Towards the definition of a security incident response modelling language

Myrsini Athinaiou, Haralambos Mouratidis, Theo Fotis, Michalis Pavlidis, Emmanouil Panaousis

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBN

Abstract

This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.

Original languageEnglish
Title of host publication15th International Conference, TrustBus 2018, Proceedings
Subtitle of host publicationTrust, Privacy and Security in Digital Business
EditorsS. Furnell , H. Mouratidis , G. Pernul
PublisherSpringer-Verlag
Pages198-212
Number of pages15
ISBN (Electronic)9783319983851
ISBN (Print)9783319983844
DOIs
Publication statusPublished - 27 Jul 2018
Event15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018 - Regensburg, Germany
Duration: 5 Sep 20186 Sep 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11033 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018
CountryGermany
CityRegensburg
Period5/09/186/09/18

Fingerprint

Modeling Language
Critical infrastructures
Critical Infrastructure
Health
Recovery
Physical Modeling
Requirements Engineering
Requirements engineering
Security Model
Language Model
Vulnerability
System Modeling
Decision making
Decision Making
Concepts
Cyber Physical System
Modeling languages
Methodology
Requirements
Model

Bibliographical note

This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science . The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-98385-1_14

Keywords

  • Cyber-physical systems modelling language
  • Incident response
  • Meta-model
  • Security requirements engineering

Cite this

Athinaiou, M., Mouratidis, H., Fotis, T., Pavlidis, M., & Panaousis, E. (2018). Towards the definition of a security incident response modelling language. In S. Furnell , H. Mouratidis , & G. Pernul (Eds.), 15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business (pp. 198-212). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11033 LNCS). Springer-Verlag. https://doi.org/10.1007/978-3-319-98385-1_14
Athinaiou, Myrsini ; Mouratidis, Haralambos ; Fotis, Theo ; Pavlidis, Michalis ; Panaousis, Emmanouil. / Towards the definition of a security incident response modelling language. 15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business . editor / S. Furnell ; H. Mouratidis ; G. Pernul. Springer-Verlag, 2018. pp. 198-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{174f4964e0da42fd821fedf0855e5dc5,
title = "Towards the definition of a security incident response modelling language",
abstract = "This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.",
keywords = "Cyber-physical systems modelling language, Incident response, Meta-model, Security requirements engineering",
author = "Myrsini Athinaiou and Haralambos Mouratidis and Theo Fotis and Michalis Pavlidis and Emmanouil Panaousis",
note = "This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science . The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-98385-1_14",
year = "2018",
month = "7",
day = "27",
doi = "10.1007/978-3-319-98385-1_14",
language = "English",
isbn = "9783319983844",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag",
pages = "198--212",
editor = "{Furnell }, S. and {Mouratidis }, H. and G. Pernul",
booktitle = "15th International Conference, TrustBus 2018, Proceedings",

}

Athinaiou, M, Mouratidis, H, Fotis, T, Pavlidis, M & Panaousis, E 2018, Towards the definition of a security incident response modelling language. in S Furnell , H Mouratidis & G Pernul (eds), 15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business . Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11033 LNCS, Springer-Verlag, pp. 198-212, 15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018, Regensburg, Germany, 5/09/18. https://doi.org/10.1007/978-3-319-98385-1_14

Towards the definition of a security incident response modelling language. / Athinaiou, Myrsini; Mouratidis, Haralambos; Fotis, Theo; Pavlidis, Michalis; Panaousis, Emmanouil.

15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business . ed. / S. Furnell ; H. Mouratidis ; G. Pernul. Springer-Verlag, 2018. p. 198-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11033 LNCS).

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBN

TY - GEN

T1 - Towards the definition of a security incident response modelling language

AU - Athinaiou, Myrsini

AU - Mouratidis, Haralambos

AU - Fotis, Theo

AU - Pavlidis, Michalis

AU - Panaousis, Emmanouil

N1 - This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science . The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-98385-1_14

PY - 2018/7/27

Y1 - 2018/7/27

N2 - This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.

AB - This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.

KW - Cyber-physical systems modelling language

KW - Incident response

KW - Meta-model

KW - Security requirements engineering

UR - http://www.scopus.com/inward/record.url?scp=85052890470&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-98385-1_14

DO - 10.1007/978-3-319-98385-1_14

M3 - Conference contribution with ISSN or ISBN

AN - SCOPUS:85052890470

SN - 9783319983844

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 198

EP - 212

BT - 15th International Conference, TrustBus 2018, Proceedings

A2 - Furnell , S.

A2 - Mouratidis , H.

A2 - Pernul, G.

PB - Springer-Verlag

ER -

Athinaiou M, Mouratidis H, Fotis T, Pavlidis M, Panaousis E. Towards the definition of a security incident response modelling language. In Furnell S, Mouratidis H, Pernul G, editors, 15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business . Springer-Verlag. 2018. p. 198-212. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-98385-1_14