A Multi-level Cyber-Security Reference Model in Support of Vulnerability Analysis
| Autor: | Hacks, Simon, Kaczmarek-Heß, Monika, de Kinderen, Sybren, Töpel, Daniel, Almeida, João Paulo A., Karastoyanova, Dimka, Guizzardi, Giancarlo, Montali, Marco, Maggi, Fabrizio Maria, Fonseca, Claudenir M. |
|---|---|
| Přispěvatelé: | Information Systems IE&IS |
| Jazyk: | angličtina |
| Rok vydání: | 2022 |
| Předmět: | |
| Zdroj: | Enterprise Design, Operations, and Computing: 26th International Conference, EDOC 2022, Bozen-Bolzano, Italy, October 3–7, 2022, Proceedings, 19-35 STARTPAGE=19;ENDPAGE=35;TITLE=Enterprise Design, Operations, and Computing Lecture Notes in Computer Science ISBN: 9783031176036 |
| Popis: | This paper reports on the second engineering cycle of a reference model for end-to-end cyber-security by design in the electricity sector. In our previous work, we proposed a reference model that relies on the integrated consideration of two fragmented, but complementary, reference models: NISTIR 7628 and powerLang. To align these reference models, we rely on multi-level modeling, specifically on the Flexible Meta Modeling and Execution Language (FMMLx), and integrated modeling and programming. Within this paper, we strengthen the bottom-up design of the reference model's application by integrating a semi-automated threat analysis. This enables the identification of possible points of improvement in the actual architecture design, as well as a future analysis of business-level impact of different threats. To demonstrate our approach, we rely on the well-studied Ukraine scenario from 2016. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|