The deep integration between the cyber and physical domains in complex systems make very challenging the security evaluation process, as security itself is more of a concept (i.e. a subjective property) than a quantifiable characteristic. Traditional security assessing mostly relies on the personal skills of security experts, often based on best practices and personal experience. The present work is aimed at defining a security metric allowing evaluators to assess the security level of complex Cyber-Physical Systems (CPSs), as Critical Infrastructures, in a holistic, consistent and repeatable way. To achieve this result, the mathematical framework provided by the Open Source Security Testing Methodology Manual (OSSTMM) is used as the backbone of the new security metric, since it allows to provide security indicators capturing, in a non-biased way, the security level of a system. Several concepts, as component Lifecycle, Vulnerability criticality and Damage Potential – Effort Ratio are embedded in the new security metric framework, developed in the scope of the H2020 project ATENA.

A security metric for assessing the security level of critical infrastructures / Tortorelli, Andrea; Fiaschetti, Andrea; Giuseppi, Alessandro; Suraci, Vincenzo; Germanà, Roberto; Priscoli, Francesco Delli. - In: INTERNATIONAL JOURNAL OF CRITICAL COMPUTER-BASED SYSTEMS. - ISSN 1757-8779. - 10:1(2020), pp. 74-94. [10.1504/IJCCBS.2020.108685]

A security metric for assessing the security level of critical infrastructures

Tortorelli, Andrea
;
Fiaschetti, Andrea;Giuseppi, Alessandro;Suraci, Vincenzo;Germanà, Roberto;Priscoli, Francesco Delli
2020

Abstract

The deep integration between the cyber and physical domains in complex systems make very challenging the security evaluation process, as security itself is more of a concept (i.e. a subjective property) than a quantifiable characteristic. Traditional security assessing mostly relies on the personal skills of security experts, often based on best practices and personal experience. The present work is aimed at defining a security metric allowing evaluators to assess the security level of complex Cyber-Physical Systems (CPSs), as Critical Infrastructures, in a holistic, consistent and repeatable way. To achieve this result, the mathematical framework provided by the Open Source Security Testing Methodology Manual (OSSTMM) is used as the backbone of the new security metric, since it allows to provide security indicators capturing, in a non-biased way, the security level of a system. Several concepts, as component Lifecycle, Vulnerability criticality and Damage Potential – Effort Ratio are embedded in the new security metric framework, developed in the scope of the H2020 project ATENA.
2020
Security Metrics; Critical Infrastructures; Cyber-Physical Systems; Cyber-Physical Security
01 Pubblicazione su rivista::01a Articolo in rivista
A security metric for assessing the security level of critical infrastructures / Tortorelli, Andrea; Fiaschetti, Andrea; Giuseppi, Alessandro; Suraci, Vincenzo; Germanà, Roberto; Priscoli, Francesco Delli. - In: INTERNATIONAL JOURNAL OF CRITICAL COMPUTER-BASED SYSTEMS. - ISSN 1757-8779. - 10:1(2020), pp. 74-94. [10.1504/IJCCBS.2020.108685]
File allegati a questo prodotto
File Dimensione Formato  
Tortorelli_A-security-metric_2020.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 595.17 kB
Formato Adobe PDF
595.17 kB Adobe PDF   Contatta l'autore
Tortorelli_preprint_A-security-metric_2020.pdf

accesso aperto

Note: http://www.inderscience.com/offer.php?id=108685
Tipologia: Documento in Pre-print (manoscritto inviato all'editore, precedente alla peer review)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 419.77 kB
Formato Adobe PDF
419.77 kB Adobe PDF

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1476467
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact