Metrics driven security management framework for e-health digital ecosystem focusing on chronic diseases

Savola, Reijo; Sihvonen, Markus

doi:10.1145/2457276.2457291

Cited by 6 publications

(11 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, they examine associations to derive more secure metrics. In contrast to the above-mentioned practical solutions (e.g., [45][46][47][48][49][50][51][52][53][54][55][56][57]), which take into consideration only the structural aspects of the system, the authors conclude that a potential metric can be assumed good or bad based also on the attacker model.…”

Section: Quantifying Securitymentioning

confidence: 94%

“…The goal is to administrate responses to attackers' probes, so as to induce an external view of the system that complies with specific desirable properties. Minimizing the cost for the defender is also considered the study in [57] presents a multi-metric-driven management framework for e-health digital environments. The method is applied in e-health settings for chronic diseases and utilizes three metric categories.…”

Section: Quantifying Securitymentioning

confidence: 99%

See 1 more Smart Citation

Artificial Intelligence-Driven Composition and Security Validation of an Internet of Things Ecosystem

et al. 2020

View full text Add to dashboard Cite

Key challenges in Internet-of-Things (IoT) system design and management include the secure system composition and the calculation of the security and dependability level of the final system. This paper presents an event-based model-checking framework for IoT systems’ design and management, called CompoSecReasoner. It invokes two main functionalities: (i) system composition verification, and (ii) derivation and validation of security, privacy, and dependability (SPD) metrics. To measure the SPD values of a system, we disassemble two well-known types of security metrics—the attack surface methodologies and the medieval castle approach. The first method determines the attackable points of the system, while the second one defines the protection level that is provided by the currently composed system-of-systems. We extend these techniques and apply the Event Calculus method for modelling the dynamic behavior of a system with progress in time. At first, the protection level of the currently composed system is calculated. When composition events occur, the current system status is derived. Thereafter, we can deploy reactive strategies and administrate the system automatically at runtime, implementing a novel setting for Moving Target Defenses. We demonstrate the overall solution on a real ambient intelligence application for managing the embedded devices of two emulated smart buildings.

show abstract

Section: Quantifying Securitymentioning

confidence: 94%

Section: Quantifying Securitymentioning

confidence: 99%

Artificial Intelligence-Driven Composition and Security Validation of an Internet of Things Ecosystem

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Over time, several solutions have been proposed that try to resolve the open issues of capturing the security posture of an IoT or other system and facilitate its administration [76][77][78][79][80]. Eby et al [76] integrated the Simple Modeling Language for Embedded Systems (SMoLES) with the Security Model Analysis Language (SMAL) [76].…”

Section: Relevant Methodologies For Secure Iot Modelingmentioning

confidence: 99%

Section: Relevant Methodologies For Secure Iot Modelingmentioning

confidence: 99%

“…Savola and Sihvonen [80] propose a MTD approach based on a multi-metric-driven management framework. The overall solution has been applied in an e-health digital environment for chronic diseases [80], where three metric types are considered. Riskdriven security assurance and engineering metrics are defined at deployment-time to offer an early assessment on the deployed defense mechanisms and their effectiveness.…”

Section: Relevant Methodologies For Secure Iot Modelingmentioning

confidence: 99%

See 1 more Smart Citation

SPD-Safe: Secure Administration of Railway Intelligent Transportation Systems

Hatzivasilis

Fysarakis²,

Ioannidis

et al. 2021

Electronics

View full text Add to dashboard Cite

The railway transport system is critical infrastructure that is exposed to numerous man-made and natural threats, thus protecting this physical asset is imperative. Cyber security, privacy, and dependability (SPD) are also important, as the railway operation relies on cyber-physical systems (CPS) systems. This work presents SPD-Safe—an administration framework for railway CPS, leveraging artificial intelligence for monitoring and managing the system in real-time. The network layer protections integrated provide the core security properties of confidentiality, integrity, and authentication, along with energy-aware secure routing and authorization. The effectiveness in mitigating attacks and the efficiency under normal operation are assessed through simulations with the average delay in real equipment being 0.2–0.6 s. SPD metrics are incorporated together with safety semantics for the application environment. Considering an intelligent transportation scenario, SPD-Safe is deployed on railway critical infrastructure, safeguarding one outdoor setting on the railway’s tracks and one in-carriage setting on a freight train that contains dangerous cargo. As demonstrated, SPD-Safe provides higher security and scalability, while enhancing safety response procedures. Nonetheless, emergence response operations require a seamless interoperation of the railway system with emergency authorities’ equipment (e.g., drones). Therefore, a secure integration with external systems is considered as future work.

show abstract