BB26.F Measurable security and privacy

From its-wiki.no

Jump to: navigation, search
Title Multi-metrics assessment for measurable security and privacy
Page Title BB26.F Measurable security and privacy
Technology Line Reference Architecture/Implementation
Lead partner UiO
Leader Toktam Ramezani
Contributors UiO, SmartIO
Related to Use Cases SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, SCOTT:WP12, SCOTT:WP13"<s>SCOTT:WP13</s>" cannot be used as a page name in this wiki., SCOTT:WP14"<s>SCOTT:WP14</s>" cannot be used as a page name in this wiki., SCOTT:WP15
Description One aspect of SCOTT is the security (and privacy) assessment of system- of-systems. Assessing security, privacy or other properties that give a system its trustworthiness is challenging for the fact that such properties are not easy to measure. Some would say that e.g. security cannot be measured fully. Nevertheless, in practice we always try to calculate the damages of an envisaged attack, and then weigh in with the costs of implementing countermeasures. Therefore, what we often do as system analysts is more or less ad-hoc, and this is understandable because we are trying to “measure the unmeasurables”.

This Building Block aims to make explicit into metrics and processes the methods that are normally used to assess various aspects of a system. These would guide an analyst during an evaluation and automate some of the more tedious tasks.

Main output This Building Block will develop methodologies and processes to help with measuring different trust aspects of a system, including security, privacy, dependability.

We will develop metrics for measuring such properties of a complex system, along with techniques to work with and combine metrics. We will develop tool prototypes and test them together with the Use Case partners.

BB category Methodology (for SW/HW development), SW component, Tool or tool chain, Process, Other
Baseline The Multi-metrics methodology from SHIELD is suggested as a starting point, to convert application requirements into e.g. network resources. The flow is as follows: a) applications having b) security and privacy requirements in need of c) network resources (in terms of security, privacy, reliability, ++). Example: a) Health Care services might need a b) privacy level A+, thus have c) requirements for isolation (VPN) when it comes to network resources.

We will build on and extend the work done in previous Artemis projects. We will extend theoretical and methodological concepts developed there, as well as tools that have been developed for manipulating metrics for security, privacy, and dependability.

Current TRL TRL 4
Target TRL TRL 6


Activities

  • Title= Investigation on ISMS and NIST Standards
  • status= Progress
  • Output= link to the output (Security Functionality)
  • author= Elahe Fazeldehkordi, Seraj Fayyad, Toktam Ramezani


  • Title= Investigation on heterogeneous environments and communication
  • Related to= WP8 and WP26
  • status= Progress
  • Output= link to the output
  • author= Toktam Ramezani


  • Please add your activities

Practical suggestions

  • Title= Survey on existing approaches and metrics
  • status= Next
  • Output= link to the output
  • By= Toktam Ramezani
  • Comments=
  • author=


  • Title= Firmware security aspects
  • Comment=
  • status= Next
  • Output= link to the output
  • By= Toktam Ramezani
  • author=
  • Please add your practical suggestions

SCOTT status

From Ramiro: An overview of the instructions for updating the building blocks and the collection of the requirements can be found in this presentation (slide 19-24). https://projects.avl.com/16/0094/WP26/Documents/02_Meetings%20and%20WebEx/20170703_SCOTT_Presentation_WP26.pptx?Web=1


The official and complete instructions can be found in the following presentation from SP1 requirements management. https://projects.avl.com/16/0094/WP01/Documents/03_Deliverables/SCOTT%20REQM%20Approach_Guidance_June2017.pptx?Web=1