Abstract
The security stress is a synthetic evaluation of how an ICT infrastructure resists to attacks. We define the security stress and show how it is approximated through the Haruspex suite. Then, we show how it supports the comparison of three versions of an industrial control system. Haruspex is a suite of tools that apply a Monte Carlo method and support a scenario-based assessment where in each scenario intelligent agents compose attacks to reach some predefined goals.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Baiardi, F., Sgandurra, D.: Assessing ict risk through a monte carlo method. Environ. Syst. Decisions 33(4), 1–14 (2013)
Baiardi, F., Corò, F., Tonelli, F., Guidi, L.: Gvscan: Scanning networks for global vulnerabilities. In: First International Workshop on Emerging Cyberthreats and Countermeasures, Regensburg, Germany (2013)
Vaughn Jr., R.B., Henning, R., Siraj, A.: Information assurance measures and metrics - state of practice and proposed taxonomy. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences, 2003, p. 10 (2003)
Schudel, G., Wood, B.: Adversary work factor as a metric for information assurance. In: Proceedings of the 2000 Workshop on New Security Paradigms. NSPW 2000, pp. 23–30. ACM, New York (2000)
Langweg, H.: Framework for malware resistance metrics. In: 2nd ACM Workshop on Quality of Protection, pp. 39–44. ACM, New York (2006)
Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Sec. Comput. 11(1), 30–44 (2014)
Jaquith, A.: Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison-Wesley Professional (2007). ISBN:0321349989
Payne, S.C.: A guide to security metrics. SANS Institute (2006)
Swanson, M.: Security metrics guide for information technology systems. Technical report, NIST, US Department of Commerce (2003)
La Corte, A., Scatà, M.: Failure analysis and threats statistic to assess risk and security strategy in a communication system. In: ICSNC 2011, The Sixth International Conference on Systems and Networks Communications, pp. 149–154 (2011)
Nai Fovino, I., Masera, M., Guidi, L., Carpi, G.: An experimental platform for assessing scada vulnerabilities and countermeasures in power plants (2010)
Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: Proceedings of the 2nd ACM Workshop on Quality of Protection. QoP 2006, pp. 31–38. ACM, New York (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Baiardi, F., Corò, F., Tonelli, F., Bertolini, A., Bertolotti, R., Guidi, L. (2016). Security Stress: Evaluating ICT Robustness Through a Monte Carlo Method. In: Panayiotou, C., Ellinas, G., Kyriakides, E., Polycarpou, M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science(), vol 8985. Springer, Cham. https://doi.org/10.1007/978-3-319-31664-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-31664-2_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31663-5
Online ISBN: 978-3-319-31664-2
eBook Packages: Computer ScienceComputer Science (R0)