The objective of the present work is to present a Decision Support System (DSS) aimed at suggesting to a Critical Infrastructure (CI) operator the optimal configuration in terms of deployed security functionalities. The optimization framework adopted by the proposed DSS uses a Genetic Algorithm (GA) for exploring the solution space and exploits an extended version of the Open Source Security Testing Methodology Manual (OSSTMM) for evaluating the security level of given configurations. Such security evaluation allows to provide CI operator with a holistic insight on the system security level, also by exploiting the knowledge stored in vulnerability databases such as the Common Vulnerability Exposure (CVE). The performance of three different implementations of the adopted GA are evaluated in realistic operational scenarios and the solutions are validated from a security point of view.
A Decision Support Tool for optimal configuration of Critical Infrastructures / Giuseppi, Alessandro; Andreani, Andrea; Priscoli, Francesco Delli; Suraci, Vincenzo; Tortorelli, Andrea; Fiaschetti, Andrea; Germanà, Roberto. - In: INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURES. - ISSN 1475-3219. - 18:2(2022), pp. 105-127. [10.1504/IJCIS.2022.123415]
A Decision Support Tool for optimal configuration of Critical Infrastructures
Giuseppi, Alessandro;Andreani, Andrea;Priscoli, Francesco Delli;Suraci, Vincenzo;Tortorelli, Andrea
;Fiaschetti, Andrea;Germanà, Roberto
2022
Abstract
The objective of the present work is to present a Decision Support System (DSS) aimed at suggesting to a Critical Infrastructure (CI) operator the optimal configuration in terms of deployed security functionalities. The optimization framework adopted by the proposed DSS uses a Genetic Algorithm (GA) for exploring the solution space and exploits an extended version of the Open Source Security Testing Methodology Manual (OSSTMM) for evaluating the security level of given configurations. Such security evaluation allows to provide CI operator with a holistic insight on the system security level, also by exploiting the knowledge stored in vulnerability databases such as the Common Vulnerability Exposure (CVE). The performance of three different implementations of the adopted GA are evaluated in realistic operational scenarios and the solutions are validated from a security point of view.| File | Dimensione | Formato | |
|---|---|---|---|
|
Tortorelli_A-decision_2022.pdf
accesso aperto
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Creative commons
Dimensione
622.25 kB
Formato
Adobe PDF
|
622.25 kB | Adobe PDF |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
