A multi-criteria ranking of security countermeasures
Authors: 
Nicola Nostro, Ilaria Matteucci, Andrea Ceccarelli, Francesco Santini, Felicita Di Giandomenico, Fabio Martinelli, Andrea BondavalliAuthors Info & Claims
Nicola Nostro, Ilaria Matteucci, Andrea Ceccarelli, Francesco Santini, Felicita Di Giandomenico, Fabio Martinelli, Andrea BondavalliAuthors Info & ClaimsPages 530 - 533
Abstract
We propose a multi-criteria framework for ranking controlling strategies based on several weights, such as delay-time, resource cost, and success-probability of attacks defined via quantitative threat analysis. Therefore, by assigning a different priority to weight-dimensions, we can rank controllers in an adaptive way. We exemplify our approach on the Customer Energy Management System, that acting as an interface among different systems, is open to attacks. We consider the Man in the Middle and Denial of Service attacks.
References
[1]
S. Bistarelli, U. Montanari, and F. Rossi. Semiring-based Constraint Solving and Optimization. JACM, 44(2):201--236, 1997.
[2]
G. Caravagna, G. Costa, and G. Pardini. Lazy security controllers. In STM, pages 33--48, 2012.
[3]
V. Ciancia, F. Martinelli, I. Matteucci, and C. Morisset. Quantitative evaluation of enforcement strategies - position paper. In FPS, pages 178--186, 2013.
[4]
P. Drábik, F. Martinelli, and C. Morisset. Cost-aware runtime enforcement of security policies. In STM, pages 1--16, 2012.
[5]
A. Easwaran, S. Kannan, and I. Lee. Optimal control of software ensuring safety and functionality. Technical Report MS-CIS-05-20, University of Pennsylvania, 2005.
[6]
G. Elahi, E. Yu, and N. Zannone. Security risk management by qualitative vulnerability analysis. In Proceedings of METRISEC '11, pages 1--10. IEEE Computer Society, 2011.
[7]
C. Hägerling, F. M. Kurtz, C. Wietfeld, D. Iacono, A. Daidone, and F. Di Giandomenico. Security Risk Analysis and Evaluation of Integrating Customer Energy Management Systems into Smart Distribution Grids. In CIRED Workshop Proc., 2014.
[8]
E. LeMay, M. D. Ford, K. Keefe, W. H. Sanders, and C. Muehrcke. Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE). In Proc. of QEST, pages 191--200, 2011.
[9]
Y. Mallios, L. Bauer, D. K. Kaynar, F. Martinelli, and C. Morisset. Probabilistic cost enforcement of security policies. In STM, pages 144--159, 2013.
[10]
M. Mont, R. Brown, S. Arnell, and N. Passingham. Security analytics: risk analysis for an organisation's incident management process. HP Lab., TR HPL-2012-206, 2012.
[11]
NIST. Framework for improving critical infrastructure cybersecurity, February 12, 2014. http://goo.gl/X3Uvtj, (accessed Dec. 2015).
[12]
N. Nostro, I. Matteucci, A. Ceccarelli, F. Di Giandomenico, F. Martinelli, and A. Bondavalli. On security countermeasures ranking through threat analysis. In SAFECOMP 2014
Index Terms
- A multi-criteria ranking of security countermeasures
Recommendations
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Security Vulnerabilities of SGX and Countermeasures: A Survey
Invited TutorialTrusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of ...
Analysis and countermeasures of security vulnerability on portal sites
ICUIMC '11: Proceedings of the 5th International Conference on Ubiquitous Information Management and CommunicationRecently, major portal sites are suffering from a number of attacks and it is growing exponentially. July 2009, there has been system failure on government sites and some of the major portal sites due to the DDoS (Distributed Denial of Service) attack. ...
Comments
Information & Contributors
Information
Published In
Copyright © 2016 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 April 2016
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SAC 2016
Sponsor:
Acceptance Rates
SAC '16 Paper Acceptance Rate 252 of 1,047 submissions, 24%;
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%
Upcoming Conference
SAC '25
- Sponsor:
- sigapp
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 81Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Reflects downloads up to 20 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in