Risk-Based Methodology for Real-Time Security Monitoring of Interdependent Services in Critical Infrastructures

Author

Aubert, Jocelyn ; Schaberreiter, T. ; Incoul, Christophe ; Khadraoui, Djamel ; Gateau, Benjamin

Author_Institution

Centre for IT Innovation, Public Res. Centre Henri Tudor, Luxembourg, Luxembourg

fYear

2010

fDate

15-18 Feb. 2010

Firstpage

262

Lastpage

267

Abstract

In today´s world, where most of the critical infrastructures (CI) are based on distributed systems, security failures have become very common, even within large corporations. The critical infrastructures are tightly interconnected, mutually dependent, and are exposed everyday to new risks.These (inter)dependencies generate potential cascading effects that may spread a malfunction or an attack from one part of the system to another dependent infrastructure.In this paper, we propose a risk-based methodology that aims to monitor interdependent services based on generic risks and assurance levels using the classical security properties: Confidentiality, Integrity and Availability. This allows each CI owner to monitor, react and adopt the best behavior corresponding to the security status of its different services.

Keywords

critical infrastructures; risk management; security of data; assurance levels; availability; confidentiality; critical infrastructures; distributed systems; generic risks; integrity; interdependent services; realtime security monitoring; risk-based methodology; Availability; Monitoring; Security; CI Interdependency; Critical Infrastructure; Monitoring; Risk Management; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability, and Security, 2010. ARES '10 International Conference on

Conference_Location

Krakow

Print_ISBN

978-1-4244-5879-0

Type

conf

DOI

10.1109/ARES.2010.102

Filename

5438083