Towards Integrated Quantitative Security and Safety Risk Assessment

Jürgen Dobaj*, Christoph Schmittner, Michael Krisper, Georg Macher

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Although multiple approaches for the combination of safety and security analysis exist, there are still some major gaps to overcome before they can be used for combined risk management. This paper presents the existing gaps, based on an overview of available methods, which is followed by the proposal towards a solution to achieve coordinated risk management by applying a quantitative security risk assessment methodology. This methodology extends established safety and security risk analysis methods with an integrated model, denoting the relationship between adversary and victim, including the used capabilities and infrastructure. This model is used to estimate the resistance strength and threat capabilities, to determine attack probabilities and security risks.

Original languageEnglish
Title of host publicationComputer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings
EditorsAlexander Romanovsky, Elena Troubitsyna, Ilir Gashi, Erwin Schoitsch, Friedemann Bitsch
PublisherSpringer Verlag
Pages102-116
Number of pages15
ISBN (Print)9783030262495
DOIs
Publication statusPublished - 9 Aug 2019
Event38th International Conference on Computer Safety, Reliability and Security: SAFECOMP 2019 - Turku, Finland
Duration: 10 Sep 201913 Sep 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11699 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference38th International Conference on Computer Safety, Reliability and Security
CountryFinland
CityTurku
Period10/09/1913/09/19
Other7th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2019, 14th ERCIM/EWICS/ARTEMIS Workshop on Dependable Smart Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2019, 8th International Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems, SASSUR 2019, 2nd International Workshop on Safety, Security, and Privacy In Automotive Systems, STRIVE 2019, 2nd International Workshop on Artificial Intelligence Safety Engineering, WAISE 2019 held in conjunction with 38th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2019

Keywords

  • Diamond
  • FAIR
  • FMVEA
  • Risk assessment
  • Safety analysis
  • SAHARA
  • Security analysis
  • Threat analysis
  • Threat modeling

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Towards Integrated Quantitative Security and Safety Risk Assessment'. Together they form a unique fingerprint.

Cite this