Difference between revisions of "SCOTT:BB26.F"
From its-wiki.no
(→Practical suggestions) |
|||
| (12 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{Building Block | {{Building Block | ||
|Title=Multi-metrics assessment for measurable security and privacy | |Title=Multi-metrics assessment for measurable security and privacy | ||
| − | |Page Title= | + | |Page Title=BB26.F Measurable security and privacy |
|Technology Line=Reference Architecture/Implementation | |Technology Line=Reference Architecture/Implementation | ||
|Lead partner=UiO | |Lead partner=UiO | ||
| − | |Leader= | + | |Leader=Maunya Doroudi Moghadam |
|Partner=UiO, SmartIO, | |Partner=UiO, SmartIO, | ||
| − | |Related to Use Cases=SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, SCOTT:WP12, SCOTT:WP13, SCOTT:WP14, SCOTT:WP15, | + | |Related to Use Cases=SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, SCOTT:WP12, <s>SCOTT:WP13</s>, <s>SCOTT:WP14</s>, SCOTT:WP15, |
|Description=One aspect of SCOTT is the security (and privacy) assessment of system- of-systems. Assessing security, privacy or other properties that give a system its trustworthiness is challenging for the fact that such properties are not easy to measure. Some would say that e.g. security cannot be measured fully. Nevertheless, in practice we always try to calculate the damages of an envisaged attack, and then weigh in with the costs of implementing countermeasures. Therefore, what we often do as system analysts is more or less ad-hoc, and this is understandable because we are trying to “measure the unmeasurables”. | |Description=One aspect of SCOTT is the security (and privacy) assessment of system- of-systems. Assessing security, privacy or other properties that give a system its trustworthiness is challenging for the fact that such properties are not easy to measure. Some would say that e.g. security cannot be measured fully. Nevertheless, in practice we always try to calculate the damages of an envisaged attack, and then weigh in with the costs of implementing countermeasures. Therefore, what we often do as system analysts is more or less ad-hoc, and this is understandable because we are trying to “measure the unmeasurables”. | ||
| Line 20: | Line 20: | ||
|Target TRL=TRL 6 | |Target TRL=TRL 6 | ||
}} | }} | ||
| + | BB26.F is core in WP7, extended in WP8, and future in WP9 | ||
=Activities= | =Activities= | ||
| Line 33: | Line 34: | ||
* Output= link to the output | * Output= link to the output | ||
* author= Toktam Ramezani | * author= Toktam Ramezani | ||
| + | <br/> | ||
| + | |||
| + | * Title= Security Classes | ||
| + | * Related to= WP26 | ||
| + | * status= Finished | ||
| + | * Output= link to the output | ||
| + | * author= Manish Shresta | ||
<br/> | <br/> | ||
| Line 39: | Line 47: | ||
=Practical suggestions= | =Practical suggestions= | ||
* Title= Survey on existing approaches and metrics | * Title= Survey on existing approaches and metrics | ||
| − | * status= | + | * status= Next |
* Output= link to the output | * Output= link to the output | ||
* By= Toktam Ramezani | * By= Toktam Ramezani | ||
| Line 46: | Line 54: | ||
<br/> | <br/> | ||
| − | * Title= | + | * Title= Firmware security aspects |
| − | Comment= | + | * Comment= |
| − | + | * status= Next | |
| − | + | ||
| − | + | ||
| − | * status= | + | |
* Output= link to the output | * Output= link to the output | ||
* By= Toktam Ramezani | * By= Toktam Ramezani | ||
| Line 57: | Line 62: | ||
* Please add your practical suggestions | * Please add your practical suggestions | ||
| + | |||
| + | = SCOTT status = | ||
| + | From Ramiro: An overview of the instructions for updating the building blocks and the collection of the requirements can be found in this presentation (slide 19-24). | ||
| + | https://projects.avl.com/16/0094/WP26/Documents/02_Meetings%20and%20WebEx/20170703_SCOTT_Presentation_WP26.pptx?Web=1 | ||
| + | |||
| + | |||
| + | The official and complete instructions can be found in the following presentation from SP1 requirements management. | ||
