Towards the definition of a security incident response modelling language

Myrsini Athinaiou, Haralambos Mouratidis, Theo Fotis, Michalis Pavlidis, Emmanouil Panaousis

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBNpeer-review


This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.

Original languageEnglish
Title of host publication15th International Conference, TrustBus 2018, Proceedings
Subtitle of host publicationTrust, Privacy and Security in Digital Business
EditorsS. Furnell , H. Mouratidis , G. Pernul
Number of pages15
ISBN (Electronic)9783319983851
ISBN (Print)9783319983844
Publication statusPublished - 27 Jul 2018
Event15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018 - Regensburg, Germany
Duration: 5 Sept 20186 Sept 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11033 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference15th International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2018

Bibliographical note

This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science . The final authenticated version is available online at:


  • Cyber-physical systems modelling language
  • Incident response
  • Meta-model
  • Security requirements engineering


Dive into the research topics of 'Towards the definition of a security incident response modelling language'. Together they form a unique fingerprint.

Cite this