Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design

  • Maria Vasilevskaya
  • Simin Nadjm-Tehrani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9337)


This paper addresses quantifying security risks associated with data assets within design models of embedded systems. Attack and system behaviours are modelled as time-dependent stochastic processes. The presence of the time dimension allows accounting for dynamic aspects of potential attacks and a system: the probability of a successful attack changes as time progresses; and a system possesses different data assets as its execution unfolds. These models are used to quantify two important attributes of security: confidentiality and integrity. In particular, likelihood/consequence-based measures of confidentiality and integrity losses are proposed to characterise security risks to data assets. In our method, we consider attack and system behaviours as two separate models that are later elegantly combined for security analysis. This promotes knowledge reuse and avoids adding extra complexity in the system design process. We demonstrate the effectiveness of the proposed method and metrics on smart metering devices.


Security risks Confidentiality loss Integrity loss Data assets Attack modelling Stochastic modelling Model-based Embedded systems Smart meter 


  1. 1.
    CCTA Risk Analysis and Management Method., October 2013
  2. 2.
    The SecFutur project: Design of Secure and Energy-efficient Embedded Systems for Future Internet Application.
  3. 3.
    IEC/ISO 31010 - Risk Management - Risk Assessment Techniques (2009)Google Scholar
  4. 4.
    DHS Risk Lexicon. Technical report, DHS Risk Steering Committee (2010)Google Scholar
  5. 5.
    Almasizadeh, J., Azgomi, M.A.: A stochastic model of attack process for the evaluation of security metrics. J. Compt. Networks 57(10), 2159–2180 (2013). (Elsevier)CrossRefGoogle Scholar
  6. 6.
    Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  7. 7.
    Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: ACM Conference on Computer and Communications Security (2012)Google Scholar
  8. 8.
    Ciardo, G., German, R., Lindemann, C.: A characterization of the stochastic process underlying a stochastic Petri net. IEEE Trans. Softw. Eng. 20(7), 506–515 (1994)CrossRefGoogle Scholar
  9. 9.
    Flammini, F., Marrone, S., Mazzocca, N., Vittorini, V.: Petri net modelling of physical vulnerability. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds.) CRITIS 2011. LNCS, vol. 6983, pp. 128–139. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  10. 10.
    Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, New York (2009)CrossRefzbMATHGoogle Scholar
  11. 11.
    Herrera, F., Posadas, H., Peñil, P., Villar, E., Ferrero, F., Valencia, R., Palermo, G.: The COMPLEX methodology for UML/MARTE modeling and sesign space exploration of embedded systems. J. Syst. Archit. 60(1), 55–78 (2014). (Elsevier)CrossRefGoogle Scholar
  12. 12.
    Howard, R.A.: Dynamic Probabilistic Systems. Wiley, New York (1971)zbMATHGoogle Scholar
  13. 13.
    Jobst, M.E.: Security and privacy in the smart energy grid. In: Smart Grid Security Workshop at CSS. ACM (2014)Google Scholar
  14. 14.
    Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014). (Elsevier)CrossRefzbMATHGoogle Scholar
  15. 15.
    Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2010) zbMATHGoogle Scholar
  16. 16.
    Madan, B.B., Goševa-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Perform. Eval. 56(1–4), 167–186 (2004). (Elsevier)CrossRefGoogle Scholar
  17. 17.
    Ouchani, S., Mohamed, O., Debbabi, M.: A formal verification framework for SysML activity diagrams. J. Expert Syst. Appl. 41(6), 2713–2728 (2014)CrossRefGoogle Scholar
  18. 18.
    Parsons, S.: Current approaches to handling imperfect information in data and knowledge bases. IEEE Trans. Knowl. Data Eng. 8(3), 353–372 (1996)CrossRefGoogle Scholar
  19. 19.
    Sommestad, T., Ekstedt, M., Johnson, P.: A probabilistic relational model for security risk analysis. Comput. Secur. 29(6), 659–679 (2010). (Elsevier)CrossRefGoogle Scholar
  20. 20.
    Stoneburner, G., Goguen, A.Y., Feringa, A.: SP 800–30. Risk Management Guide for Information Technology Systems. In: NIST (2002)Google Scholar
  21. 21.
    Vasilevskaya, M., Gunawan, L.A., Nadjm-Tehrani, S., Herrmann, P.: Integrating security mechanisms into embedded systems by domain-specific modelling. J. Secur. Commun. Networks 7(12), 2815–2832 (2013). (Wiley)CrossRefGoogle Scholar
  22. 22.
    Vasilevskaya, M., Nadjm-Tehrani, S.: Model-based security risk analysis for networked embedded systems. In: Conference on Critical Information Infrastructures Security. Springer (2014)Google Scholar
  23. 23.
    Verendel, V.: Quantified security is a weak hypothesis: a critical survey of results and assumptions. In: New Security Paradigms Workshop. ACM (2009)Google Scholar
  24. 24.
    Weiss, J.: A system security engineering process. In: National Computer Security Conference. National Institute of Standards and Technology/National Computer Security Center, pp. 572–581 (1991)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Computer and Information ScienceLinköping UniversityLinköpingSweden

Personalised recommendations