Requirements Analysis for the Evaluation of Automated Security Risk Assessments

被引：0

作者：

Ehrlich, Marco ^{[1
]}

Lukas, Georg ^{[2
]}

Trsek, Henning ^{[1
]}

Jasperneite, Juegen ^{[3
]}

Kastner, Wolfgang ^{[4
]}

Diedrich, Christian ^{[5
]}

机构：

[1] OWL Univ Appl Sci & Arts, InIT Inst Ind IT, D-32657 Lemgo, Germany

[2] Rt Solut De GmbH, Ind Secur, D-50968 Cologne, Germany

[3] Fraunhofer IOSB INA, D-32657 Lemgo, Germany

[4] TU Wien Informat, A-1040 Vienna, Austria

[5] Otto von Guericke Univ, D-39106 Magdeburg, Germany

来源：

2024 IEEE 20TH INTERNATIONAL CONFERENCE ON FACTORY COMMUNICATION SYSTEMS, WFCS | 2024年

关键词：

Industry; 4.0; Security; Risk Assessment; Automation; Requirements; Evaluation; Verification; SAFETY;

D O I：

10.1109/WFCS60972.2024.10540830

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The overall Industry 4.0 developments and the highly dynamic threat landscape enhance the need for continuous security engineering of industrial components, modules, and systems. Security risk assessments play a major role to ensure a secure operation of Industrial Automation and Control Systems (IACSs) but are mostly neglected due to missing resources and a lack of human experts for the sophisticated manual tasks. Therefore, a method for information and process modelling regarding the automation of security risk assessments has been previously designed, but not yet evaluated. This work in progress begins the evaluation of the automated security risk assessment concept by investigating the related work and identifying the main deficits. The results include a requirements analysis for the verification and an outlook towards future evaluation aspects.

引用

页码：180 / 183

页数：4

共 50 条

[21] Security Requirements Analysis for the IoT
Oh, Se-Ra
Kim, Young-Gab
2017 INTERNATIONAL CONFERENCE ON PLATFORM TECHNOLOGY AND SERVICE (PLATCON), 2017, : 305 - 310
[22] Formal analysis and design for engineering security automated derivation of formal software security specifications from goal-oriented security requirements
Hassan, R.
Eltoweissy, M.
Bohner, S.
El-Kassas, S.
IET SOFTWARE, 2010, 4 (02) : 149 - 160
[23] Automated Software Architecture Security Risk Analysis using Formalized Signatures
Almorsy, Mohamed
Grundy, John
Ibrahim, Amani S.
PROCEEDINGS OF THE 35TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2013), 2013, : 662 - 671
[24] Information Security Investments: How to Prioritize? A qualitative analysis of the most relevant topics in Information Security Risk Assessments
Oliveira, Mariana Batista
Goldman, Alfredo
Yoder, Joseph W.
PROCEEDINGS OF THE 20TH BRAZILIAN SYMPOSIUM ON INFORMATIONS SYSTEMS, SBSI 2024, 2024,
[25] Risk assessment and hazard analysis evaluation of automated systems
Gentile, PM
TRANSFUSION, 2005, 45 (03) : 194A - 194A
[26] Automated Support to Capture and Validate Security Requirements for Mobile Apps
Yusop, Noorrezam
Kamalrudin, Massila
Sidek, Safiah
Grundy, John
REQUIREMENTS ENGINEERING TOWARD SUSTAINABLE WORLD, 2016, 671 : 97 - 112
[27] Threat- and Risk-Analysis During Early Security Requirements Engineering
Schmidt, Holger
FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 188 - 195
[28] VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps
Sadovykh, Andrey
Widforss, Gunnar
Truscan, Dragos
Enoiu, Eduard Paul
Mallouli, Wissam
Iglesias, Rosa
Bagnto, Alessandra
Hendel, Olga
PROCEEDINGS OF THE 2021 DESIGN, AUTOMATION & TEST IN EUROPE CONFERENCE & EXHIBITION (DATE 2021), 2021, : 1330 - 1333
[29] Analysis and evaluation of the communication requirements for remote operating an automated bus in rural areas
Babl, Roman
Schmid, Josef
Hoess, Alfred
2021 IEEE INTELLIGENT TRANSPORTATION SYSTEMS CONFERENCE (ITSC), 2021, : 693 - 698
[30] Using Security and Domain ontologies for Security Requirements Analysis
Souag, Amina
Salinesi, Camille
Wattiau, Isabelle
Mouratidis, Haris
2013 IEEE 37TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSACW), 2013, : 101 - 107

← 1 2 3 4 5 →