Sciweavers

SAFECOMP
2015
Springer

Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design

8 years 8 months ago
Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design
This paper addresses quantifying security risks associated with data assets within design models of embedded systems. Attack and system behaviours are modelled as time-dependent stochastic processes. The presence of the time dimension allows accounting for dynamic aspects of potential attacks and a considered system: the probability of a successful attack may change as time progresses; and a system may possess different data assets as its execution unfolds. For system modelling, we employ semi-Markov chains that are a powerful tool to capture system dynamics. For attack modelling, we adapt existing formalisms of attack trees and attack graphs. These models are used to analyse and quantify two important attributes of security: confidentiality and integrity. In particular, likelihood/consequence-based measures of confidentiality and integrity losses are proposed to characterise security risks to data assets. Identifying these risks in embedded systems is especially relevant in order t...
Maria Vasilevskaya, Simin Nadjm-Tehrani
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where SAFECOMP
Authors Maria Vasilevskaya, Simin Nadjm-Tehrani
Comments (0)