| + | https://projects.avl.com/16/0094/WP01/Documents/03_Deliverables/SCOTT%20REQM%20Approach_Guidance_June2017.pptx?Web=1 | ||
Latest revision as of 15:56, 12 March 2019
| Title | Multi-metrics assessment for measurable security and privacy |
|---|---|
| Page Title | BB26.F Measurable security and privacy |
| Technology Line | Reference Architecture/Implementation |
| Lead partner | UiO |
| Leader | Maunya Doroudi Moghadam |
| Contributors | UiO, SmartIO |
| Related to Use Cases | SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, SCOTT:WP12, |
| Description | One aspect of SCOTT is the security (and privacy) assessment of system- of-systems. Assessing security, privacy or other properties that give a system its trustworthiness is challenging for the fact that such properties are not easy to measure. Some would say that e.g. security cannot be measured fully. Nevertheless, in practice we always try to calculate the damages of an envisaged attack, and then weigh in with the costs of implementing countermeasures. Therefore, what we often do as system analysts is more or less ad-hoc, and this is understandable because we are trying to “measure the unmeasurables”.
This Building Block aims to make explicit into metrics and processes the methods that are normally used to assess various aspects of a system. These would guide an analyst during an evaluation and automate some of the more tedious tasks. |
| Main output | This Building Block will develop methodologies and processes to help with measuring different trust aspects of a system, including security, privacy, dependability.
We will develop metrics for measuring such properties of a complex system, along with techniques to work with and combine metrics. We will develop tool prototypes and test them together with the Use Case partners. |
| BB category | Methodology (for SW/HW development), SW component, Tool or tool chain, Process, Other |
| Baseline | The Multi-metrics methodology from SHIELD is suggested as a starting point, to convert application requirements into e.g. network resources. The flow is as follows: a) applications having b) security and privacy requirements in need of c) network resources (in terms of security, privacy, reliability, ++). Example: a) Health Care services might need a b) privacy level A+, thus have c) requirements for isolation (VPN) when it comes to network resources.
We will build on and extend the work done in previous Artemis projects. We will extend theoretical and methodological concepts developed there, as well as tools that have been developed for manipulating metrics for security, privacy, and dependability. |
| Current TRL | TRL 4 |
| Target TRL | TRL 6 |
BB26.F is core in WP7, extended in WP8, and future in WP9
Activities
- Title= Investigation on ISMS and NIST Standards
- status= Progress
- Output= link to the output (Security Functionality)
- author= Elahe Fazeldehkordi, Seraj Fayyad, Toktam Ramezani
- Title= Investigation on heterogeneous environments and communication
- Related to= WP8 and WP26
- status= Progress
- Output= link to the output
- author= Toktam Ramezani
- Title= Security Classes
- Related to= WP26
- status= Finished
- Output= link to the output
- author= Manish Shresta
- Please add your activities
Practical suggestions
- Title= Survey on existing approaches and metrics
- status= Next
- Output= link to the output
- By= Toktam Ramezani
- Comments=
- author=
- Title= Firmware security aspects
- Comment=
- status= Next
- Output= link to the output
- By= Toktam Ramezani
- author=
- Please add your practical suggestions
SCOTT status
From Ramiro: An overview of the instructions for updating the building blocks and the collection of the requirements can be found in this presentation (slide 19-24). https://projects.avl.com/16/0094/WP26/Documents/02_Meetings%20and%20WebEx/20170703_SCOTT_Presentation_WP26.pptx?Web=1
The official and complete instructions can be found in the following presentation from SP1 requirements management.
https://projects.avl.com/16/0094/WP01/Documents/03_Deliverables/SCOTT%20REQM%20Approach_Guidance_June2017.pptx?Web=1