Towards the definition of a security incident response modelling language

Myrsini Athinaiou; Haralambos Mouratidis; Theo Fotis; Michalis Pavlidis; Emmanouil Panaousis

doi:10.1007/978-3-319-98385-1_14

Towards the definition of a security incident response modelling language

Myrsini Athinaiou, Haralambos Mouratidis, Theo Fotis, Michalis Pavlidis, Emmanouil Panaousis

University of Brighton

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.

Original language	English
Title of host publication	15th International Conference, TrustBus 2018, Proceedings
Subtitle of host publication	Trust, Privacy and Security in Digital Business
Editors	S. Furnell , H. Mouratidis , G. Pernul
Publisher	Springer-Verlag
Pages	198-212
Number of pages	15
ISBN (Electronic)	9783319983851
ISBN (Print)	9783319983844
DOIs	https://doi.org/10.1007/978-3-319-98385-1_14
Publication status	Published - 27 Jul 2018
Event	15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018 - Regensburg, Germany Duration: 5 Sept 2018 → 6 Sept 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11033 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018
Country/Territory	Germany
City	Regensburg
Period	5/09/18 → 6/09/18

Bibliographical note

This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science . The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-98385-1_14

Keywords

Cyber-physical systems modelling language
Incident response
Meta-model
Security requirements engineering

Access to Document

10.1007/978-3-319-98385-1_14

Towards the Definition of a Security Incident Response Modelling LanguageAccepted author manuscript, 644 KB

Cite this

Athinaiou, M., Mouratidis, H., Fotis, T., Pavlidis, M., & Panaousis, E. (2018). Towards the definition of a security incident response modelling language. In S. Furnell , H. Mouratidis , & G. Pernul (Eds.), 15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business (pp. 198-212). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11033 LNCS). Springer-Verlag. https://doi.org/10.1007/978-3-319-98385-1_14

Athinaiou, Myrsini ; Mouratidis, Haralambos ; Fotis, Theo et al. / Towards the definition of a security incident response modelling language. 15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business . editor / S. Furnell ; H. Mouratidis ; G. Pernul. Springer-Verlag, 2018. pp. 198-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{174f4964e0da42fd821fedf0855e5dc5,

title = "Towards the definition of a security incident response modelling language",

abstract = "This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department{\textquoteright}s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.",

keywords = "Cyber-physical systems modelling language, Incident response, Meta-model, Security requirements engineering",

author = "Myrsini Athinaiou and Haralambos Mouratidis and Theo Fotis and Michalis Pavlidis and Emmanouil Panaousis",

note = "This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science . The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-98385-1_14; 15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018 ; Conference date: 05-09-2018 Through 06-09-2018",

year = "2018",

month = jul,

day = "27",

doi = "10.1007/978-3-319-98385-1_14",

language = "English",

isbn = "9783319983844",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer-Verlag",

pages = "198--212",

editor = "{Furnell }, S. and {Mouratidis }, H. and G. Pernul",

booktitle = "15th International Conference, TrustBus 2018, Proceedings",

}

Athinaiou, M, Mouratidis, H, Fotis, T , Pavlidis, M & Panaousis, E 2018, Towards the definition of a security incident response modelling language. in S Furnell , H Mouratidis & G Pernul (eds), 15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business . Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11033 LNCS, Springer-Verlag, pp. 198-212, 15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018, Regensburg, Germany, 5/09/18. https://doi.org/10.1007/978-3-319-98385-1_14

Towards the definition of a security incident response modelling language. / Athinaiou, Myrsini; Mouratidis, Haralambos; Fotis, Theo et al.
15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business . ed. / S. Furnell ; H. Mouratidis ; G. Pernul. Springer-Verlag, 2018. p. 198-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11033 LNCS).

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

TY - GEN

T1 - Towards the definition of a security incident response modelling language

AU - Athinaiou, Myrsini

AU - Mouratidis, Haralambos

AU - Fotis, Theo

AU - Pavlidis, Michalis

AU - Panaousis, Emmanouil

N1 - This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science . The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-98385-1_14

PY - 2018/7/27

Y1 - 2018/7/27

N2 - This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.

AB - This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.

KW - Cyber-physical systems modelling language

KW - Incident response

KW - Meta-model

KW - Security requirements engineering

UR - http://www.scopus.com/inward/record.url?scp=85052890470&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-98385-1_14

DO - 10.1007/978-3-319-98385-1_14

M3 - Conference contribution with ISSN or ISBN

AN - SCOPUS:85052890470

SN - 9783319983844

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 198

EP - 212

BT - 15th International Conference, TrustBus 2018, Proceedings

A2 - Furnell , S.

A2 - Mouratidis , H.

A2 - Pernul, G.

PB - Springer-Verlag

T2 - 15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018

Y2 - 5 September 2018 through 6 September 2018

ER -

Athinaiou M, Mouratidis H, Fotis T , Pavlidis M, Panaousis E. Towards the definition of a security incident response modelling language. In Furnell S, Mouratidis H, Pernul G, editors, 15th International Conference, TrustBus 2018, Proceedings: Trust, Privacy and Security in Digital Business . Springer-Verlag. 2018. p. 198-212. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-98385-1_14

Towards the definition of a security incident response modelling language

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Michalis Pavlidis

Cite this

Towards the definition of a security incident response modelling language

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Profiles

Michalis Pavlidis

Cite this