L. Pasquale, M. Salehie, Raian Ali, Inah Omoronyia, B. Nuseibeh
{"title":"主次资产在自适应安全中的作用:在智能电网中的应用","authors":"L. Pasquale, M. Salehie, Raian Ali, Inah Omoronyia, B. Nuseibeh","doi":"10.1109/SEAMS.2012.6224403","DOIUrl":null,"url":null,"abstract":"Adaptive security aims to protect valuable assets managed by a system, by applying a varying set of security controls. Engineering adaptive security is not an easy task. A set of effective security countermeasures should be identified. These countermeasures should not only be applied to (primary) assets that customers desire to protect, but also to other (secondary) assets that can be exploited by attackers to harm the primary assets. Another challenge arises when assets vary dynamically at runtime. To accommodate these variabilities, it is necessary to monitor changes in assets, and apply the most appropriate countermeasures at runtime. The paper provides three main contributions for engineering adaptive security. First, it proposes a modeling notation to represent primary and secondary assets, along with their variability. Second, it describes how to use the extended models in engineering security requirements and designing required monitoring functions. Third, the paper illustrates our approach through a set of adaptive security scenarios in the customer domain of a smart grid. We suggest that modeling secondary assets aids the deployment of countermeasures, and, in combination with a representation of assets variability, facilitates the design of monitoring functions.","PeriodicalId":312871,"journal":{"name":"2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"On the role of primary and secondary assets in adaptive security: An application in smart grids\",\"authors\":\"L. Pasquale, M. Salehie, Raian Ali, Inah Omoronyia, B. Nuseibeh\",\"doi\":\"10.1109/SEAMS.2012.6224403\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Adaptive security aims to protect valuable assets managed by a system, by applying a varying set of security controls. Engineering adaptive security is not an easy task. A set of effective security countermeasures should be identified. These countermeasures should not only be applied to (primary) assets that customers desire to protect, but also to other (secondary) assets that can be exploited by attackers to harm the primary assets. Another challenge arises when assets vary dynamically at runtime. To accommodate these variabilities, it is necessary to monitor changes in assets, and apply the most appropriate countermeasures at runtime. The paper provides three main contributions for engineering adaptive security. First, it proposes a modeling notation to represent primary and secondary assets, along with their variability. Second, it describes how to use the extended models in engineering security requirements and designing required monitoring functions. Third, the paper illustrates our approach through a set of adaptive security scenarios in the customer domain of a smart grid. We suggest that modeling secondary assets aids the deployment of countermeasures, and, in combination with a representation of assets variability, facilitates the design of monitoring functions.\",\"PeriodicalId\":312871,\"journal\":{\"name\":\"2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)\",\"volume\":\"59 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SEAMS.2012.6224403\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SEAMS.2012.6224403","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
On the role of primary and secondary assets in adaptive security: An application in smart grids
Adaptive security aims to protect valuable assets managed by a system, by applying a varying set of security controls. Engineering adaptive security is not an easy task. A set of effective security countermeasures should be identified. These countermeasures should not only be applied to (primary) assets that customers desire to protect, but also to other (secondary) assets that can be exploited by attackers to harm the primary assets. Another challenge arises when assets vary dynamically at runtime. To accommodate these variabilities, it is necessary to monitor changes in assets, and apply the most appropriate countermeasures at runtime. The paper provides three main contributions for engineering adaptive security. First, it proposes a modeling notation to represent primary and secondary assets, along with their variability. Second, it describes how to use the extended models in engineering security requirements and designing required monitoring functions. Third, the paper illustrates our approach through a set of adaptive security scenarios in the customer domain of a smart grid. We suggest that modeling secondary assets aids the deployment of countermeasures, and, in combination with a representation of assets variability, facilitates the design of monitoring functions.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
