Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS
作者: E.A. Engum , S.H. Houmb , V. Nunes Leal Franqueira
DOI:
关键词:
摘要: Many safety and mission critical systems depend on the correct secure operation of both supportive core software systems. E.g., personnel effective execution missions an oil platform recording storing, transfer interpretation data, such as that for Logging While Drilling (LWD) Measurement (MWD) subsystems. Here, data is recorded site, packaged then transferred to on-shore operational centre. Today, dedicated communication channels ensure a safe transfer, free from deliberately accidental faults. However, cost control ever more important some will be over remotely accessible infrastructure in future. Thus, prone known security vulnerabilities exploitable by outsiders. This paper presents model estimates risk level combination frequency impact derived Common Vulnerability Scoring System (CVSS). The implemented Bayesian Belief Network (BBN).
uclan.ac.uk
utwente.nl参考文章(11)
R. Bell, IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview Control of Major Accidents and Hazards Directive (COMAH) - Implications for Electrical and Control Engineers (Ref. No. 1999/173), IEE Colloquium. ,(1999)
Siv Hilde Houmb, James Bieman, Geri Georg, Raghu Reddy, Predicting Availability of Systems using BBN in Aspect-Oriented Risk-Driven Development (AORDD) ,(2005)
J. C. Laprie, Dependability: Basic Concepts and Terminology Dependable Computing and Fault-Tolerant Systems. pp. 3- 245 ,(1992) , 10.1007/978-3-7091-9170-5_1
Tomas Olovsson, Erland Jonsson, On the Integration of Security and Dependability in Computer Systems IASTED International Conference on Reliability, Quality Control and Risk Assessment Washington DC, USA, 1992, ISBN 0-88986-171-4. pp. 93- 97 ,(1992)
Dazhi Wang, Bharat B. Madan, Kishor S. Trivedi, Security analysis of SITAR intrusion tolerance system computer and communications security. pp. 23- 32 ,(2003) , 10.1145/1036921.1036924
B.B. Madan, K. Gogeva-Popstojanova, K. Vaidyanathan, K.S. Trivedi, Modeling and quantification of security attributes of software systems dependable systems and networks. pp. 505- 514 ,(2002) , 10.1109/DSN.2002.1028941
A. Avizienis, J.-C. Laprie, B. Randell, C. Landwehr, Basic concepts and taxonomy of dependable and secure computing IEEE Transactions on Dependable and Secure Computing. ,vol. 1, pp. 11- 33 ,(2004) , 10.1109/TDSC.2004.2
Bev Littlewood, Sarah Brocklehurst, Norman Fenton, Peter Mellor, Stella Page, David Wright, John Dobson, John McDermid, Dieter Gollmann, Towards Operational Measures of Computer Security Journal of Computer Security. ,vol. 2, pp. 211- 229 ,(1993) , 10.3233/JCS-1993-22-308
S.H. Houmb, G. Georg, R. France, J. Bieman, J. Jurjens, Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development international conference on engineering of complex computer systems. pp. 195- 204 ,(2005) , 10.1109/ICECCS.2005.30
Finn V. Jensen, An introduction to Bayesian networks ,(1996)