Security analysis of socio-technical physical systems
نویسندگان
چکیده
Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents –here called Socio-Technical Physical Systems– have limitations: their agent behaviour is too simple, they just estimate feasibility and not the likelihood of attacks, or they do estimate likelihood but on explicitly provided attacks only. We propose a model that can detect and quantify attacks. It has a rich set of agent actions with associated probability and cost. We also propose a threat model, an intruder that can misbehave and that competes with honest agents. The intruder’s actions have an associated cost and are constrained to be realistic. We map our model to a probabilistic symbolic model checker and we express templates of security properties in the Probabilistic Computation Tree Logic, thus supporting automatic analysis of security properties. A use case shows the effectiveness of our approach.
منابع مشابه
Dealing with Security Requirements for Socio-Technical Systems: A Holistic Approach
Security has been a growing concern for most large organizations, especially financial and government institutions, as security breaches in the socio-technical systems they depend on are costing billions. A major reason for these breaches is that socio-technical systems are designed in a piecemeal rather than a holistic fashion that leaves parts of a system vulnerable. To tackle this problem, w...
متن کاملSTS-Tool 3.0: Maintaining Security in Socio-Technical Systems
In this paper, we present STS-Tool 3.0: a software tool that helps security requirement engineers in maintaining high level of security in socio-technical systems. STS-Tool 3.0 allows to specify social/organizational security requirements and to enforce them in part of the implementation of socio-technical systems.
متن کاملPreserving Compliance with Security Requirements in Socio-Technical Systems
Socio-technical systems are an interplay of social (humans and organizations) and technical components interacting with one another to achieve their objectives. Security is a central issue in such complex systems, and it cannot be tackled only through technical mechanisms: the encryption of sensitive data while being transmitted, does not assure that the receiver will not disclose them to unaut...
متن کاملAssessing ICT Security Risks in Socio-Technical Systems (Dagstuhl Seminar 16461)
This report documents the program and the outcomes of Dagstuhl Seminar 16461 “Assessing ICT Security Risks in Socio-Technical Systems”. As we progress from classic mechanical or electrical production systems, over ICT systems, to socio-technical systems, risk assessment becomes increasingly complex and difficult. Risk assessment for traditional engineering systems assumes the systems to be dete...
متن کاملSTS-Tool: Security Requirements Engineering for Socio-Technical Systems
We present the latest version of STS-Tool, the modelling and analysis support tool for STS-ml, an actorand goal-oriented security requirements modelling language for socio-technical systems. We show how the STS-Tool supports requirements analysts and security designers in (i) modelling socio-technical systems as a set of interacting actors, who have security needs over their interactions, and (...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computers & Electrical Engineering
دوره 47 شماره
صفحات -
تاریخ انتشار 2015