1. Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Ilaria Matteucci, Andrea Ceccarelli, Felicita Di Giandomenico, Fabio Martinelli, Andrea Bondavalli

2. Outline 1.General description of work 2.Basics 3.Architecture/Framework 4.Use case 5.Conclusions and future works

3. Fai della Paganella 1.General description of work 2.Basics 3.Architecture/Framework

4. General description of the work Security analysis and design are key activities for the protection of critical systems and infrastructure. Traditional approaches: – Apply a qualitative threat assessment – Results used as input for the security design such that appropriate countermeasures are selected Our work: selection and ranking of security controlling strategies driven by quantitative threat analysis – Threat analysis that identifies attack points and paths, and ranks attacks (costs, difficulty,...) – Such enriched information is used for more elaborated controlling strategies that derive the appropriate monitoring rules and select countermeasures.

5. Framework Architecture Threat analysis supported by security models provides information on: – Attackers – Attacks and Attack points (as usual from threat analysis) – Attack paths – Relevance of the path (from a security viewpoint)/necessity of countermeasures – Weights: costs, probabilities Security control strategies – Uses weights, relevance of the paths – Current objective: ranking of quantitative security controlling strategies – Final output is the definition of countermeasures based on the evaluation of the controlled paths

6. High-level Workflow (system) functional requirements dependability and security requirements Threats Analysis Requirements Controlling strategies Design of security countermeasures

7. Next Steps –Fai della Paganella Identification of appropriate Case Study Preliminary version of paper in progress Iterative approach to framework

8. What’s new! CEMS use case Submission to DEVVARTS workshop @ SAFECOMP – DEvelopment, Verification and VAlidation of cRiTical Systems

9. Customer Energy Management System A Customer Energy Management System (CEMS) is an application service or device that communicates with devices in the home. It may have interfaces to the meter to read usage data or to the operations domain to get pricing or other information to make automated or manual decisions to control energy consumption more efficiently.

10. Man in the Middle Attack In MIM attack an opponent captures messages exchanged between the EMG and the CEMS. It can – partially alter the content of the messages – Delay messages – reorder messages to produce an unauthorized effect – collect information without altering the content of the messages violation of integrity, availability or confidentiality.

12. Two profiles: Criminal and Hacker

13. Is a Control strategies better than another? To select the controller strategy that better fit a set of requirements (e.g., the minimum cost) we associate to each step a value obtained by the threat analysis. where k, k’ denote these values. ;;

14. Quantitative Control strategies Definition. Given a path t = (a 1,k 1 ) … (a n,k n ), the label of t is given by (a 1 … a n ) belongs to Act*, and its run weight by |t| = k 1 * … * k n belongs to K, where the product * denotes the product of the considered semiring K. The valuation of a process intuitively corresponds to the sum of all possible quantity of the traces belonging to the process. Given an attack F, and a semiring K, a controller E 2 is better than a controller E 1 w.r.t. F the valuation of E 1 on F is less then the valuation of E 2 on F. NOTE: the interested reader will find all the evaluations in the paper….

15. Additional information The paper is going to be submitted to DEVVARTS We will add also proability of attack as measure for driving the definition of security countermeasures Future work: deploy the selected controlling system into the system and evaluate the global system.