Title :
Run-Time Risk Management in Adaptive ICT Systems
Author :
Surridge, Mike ; Nasser, Bassem ; Chen, Xia ; Chakravarthy, Animesh ; Melas, Panos
Author_Institution :
IT Innovation Centre Gamma House, Southampton, UK
Abstract :
We will present results of the SERSCIS project related to risk management and mitigation strategies in adaptive multi-stakeholder ICT systems. The SERSCIS approach involves using semantic threat models to support automated design-time threat identification and mitigation analysis. The focus of this paper is the use of these models at run-time for automated threat detection and diagnosis. This is based on a combination of semantic reasoning and Bayesian inference applied to run-time system monitoring data. The resulting dynamic risk management approach is compared to a conventional ISO 27000 type approach, and validation test results presented from an Airport Collaborative Decision Making (A-CDM) scenario involving data exchange between multiple airport service providers.
Keywords :
inference mechanisms; risk management; security of data; A-CDM scenario; Bayesian inference; ISO 27000 type approach; SERSCIS project; adaptive multistakeholder ICT systems; airport collaborative decision making; automated design-time threat identification; automated design-time threat mitigation analysis; dynamic risk management approach; multiple airport service providers; risk mitigation strategy; run-time risk management; run-time system monitoring data; semantic reasoning; semantic threat models; Availability; Security; adaptive systems; machine reasoning; risk management; secure ICT;
Conference_Titel :
Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
Conference_Location :
Regensburg
DOI :
10.1109/ARES.2013.20
