Difference between revisions of "IoTSec:T1.2"
From its-wiki.no
Josef.Noll (Talk | contribs) (Created page with "{{Task |Title=Measurable: security, privacy and dependability, metrics |Workpackage=IoTSec:WP1 |Lead partner=UNIK |Partner=UNIK, NR, Ifi, |Objective=This task will ... }}") |
Josef.Noll (Talk | contribs) |
||
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Task | {{Task | ||
|Title=Measurable: security, privacy and dependability, metrics | |Title=Measurable: security, privacy and dependability, metrics | ||
+ | |Page Title=T1.2 Measurable Security | ||
|Workpackage=IoTSec:WP1 | |Workpackage=IoTSec:WP1 | ||
|Lead partner=UNIK | |Lead partner=UNIK | ||
− | |Partner= | + | |Partner= NR, Ifi, Movation |
− | |Objective=This task will . | + | |Objective=This task will establish the Multi-Metrics Model for the Smart Grid use case. The task includes |
+ | * the adaptation to the real world infrastructure | ||
+ | * the analysis of the most relevant sub-systems | ||
+ | * application specific goals for security, privacy and dependability | ||
}} | }} | ||
+ | = Detailed work = | ||
+ | * Ifi: involvement and interaction with U. of Victoria; especially on dependability and metrics. | ||
+ | * UNIK/Movation: Multi-Metrics development | ||
+ | |||
+ | {{Multi-Metrics analysis}} | ||
+ | |||
+ | = Challenges = | ||
+ | Identified challenges are related to | ||
+ | * industrial harmonisation of methodology | ||
+ | * semantic description of security, privacy and dependability | ||
+ | * identification of s,p,d values for use cases, e.g. monitoring, alarm, control | ||
+ | |||
+ | = Expected outcome = | ||
+ | Year 1: | ||
+ | * [[has result::System analysis for main sub-systems on current infrastructure (M12)]] | ||
+ | * [[has result::identification of 3-5 use cases, to be further elaborated in T3.1 (M12)]] | ||
+ | * [[has result::Feedback from industry on applicability of system analysis (M12)]] | ||
+ | |||
+ | Year 2: | ||
+ | * [[has result::Extension of the Smart Grid system to include at least 2 new functionalities (M24)]] | ||
+ | * [[has result::Identification of challenges for industrial applicability (M24)]] | ||
+ | |||
+ | Y3: | ||
+ | * to be defined in year 2 | ||
+ | |||
+ | =References = | ||
+ | # J. Noll, I. Garitano, S. Fayyad, E. Åsberg, H. Abie, «Measurable Security, Privacy and Dependability in Smart Grids», Journal of Cyber Security, 3_4, (2015) -> http://riverpublishers.com/journal/journal_articles/RP_Journal_2245-1439_342.pdf | ||
+ | # I. Garitano, S. Fayyad, J. Noll, «Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems», Wireless Pers. Commun. 81, pp1359-1376 (2015) |
Latest revision as of 11:40, 29 March 2017
Security in IoT for Smart Grids | |||||||
---|---|---|---|---|---|---|---|
|
T1.2 Measurable Security
Task Title | Measurable: security, privacy and dependability, metrics |
---|---|
WP | IoTSec:WP1 |
Lead partner | UNIK |
Leader | |
Contributors | NR, Ifi, Movation |
edit this task |
Objective
This task will establish the Multi-Metrics Model for the Smart Grid use case. The task includes
- the adaptation to the real world infrastructure
- the analysis of the most relevant sub-systems
- application specific goals for security, privacy and dependability
Category:Task |
Deliverables in T1.2 Measurable Security
Title | Due month | Lead partner | Editor | Dissemination level | |
---|---|---|---|---|---|
D1.2.1 | Methods for measurable security (draft) | M12 | ITS | Josef Noll | Public |
D1.2.2 | Methods for measurable security (final) | M24 | ITS | Josef Noll | Public |
Detailed work
- Ifi: involvement and interaction with U. of Victoria; especially on dependability and metrics.
- UNIK/Movation: Multi-Metrics development
About the Multi-Metrics Approach
The Multi-Metrics Approach has the goal to to measure the Security, Privacy and Dependability (SPD) level of a system. The objective is to achieve an overall system SPD level, SPDSystem. The main advantage of this methodology is that it provides a simple mechanism to measure and evaluate the system security, privacy and dependability levels.
SPDSystem is a triplet, composed of individual Security, Privacy and Dependability levels (s,p,d). Each of the levels is represented by a range between 0 and 100, i.e. the higher the number, the higher the Security, Privacy and Dependability level. However, in order to end up with SPDSystem, during the whole process, the criticality is evaluated. Criticality is again a triplet (Cs,Cp,Cd), defined as the complement of SPD, and expressed as (Cs, Cp, Cd) = (100, 100, 100) − (s, p, d).
The Figure shows a system being composed of multiple sub-systems, which at the same time consist of various components.
Ongoing Discusssions
from Toktam: My suggestion is that since systems are complicated and nested, we may need to collect metrics and parameters in existing approaches for:
- Application security, by using and not limited to OWASP as a reference (regardless of the name, this reference is one of the best),
- Network security by using, but not limited to, CWE as a reference,
- System security based on risk assessment in which measurement of risk itself is useful, and also (1- risk) might give a promising view of the level of security preservation,
- and so on to collect and then make a contribution.
In addition, if instead of the security of the whole system, just data flow and information flow is the aim of the labeling, then such references could be investigated toward these (unfortunately it is time consuming).
Challenges
Identified challenges are related to
- industrial harmonisation of methodology
- semantic description of security, privacy and dependability
- identification of s,p,d values for use cases, e.g. monitoring, alarm, control
Expected outcome
Year 1:
- System analysis for main sub-systems on current infrastructure (M12)
- identification of 3-5 use cases, to be further elaborated in T3.1 (M12)
- Feedback from industry on applicability of system analysis (M12)
Year 2:
- Extension of the Smart Grid system to include at least 2 new functionalities (M24)
- Identification of challenges for industrial applicability (M24)
Y3:
- to be defined in year 2
References
- J. Noll, I. Garitano, S. Fayyad, E. Åsberg, H. Abie, «Measurable Security, Privacy and Dependability in Smart Grids», Journal of Cyber Security, 3_4, (2015) -> http://riverpublishers.com/journal/journal_articles/RP_Journal_2245-1439_342.pdf
- I. Garitano, S. Fayyad, J. Noll, «Multi-Metrics Approach for Security, Privacy and Dependability in Embedded Systems», Wireless Pers. Commun. 81, pp1359-1376 (2015)