A Risk Propagation Based Quantitative Assessment Methodology for Network Security - Aeronautical Network Case Study

Recently, risk assessment has been considered as an essential technique in evaluating the security of network information systems. Many proposals have been made in this area in order to provide new approaches to allow administrators and engineers to analyze the impact of any attack that could target their systems. Nevertheless, there is a lack of quantitative techniques and methods which take into account the inherent characteristics of a network such as interconnection between nodes. This paper presents an original risk assessment approach based on risk propagation and network node correlation to provide relevant and accurate results. Each parameter involved in the risk assessment process is quantified then the overall approach is described in detail. At the end of the paper, the network security assessment methodology is applied to a satellite-based system architecture we designed for an industrial project entitled FAST (Fiber-like Aircraft Satellite Telecommunications). This project is co-funded by the Aerospace Valley pole and the French government (Direction Generale de la Competitivite, de l´Industrie et des Services - DGCIS, Fonds Unique Interministeriel - FUI) and aims to provide bi-directional satellite communication services on commercial aircraft worldwide.