Analyzing and mitigating the threats that cyber-attacks pose on the services of a critical infrastructure is not a trivial activity. Research solutions have been developed using data about the devices used for implementing the services, services dependencies, network topology, and the vulnerabilities that can be exploited to attack the network. However, most of the proposed solutions fail to consider these aspects in an integrated fashion, allowing the user to understand global dependencies and weaknesses. This paper contributes this issue with BUCEPHALUS, a Visual Analytics solution providing a) a visual overview of the existing relationships among business functions, devices, and vulnerabilities, and b) a what-if analysis scenario, in which the user is supported on making decisions on which vulnerabilities are more appropriate to fix. BUCEPHALUS has been developed and validated within a user-centered design process involving security professionals.

BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS / Angelini, Marco; Blasilli, Graziano; Bonomi, Silvia; Lenti, Simone; Palleschi, Alessia; Santucci, Giuseppe; Paoli, Emiliano De. - (2021), pp. 15-25. (Intervento presentato al convegno 2021 IEEE Symposium on Visualization for Cyber Security (VizSec) tenutosi a New Orleans; USA) [10.1109/VizSec53666.2021.00007].

BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS

Angelini, Marco
;
Blasilli, Graziano
;
Bonomi, Silvia
;
Lenti, Simone
;
Palleschi, Alessia
;
Santucci, Giuseppe
;
2021

Abstract

Analyzing and mitigating the threats that cyber-attacks pose on the services of a critical infrastructure is not a trivial activity. Research solutions have been developed using data about the devices used for implementing the services, services dependencies, network topology, and the vulnerabilities that can be exploited to attack the network. However, most of the proposed solutions fail to consider these aspects in an integrated fashion, allowing the user to understand global dependencies and weaknesses. This paper contributes this issue with BUCEPHALUS, a Visual Analytics solution providing a) a visual overview of the existing relationships among business functions, devices, and vulnerabilities, and b) a what-if analysis scenario, in which the user is supported on making decisions on which vulnerabilities are more appropriate to fix. BUCEPHALUS has been developed and validated within a user-centered design process involving security professionals.
2021
2021 IEEE Symposium on Visualization for Cyber Security (VizSec)
cybersecurity; business impact analysis; network hardening; attack graph proactive analysis; visual analytics; what-if analysis
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS / Angelini, Marco; Blasilli, Graziano; Bonomi, Silvia; Lenti, Simone; Palleschi, Alessia; Santucci, Giuseppe; Paoli, Emiliano De. - (2021), pp. 15-25. (Intervento presentato al convegno 2021 IEEE Symposium on Visualization for Cyber Security (VizSec) tenutosi a New Orleans; USA) [10.1109/VizSec53666.2021.00007].
File allegati a questo prodotto
File Dimensione Formato  
Angelini_postprintBUCEPHALUS_2021.pdf

accesso aperto

Note: DOI: 10.1109/VizSec53666.2021.00007
Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: Creative commons
Dimensione 3 MB
Formato Adobe PDF
3 MB Adobe PDF
Angelini_BUCEPHALUS_2021.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.14 MB
Formato Adobe PDF
1.14 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1603282
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact