A Service Oriented Approach to the Assessment of Infrastructure Security

NAI, FOVINO Igor; MASERA, Marcelo

The pervasive use of the information and communication technologies (ICT) in Critical Infrastructures requires the introduction of specific security assessment approaches. The study of the local effects of vulnerabilities and failures has to be put in the context of the whole system, as ICT systems are highly interconnected. In addition most industrial control and communication systems are getting connected with corporate information systems. This facilitates the access from internal and external networks, and converts ICT security assessment in a primary concern. Some approaches have been proposed based on the relationships between structural and functional descriptions and security goals, and at associating vulnerabilities to known attacks. These methodologies are typically based on the analysis of local problems. In the present paper, we want to propose a further step: the systematic correlation and analysis of structural, functional and security information, under a service–oriented light. In order to achieve this objective we propose to center the analysis on the concept of service, linking the interactions among services (modeled as service chains) with that of vulnerabilities, threats and attacks. It is demonstrated how this approach facilitates the assessment of security

NAI FOVINO Igor; MASERA Marcelo;

2008-01-16

Springer

JRC36469

978-0-387-75461-1,

Language	Citation

Name	Country	City	Type

Datasets

ID	Title	Public URL

Dataset collections

ID	Acronym	Title	Public URL

Scripts / source codes

Description	Public URL

Additional supporting files

File name	Description	File type

Show metadata record Copy citation url to clipboard Download BibTeX