Title: Integrating Cyber Attacks within Fault Trees
Authors: NAI FOVINO IgorMASERA MarceloDECIAN Alessio
Citation: RELIABILITY ENGINEERING & SYSTEM SAFETY vol. 94 no. 9 p. 1394-1402
Publication Year: 2009
JRC N°: JRC52584
ISSN: 0951-8320
URI: http://publications.jrc.ec.europa.eu/repository/handle/JRC52584
DOI: 10.1016/j.ress.2009.02.020
Type: Articles in Journals
Abstract: In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining fault-tree analysis, traditionally used in reliability analysis, with the recently introduced Attack-tree analysis, proposed for the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. The proposed approach allows considering the interaction of malicious deliberate acts with random failures. Formal definitions of fault tree and attack tree are provided and a mathematical model for the calculation of system fault probabilities is presented.
JRC Institute:Institute for the Protection and Security of the Citizen

Files in This Item:
There are no files associated with this item.

Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.