A Method for Developing Qualitative Security Risk Assessment Algorithms

We present a method for developing qualitative security risk assessment algorithms where the input captures the dynamic state of the target of analysis. This facilitates continuous monitoring. The intended users of the method are security and risk practitioners interested in developing assessment algorithms for their own or their client’s organization. Managers and decision makers will typically be end users of the assessments provided by the algorithms. To promote stakeholder involvement, the method is designed to ensure that the algorithm and the underlying risk model are simple to understand. We have employed the method to create assessment algorithms for 10 common cyber attacks, and use one of these to demonstrate the approach.acceptedVersio

Relating computer systems to sequence diagrams with underspecification, inherent nondeterminism and probabilistic choice : Part 1

Having a sequence diagram specification and a computer system, we need to answer the question: Is the system compliant with the sequence diagram specification in the desired way? We present a procedure for answering this question for three variations of sequence diagrams.The procedure is independent of the choice of programming language used for the system. The semantics of sequence diagrams is denotational and based on traces. In order to answer the initial question, the procedure starts by obtaining the trace-set of the system by e.g. testing, and then transforming this into the same semantic model as that used for the sequence diagram. In addition to extending our earlier work on refinement relations for sequence diagrams, we define conformance relations relating systems to sequence diagrams. The work is split in two parts. This paper presents part 1, in which we introduce the necessary definitions for using the compliance checking procedure on sequence diagrams with underspecification and sequence diagrams with inherent nondeterminism. In part 2 [RRS07], we present the definitions for using the procedure on sequence diagrams with probabilistic choice

Specification and Refinement of Soft Real-time Requirements Using Sequence Diagrams

Soft real-time requirements are often related to communication in distributed systems. Therefore it is interesting to understand how UML sequence diagrams can be used to specify such requirements. We propose a way of integrating soft real-time requirements in sequence diagram specifications by adding probabilities to timed sequence diagrams. Our approach builds on timed STAIRS, which is an approach to the compositional and incremental development of sequence diagrams supporting specification of mandatory as well as potential behavior

Risk-Based Decision Support Model for Offshore Installations

Background: During major maintenance projects on offshore installations, flotels are often used to accommodate the personnel. A gangway connects the flotel to the installation. If the offshore conditions are unfavorable, the responsible operatives need to decide whether to lift (disconnect) the gangway from the installation. If this is not done, there is a risk that an uncontrolled autolift (disconnection) occurs, causing harm to personnel and equipment. Objectives: We present a decision support model, developed using the DEXi tool for multi-criteria decision making, which produces advice on whether to disconnect/connect the gangway from/to the installation. Moreover, we report on our development method and experiences from the process, including the efforts invested. An evaluation of the resulting model is also offered, primarily based on feedback from a small group of offshore operatives and domain experts representing the end user target group. Methods/Approach: The decision support model was developed systematically in four steps: establish context, develop the model, tune the model, and collect feedback on the model. Results: The results indicate that the decision support model provides advice that corresponds with expert expectations, captures all aspects that are important for the assessment, is comprehensible to domain experts, and that the expected benefit justifies the effort for developing the model. Conclusions: We find the results promising, and believe that the approach can be fruitful in a wider range of risk-based decision support scenarios. Moreover, this paper can help other decision support developers decide whether a similar approach can suit them

Security risk analysis of system changes exemplified within the oil and gas domain

Changes, such as the introduction of new technology, may have considerable impact on the risk to which a system or organization is exposed. For example, in the oil & gas domain, introduction of technology that allows offshore installations to be operated from onshore means that fewer people are exposed to risk on the installation, but it also introduces new risks and vulnerabilities. We need suitable methods and techniques in order to understand how a change will affect the risk picture. This paper presents an approach that offers specialized support for analysis of risk with respect to change. The approach allows links between elements of the target of analyses and the related parts of the risk model to be explicitly captured, which facilitates tool support for identifying the parts of a risk model that need to be reconsidered when a change is made to the target. Moreover, the approach offers language constructs for capturing the risk picture before and after a change. The approach is demonstrated on a case concerning new software technology to support decision making on petroleum installations.acceptedVersio

Using Indicators to Monitor Risk in Interconnected Systems: How to Capture and Measure the Impact of Service Dependencies on the Quality of Provided Services

Interconnected systems are collections of systems that interact through the use of services. Their often complex service dependencies and very dynamic nature make them hard to analyze and predict with respect to quality attributes. In this report we put forward a method for the capture and monitoring of impact of service dependencies on the quality of provided services. The method is divided into four main steps focusing on documenting the interconnected systems and the service dependencies, establishing the impact of service dependencies on risk to quality of provided services, identifying measurable indicators for dynamic monitoring, and specifying their design and deployment, respectively. We illustrate the method in an example-driven fashion based on a case study from the domain of power supply. Oppdragsgiver: Research Council of Norwa