Rodríguez, Ricardo J; Merseguer, José; Bernardi, Simona
Modelling Security of Critical Infrastructures: A Survivability Assessment Journal Article
In: The Computer Journal, vol. 58, no. 10, pp. 2313–2327, 2015.
Abstract | Links | BibTeX | Tags: Security, sensitive analysis, software system engineering, Survivability, UML
@article{RMB-COMPJ-15,
title = {Modelling Security of Critical Infrastructures: A Survivability Assessment},
author = {Ricardo J Rodríguez and José Merseguer and Simona Bernardi},
url = {http://webdiis.unizar.es/~ricardo/files/papers/RMB-COMPJ-15.pdf},
doi = {10.1093/comjnl/BXU096},
year = {2015},
date = {2015-10-01},
journal = {The Computer Journal},
volume = {58},
number = {10},
pages = {2313--2327},
abstract = {Critical infrastructures, usually designed to handle disruptions caused by human errors or random acts of nature, define assets whose normal operation must be guaranteed to maintain its essential services for human daily living. Malicious intended attacks to these targets need to be considered during system design. To face with these situations, defense plans must be developed in advance. In this paper, we present a UML profile, named SecAM, that enables the modelling and security specification for critical infrastructures during the early phases (requirements, design) of systems development life-cycle. SecAM endows security assessment, through survivability analysis, of different security solutions before system deployment. As a case study, we evaluate the survivability of the Saudi Arabia crude-oil pipeline network under two different attack scenarios. The stochastic analysis, carried out with Generalized Stochastic Petri nets, quantitatively estimates the minimisation of attack damages into the crude-oil network.},
keywords = {Security, sensitive analysis, software system engineering, Survivability, UML},
pubstate = {published},
tppubtype = {article}
}
Critical infrastructures, usually designed to handle disruptions caused by human errors or random acts of nature, define assets whose normal operation must be guaranteed to maintain its essential services for human daily living. Malicious intended attacks to these targets need to be considered during system design. To face with these situations, defense plans must be developed in advance. In this paper, we present a UML profile, named SecAM, that enables the modelling and security specification for critical infrastructures during the early phases (requirements, design) of systems development life-cycle. SecAM endows security assessment, through survivability analysis, of different security solutions before system deployment. As a case study, we evaluate the survivability of the Saudi Arabia crude-oil pipeline network under two different attack scenarios. The stochastic analysis, carried out with Generalized Stochastic Petri nets, quantitatively estimates the minimisation of attack damages into the crude-oil network.