Assurance and Trust Indicators to Evaluate Accuracy of On-line Risk in Critical Infrastructures

  • Thomas Schaberreiter
  • Filipe Caldeira
  • Jocelyn Aubert
  • Edmundo Monteiro
  • Djamel Khadraoui
  • Paulo Simões
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6983)

Abstract

Critical infrastructure (CI) services are consumed by the society constantly and we expect them to be available 24 hours a day. A common definition is that CIs are so vital to our society that a disruption or destruction would have a severe impact on the social well-being and the economy on national and international levels.

CIs can be mutually dependent on each other and a failure in one infrastructure can cascade to another (inter)dependent infrastructure and cause service disruptions. Methods to better assess and monitor CIs and their (inter)dependencies at run-time in order to be able to evaluate possible risks have to be developed. Furthermore, methods to ensure the validity of evaluated risk have to be investigated.

In this work, we build on existing work of CI security modelling, a CI model that allows modelling the risks of CI services at run-time. We conduct a study of indicators allowing to evaluate the correctness of calculated service risk, taking into account various sources contributing to this evaluation. Trust-based indicators are introduced to capture the dynamically changing behaviour of a system.

Keywords

Critical infrastructures ICT security Trust and reputation management 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Artz, D., Gil, Y.: A survey of trust in computer science and the semantic web. In: Web Semantics: Science (January 2007)Google Scholar
  2. 2.
    Aubert, J., Schaberreiter, T., Incoul, C., Khadraoui, D.: Real-time security monitoring of interdependent services in critical infrastructures. Case study of a risk-based approach. In: 21st European Safety and Reliability Conference, ESREL 2010 (September 2010)Google Scholar
  3. 3.
    Aubert, J., Schaberreiter, T., Incoul, C., Khadraoui, D., Gateau, B.: Risk-based methodology for real-time security monitoring of interdependent services in critical infrastructures. In: International Conference on Availability, Reliability, and Security (ARES 2010), pp. 262–267 (February 2010)Google Scholar
  4. 4.
    Baiardi, F., Telmon, C., Sgandurra, D.: Hierarchical, Model-based Risk Management of Critical Infrastructures. In: The 18th European Safety and Reliability Conference, ESREL, vol. 94, pp. 1403–1415 (2009)Google Scholar
  5. 5.
    Caldeira, F., Monteiro, E., Simões, P.: Trust and reputation for information exchange in critical infrastructures. In: Xenakis, C., Wolthusen, S. (eds.) CRITIS 2010. LNCS, vol. 6712, pp. 140–152. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Caldeira, F., Monteiro, E., Simoes, P.: Trust and reputation management for critical infrastructure protection. Int. J. Electronic Security and Digital Forensics 3(3), 187–203 (2010)CrossRefGoogle Scholar
  7. 7.
    Haimes, Y.Y., Kaplan, S., Lambert, J.H.: Risk filtering, ranking, and management framework using hierarchical holographic modeling. Risk Analysis 22(2) (2002)Google Scholar
  8. 8.
    Haslum, K., Arnes, A.: Multisensor real-time risk assessment using continuous-time hidden markov models. In: International Conference on Computational Intelligence and Security, vol. 2, pp. 1536–1540 (2006)Google Scholar
  9. 9.
    Ouedraogo, M., Khadraoui, D., De Remont, B., Dubois, E., Mouratidis, H.: Deployment of a security assurance monitoring framework for telecommunication service infrastructures on a voip service. In: New Technologies, Mobility and Security (NTMS 2008), pp. 1–5 (November 2008)Google Scholar
  10. 10.
    Panzieri, S., Setola, R., Ulivi, G.: An approach to model complex interdependent infrastructures. In: 16th IFAC World Congress (2005)Google Scholar
  11. 11.
    Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems Magazine 21, 11–25 (2001)CrossRefGoogle Scholar
  12. 12.
    Savola, R.M., Pentikainen, H., Ouedraogo, M.: Towards security effectiveness measurement utilizing risk-based security assurance. In: Information Security for South Africa (ISSA), pp. 1–8 (August 2010)Google Scholar
  13. 13.
    Sokolowski, J., Turnitsa, C., Diallo, S.: A conceptual modeling method for critical infrastructure modeling. In: 41st Annual Simulation Symposium (ANSS 2008), pp. 203–211 (April 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Thomas Schaberreiter
    • 1
  • Filipe Caldeira
    • 2
    • 3
  • Jocelyn Aubert
    • 1
  • Edmundo Monteiro
    • 2
  • Djamel Khadraoui
    • 1
  • Paulo Simões
    • 2
  1. 1.Service Science & Innovation (SSI)Centre de Recherche Public Henri TudorLuxembourgLuxembourg
  2. 2.CISUC - DEIUniversity of Coimbra CoimbraPortugal
  3. 3.Polytechnic Institute of ViseuViseuPortugal

Personalised recommendations