Towards Integrated Quantitative Security and Safety Risk Assessment

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Although multiple approaches for the combination of safety and security analysis exist, there are still some major gaps to overcome before they can be used for combined risk management. This paper presents the existing gaps, based on an overview of available methods, which is followed by the proposal towards a solution to achieve coordinated risk management by applying a quantitative security risk assessment methodology. This methodology extends established safety and security risk analysis methods with an integrated model, denoting the relationship between adversary and victim, including the used capabilities and infrastructure. This model is used to estimate the resistance strength and threat capabilities, to determine attack probabilities and security risks.

Publikationsreihe

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band11699 LNCS
ISSN (Print)0302-9743
ISSN (elektronisch)1611-3349

Konferenz

Konferenz7th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2019, 14th ERCIM/EWICS/ARTEMIS Workshop on Dependable Smart Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2019, 8th International Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems, SASSUR 2019, 2nd International Workshop on Safety, Security, and Privacy In Automotive Systems, STRIVE 2019, 2nd International Workshop on Artificial Intelligence Safety Engineering, WAISE 2019 held in conjunction with 38th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2019
LandFinnland
OrtTurku
Zeitraum10/09/1913/09/19

Fingerprint

Safety Assessment
Security Analysis
Risk Management
Risk Assessment
Risk management
Risk assessment
Safety Analysis
Methodology
Risk Analysis
Integrated Model
Risk analysis
Infrastructure
Safety
Attack
Estimate
Model
Relationships
Resistance

Schlagwörter

    ASJC Scopus subject areas

    • !!Theoretical Computer Science
    • !!Computer Science(all)

    Dies zitieren

    Dobaj, J., Schmittner, C., Krisper, M., & Macher, G. (2019). Towards Integrated Quantitative Security and Safety Risk Assessment. in A. Romanovsky, E. Troubitsyna, I. Gashi, E. Schoitsch, & F. Bitsch (Hrsg.), Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings (S. 102-116). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 11699 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-26250-1_8

    Towards Integrated Quantitative Security and Safety Risk Assessment. / Dobaj, Jürgen; Schmittner, Christoph; Krisper, Michael; Macher, Georg.

    Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings. Hrsg. / Alexander Romanovsky; Elena Troubitsyna; Ilir Gashi; Erwin Schoitsch; Friedemann Bitsch. Springer Verlag, 2019. S. 102-116 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 11699 LNCS).

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Dobaj, J, Schmittner, C, Krisper, M & Macher, G 2019, Towards Integrated Quantitative Security and Safety Risk Assessment. in A Romanovsky, E Troubitsyna, I Gashi, E Schoitsch & F Bitsch (Hrsg.), Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bd. 11699 LNCS, Springer Verlag, S. 102-116, Turku, Finnland, 10/09/19. https://doi.org/10.1007/978-3-030-26250-1_8
    Dobaj J, Schmittner C, Krisper M, Macher G. Towards Integrated Quantitative Security and Safety Risk Assessment. in Romanovsky A, Troubitsyna E, Gashi I, Schoitsch E, Bitsch F, Hrsg., Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings. Springer Verlag. 2019. S. 102-116. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-26250-1_8
    Dobaj, Jürgen ; Schmittner, Christoph ; Krisper, Michael ; Macher, Georg. / Towards Integrated Quantitative Security and Safety Risk Assessment. Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings. Hrsg. / Alexander Romanovsky ; Elena Troubitsyna ; Ilir Gashi ; Erwin Schoitsch ; Friedemann Bitsch. Springer Verlag, 2019. S. 102-116 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
    @inproceedings{7adcd5cb4481440cb9b6145f7dbe4799,
    title = "Towards Integrated Quantitative Security and Safety Risk Assessment",
    abstract = "Although multiple approaches for the combination of safety and security analysis exist, there are still some major gaps to overcome before they can be used for combined risk management. This paper presents the existing gaps, based on an overview of available methods, which is followed by the proposal towards a solution to achieve coordinated risk management by applying a quantitative security risk assessment methodology. This methodology extends established safety and security risk analysis methods with an integrated model, denoting the relationship between adversary and victim, including the used capabilities and infrastructure. This model is used to estimate the resistance strength and threat capabilities, to determine attack probabilities and security risks.",
    keywords = "Diamond, FAIR, FMVEA, Risk assessment, Safety analysis, SAHARA, Security analysis, Threat analysis, Threat modeling",
    author = "J{\"u}rgen Dobaj and Christoph Schmittner and Michael Krisper and Georg Macher",
    year = "2019",
    month = "8",
    day = "9",
    doi = "10.1007/978-3-030-26250-1_8",
    language = "English",
    isbn = "9783030262495",
    series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
    publisher = "Springer Verlag",
    pages = "102--116",
    editor = "Alexander Romanovsky and Elena Troubitsyna and Ilir Gashi and Erwin Schoitsch and Friedemann Bitsch",
    booktitle = "Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings",
    address = "Germany",

    }

    TY - GEN

    T1 - Towards Integrated Quantitative Security and Safety Risk Assessment

    AU - Dobaj, Jürgen

    AU - Schmittner, Christoph

    AU - Krisper, Michael

    AU - Macher, Georg

    PY - 2019/8/9

    Y1 - 2019/8/9

    N2 - Although multiple approaches for the combination of safety and security analysis exist, there are still some major gaps to overcome before they can be used for combined risk management. This paper presents the existing gaps, based on an overview of available methods, which is followed by the proposal towards a solution to achieve coordinated risk management by applying a quantitative security risk assessment methodology. This methodology extends established safety and security risk analysis methods with an integrated model, denoting the relationship between adversary and victim, including the used capabilities and infrastructure. This model is used to estimate the resistance strength and threat capabilities, to determine attack probabilities and security risks.

    AB - Although multiple approaches for the combination of safety and security analysis exist, there are still some major gaps to overcome before they can be used for combined risk management. This paper presents the existing gaps, based on an overview of available methods, which is followed by the proposal towards a solution to achieve coordinated risk management by applying a quantitative security risk assessment methodology. This methodology extends established safety and security risk analysis methods with an integrated model, denoting the relationship between adversary and victim, including the used capabilities and infrastructure. This model is used to estimate the resistance strength and threat capabilities, to determine attack probabilities and security risks.

    KW - Diamond

    KW - FAIR

    KW - FMVEA

    KW - Risk assessment

    KW - Safety analysis

    KW - SAHARA

    KW - Security analysis

    KW - Threat analysis

    KW - Threat modeling

    UR - http://www.scopus.com/inward/record.url?scp=85072899460&partnerID=8YFLogxK

    U2 - 10.1007/978-3-030-26250-1_8

    DO - 10.1007/978-3-030-26250-1_8

    M3 - Conference contribution

    SN - 9783030262495

    T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

    SP - 102

    EP - 116

    BT - Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings

    A2 - Romanovsky, Alexander

    A2 - Troubitsyna, Elena

    A2 - Gashi, Ilir

    A2 - Schoitsch, Erwin

    A2 - Bitsch, Friedemann

    PB - Springer Verlag

    ER -