defined the existence of an incident, following the implementation of correlation rules.…”

Section: A Behaviour Engines Are Currently Being Used In Wide Varietmentioning

confidence: 99%

Network Attack Analysis and the Behaviour Engine

Benham

Read

Sutherland

2013

Int. J. Com. Net. Tech.

View full text Add to dashboard Cite

Behaviour Engines allow the acquisition of tacit knowledge by using a learn-by-doing workflow and provide a direct interface between the expert user and the developing project code based on an intuitive justification-conclusion language; thus surpassing legacy policy engines by being a self developing and learning mechanism. This paper seeks to formulate the current state of the art in technology and processes and attempts to merge the application of ontological decision techniques of behaviour engines with network packet capture data, to detect data exfiltration attempts over covert channelling. The final goal of the research will be to develop a behaviour engine/intrusion detection solution for pre-emptive counter-measures to anomalous behaviour from within or without a network.speed.

show abstract