Abstract
This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.
Original language | English |
---|---|
Title of host publication | 15th International Conference, TrustBus 2018, Proceedings |
Subtitle of host publication | Trust, Privacy and Security in Digital Business |
Editors | S. Furnell , H. Mouratidis , G. Pernul |
Publisher | Springer-Verlag |
Pages | 198-212 |
Number of pages | 15 |
ISBN (Electronic) | 9783319983851 |
ISBN (Print) | 9783319983844 |
DOIs | |
Publication status | Published - 27 Jul 2018 |
Event | 15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018 - Regensburg, Germany Duration: 5 Sept 2018 → 6 Sept 2018 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 11033 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018 |
---|---|
Country/Territory | Germany |
City | Regensburg |
Period | 5/09/18 → 6/09/18 |
Bibliographical note
This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science . The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-98385-1_14Keywords
- Cyber-physical systems modelling language
- Incident response
- Meta-model
- Security requirements engineering
Fingerprint
Dive into the research topics of 'Towards the definition of a security incident response modelling language'. Together they form a unique fingerprint.Profiles
-
Michalis Pavlidis
- School of Arch, Tech and Eng - Principal Lecturer
- Computing and Mathematical Sciences Research Excellence Group
Person: Academic