BB3.4.F Measurable security and privacy

From its-wiki.no

Revision as of 09:41, 28 June 2017 by Toktam (Talk | contribs)

Jump to: navigation, search
BB26.F
Home Meetings Publications Student corner Factpage
English-Language-icon.png
Title Multi-metrics assessment for measurable security and privacy
Page Title BB3.4.F Measurable security and privacy
Technology Line Reference Architecture/Implementation
Lead partner UiO
Leader Toktam Ramezani
Contributors UiO, SmartIO
Related to Use Cases SCOTT:WP7, SCOTT:WP8, SCOTT:WP11, SCOTT:WP12, SCOTT:WP13, SCOTT:WP14, SCOTT:WP15
Description One aspect of SCOTT is the security (and privacy) assessment of system- of-systems. Assessing security, privacy or other properties that give a system its trustworthiness is challenging for the fact that such properties are not easy to measure. Some would say that e.g. security cannot be measured fully. Nevertheless, in practice we always try to calculate the damages of an envisaged attack, and then weigh in with the costs of implementing countermeasures. Therefore, what we often do as system analysts is more or less ad-hoc, and this is understandable because we are trying to “measure the unmeasurables”.

This Building Block aims to make explicit into metrics and processes the methods that are normally used to assess various aspects of a system. These would guide an analyst during an evaluation and automate some of the more tedious tasks.

Main output This Building Block will develop methodologies and processes to help with measuring different trust aspects of a system, including security, privacy, dependability.

We will develop metrics for measuring such properties of a complex system, along with techniques to work with and combine metrics. We will develop tool prototypes and test them together with the Use Case partners.

BB category Methodology (for SW/HW development), SW component, Tool or tool chain, Process, Other
Baseline The Multi-metrics methodology from SHIELD is suggested as a starting point, to convert application requirements into e.g. network resources. The flow is as follows: a) applications having b) security and privacy requirements in need of c) network resources (in terms of security, privacy, reliability, ++). Example: a) Health Care services might need a b) privacy level A+, thus have c) requirements for isolation (VPN) when it comes to network resources.

We will build on and extend the work done in previous Artemis projects. We will extend theoretical and methodological concepts developed there, as well as tools that have been developed for manipulating metrics for security, privacy, and dependability.

Current TRL TRL 4
Target TRL TRL 6


Activities

  • Title= A language-based policy specification and enforcement in a semantic-directed, integrated and automated approach.
  • status= Progress
  • author= Toktam Ramezani


  • Title= attribute-based encryption (from Chalmers via WP21 SharePoint)
  • status= Initiation
  • author= Christian Johansen
Retrieved from "https://its-wiki.no/index.php?title=SCOTT:BB26.F&oldid=33666"