Abstract
The protection and security of critical infrastructures are important parts of Homeland Defense. Adequate means for analyzing the security risks of such infrastructures is a prerequisite for properly understanding the security needs and for maintaining appropriate incident preparedness. Risk management is coordinated activities to direct and control an organization with regard to risk, and includes the identification, analysis and mitigation of unacceptable risks. For critical infrastructures consisting of interdependent systems, risk analysis and mitigation is challenging because the overall risk picture may be strongly affected by changes in only a few of the systems. In order to continuously manage risks and maintain an adequate level of protection, there is a need to continuously maintain the validity of risk models while systems change and evolve. This paper addresses these challenges by presenting an approach to model-driven security risk analysis of changing and evolving systems. The approach is a tool-supported method with techniques and modeling support for traceability of system changes to risk models, as well as the explicit modeling of the impact of changes on the current risk picture. The presented artifacts are exemplified and validated in the domain of air traffic management.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alberts CJ, Davey J (2004) OCTAVE criteria version 2.0. Technical report CMU/SEI-2001-TR-016. Mellon University, Carnegie
Aven T, Sklet S, Vinnem JE (2006) Barrier and operational risk analysis of hydrocarbon releases (BORA-Release). Part I. Method description. J Hazard Mater A 137:681–691
Barber B, Davey J (1992) The use of the CCTA risk analysis and management methodology CRAMM in health information systems. In: 7th international congress on medical informatics (MEDINFO’92), North-Holland, pp 1589–1593
Ben-Gal I (2007) Bayesian networks. In: Ruggeri F, Kenett RS, Faltin FW (eds) Encyclopedia of statistics in quality and reliability. Wiley, New York
Brændeland G, Refsdal A, Stølen K (2010) Modular analysis and modelling of risk scenarios with dependencies. J Syst Softw 83(10):1995–2013
Breu M, Breu R, Löw S (2011) MoVEing forward: towards an architecture and processes for a living models infrastructure. Int J Adv Life Sci 3(1–2):12–22
Buchmayr M, Kurschl W (2011) A survey on situation-aware ambient intelligence systems. J Ambient Intell Human Comput 2(3):175–183
De Amicis R, Conti G, Piffer S, Prandi F (2011) Service oriented computing for Ambient Intelligence to support management of transport infrastructures. J Ambient Intell Human Comput 2(3):201–211
De Maio C, Fenza G, Gaeta M, Loia V, Orciuoli F (2011) A knowledge-based framework for emergency DSS. Knowl Based Syst 24(8):1372–1379
EU (2006) Communication from the Commission on a European programme for critical infrastructure protection. The European Commission, COM (2006) 786 final
EUROCONTROL (2003) Air traffic management strategy for the years 2000+
EUROCONTROL (2006) Methodology report for the 2005/2012 integrated risk picture for Air Traffic Management in Europe. EUROCONTROL, EEC Technical/Scientific Report No. 2006-041
Felici M, Meduri V, Solhaug B, Tedeschi A (2011) Evolutionary risk analysis: Expert judgment. In: 30th international conference on computer safety, reliability, and security (SAFECOMP’11), Springer, LNCS, 6894, pp 99–112
Howard RA (1971) Dynamic probabilistic systems, vol I. Markov models. Wiley, New York
Howard RA, Matheson JE (2005) Influence diagrams. Decis Anal 2(3):127–143
IEC (1990) IEC 61025 Fault Tree Analysis (FTA). International Electrotechnical Commission
IEC (1995) IEC 61165 Application of Markov Techniques. International Electrotechnical Commission
Innerhofer-Oberperfler F, Breu R (2006) Using an enterprise architecture for IT risk management. In: Information Security South Africa conference (ISSA’06)
ISO (2009) ISO 31000 Risk management—principles and guidelines. International Organization for Standardization
Ligaarden OS, Lund MS, Refsdal A, Seehusen F, Stølen K (2011) An architectural pattern for enterprise level monitoring tools. In: Maintenance and evolution of service-oriented and cloud-based systems (MESOCA’11). IEEE Computer Society, pp 1–10
Ligaarden OS, Refsdal A, Stølen K (2012) Using indicators to monitor security risk in systems of systems: How to capture and measure the impact of service dependencies on the security of provided services. In: IT Security Governance Innovations: Theory and Research, IGI Global, pp 256–292
Lund MS, Refsdal A (2013) BRIDGE risk analyzer: a collaborative tool for enhanced risk analysis in crisis situations. In: Proceedings of the international workshop on AmI for Crisis Management, CEUR Workshop Proceedings (to appear)
Lund MS, Solhaug B, Stølen K (2010) Evolution in relation to risk and trust management. Computer 43(5):49–55
Lund MS, Solhaug B, Stølen K (2011a) Model-driven risk analysis—the CORAS approach. Springer, Berlin
Lund MS, Solhaug B, Stølen K (2011b) Risk analysis of changing and evolving systems using CORAS. In: Foundations of Security Analysis and Design VI (FOSAD VI), Springer, LNCS 6858, pp 231–274
Massacci F, Mylopoulos J, Zannone N (2010) Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Advances in intelligent information systems, studies in computational intelligence, vol 265, pp 147–174
Microsoft (2006) The security risk management guide. Microsoft Solutions for Security and Compliance and Microsoft Security Center of Excellence
OMG (2009) OMG Unified Modeling Language (OMG UML), Superstructure. Version 2.2. Object Management Group, OMG Document: formal/2009-02-02
OMG (2011a) Business process model and notation (BPMN). Version 2.0. Object Management Group, OMG Document: formal/2011-01-03
OMG (2011b) Meta object facility (MOF) 2.0 Query/View/Transformation Specification. Version 1.1. Object Management Group, OMG Document: formal/2011-01-01
Peltier TR (2005) Information security risk analysis, 2nd edn. Auerbach Publications
Refsdal A, Stølen K (2009) Employing key indicators to provide a dynamic risk picture with a notion of confidence. In: Trust management III. IFIP advances in information and communication technology, vol 300. Springer, Berlin, pp 215–233
SecureChange (2011a) Assessment method. SecureChange project deliverable D5.3
SecureChange (2011b) Integrability of design modelling solution. SecureChange project deliverable D4.4b
SecureChange (2012) Report on the industrial validation of SecureChange solutions. SecureChange project deliverable D1.3
Seehusen F, Solhaug B (2012) Tool-supported risk modeling and analysis of evolving critical infrastructures. In: Multidisciplinary research and practice for information systems (CD-ARES 2012), Springer, LNCS 7465, pp 562–577
Voirin JL (2008) Method and tools for constrained system architecting. In: 18th annual international symposium of the international council on systems engineering (INCOSE’08). Curran Associates, Inc., pp 775–789
Acknowledgments
This work has been partially funded by the European Commission via the NESSoS (256980) network of excellence and the RASEN (316853) project.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Solhaug, B., Seehusen, F. Model-driven risk analysis of evolving critical infrastructures. J Ambient Intell Human Comput 5, 187–204 (2014). https://doi.org/10.1007/s12652-013-0179-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-013-0179-6