RORI-based countermeasure selection using the OrBAC formalism

Gustavo Gonzalez Granadillo; Malek Belhaouane; Hervé Debar; Grégoire Jacob

doi:10.1007/s10207-013-0207-8

RORI-based countermeasure selection using the OrBAC formalism

Gustavo Gonzalez Granadillo, Malek Belhaouane, Hervé Debar, Grégoire Jacob

CNRS UMR 5157 SAMOVAR

Research output: Contribution to journal › Article › peer-review

Abstract

Attacks against information systems have grown in sophistication and complexity, making the detection and reaction process a challenging task for security administrators. In reaction to these attacks, the definition of security policies is an effective way to protect information systems from further damages, but it requires a great expertise and knowledge. If stronger security policies can constitute powerful countermeasures, inappropriate policies, on the other hand, may result in disastrous consequences for the organization. The implementation of stronger security policies requires in many cases the evaluation and analysis of multiple countermeasures. Current research promotes the implementation of multiple countermeasures as a strategy to react over complex attacks; however, the methodology is either hardly explained or very complicated to implement. This paper introduces a well-structured approach to evaluate and select optimal countermeasures based on the return on response investment (RORI) index. An implementation of a real case study is provided at the end of the document to show the applicability of the model over a mobile money transfer service. The service, security policies and countermeasures are expressed using the OrBAC formalism.

Original language	English
Pages (from-to)	63-79
Number of pages	17
Journal	International Journal of Information Security
Volume	13
Issue number	1
DOIs	https://doi.org/10.1007/s10207-013-0207-8
Publication status	Published - 1 Feb 2014
Externally published	Yes

Keywords

Combination approach
Countermeasure selection
Impact analysis
OrBAC model
RORI index
Risk mitigation
Surface coverage

Access to Document

10.1007/s10207-013-0207-8

Cite this

@article{784809b96df3487e88720aa1828991e6,

title = "RORI-based countermeasure selection using the OrBAC formalism",

abstract = "Attacks against information systems have grown in sophistication and complexity, making the detection and reaction process a challenging task for security administrators. In reaction to these attacks, the definition of security policies is an effective way to protect information systems from further damages, but it requires a great expertise and knowledge. If stronger security policies can constitute powerful countermeasures, inappropriate policies, on the other hand, may result in disastrous consequences for the organization. The implementation of stronger security policies requires in many cases the evaluation and analysis of multiple countermeasures. Current research promotes the implementation of multiple countermeasures as a strategy to react over complex attacks; however, the methodology is either hardly explained or very complicated to implement. This paper introduces a well-structured approach to evaluate and select optimal countermeasures based on the return on response investment (RORI) index. An implementation of a real case study is provided at the end of the document to show the applicability of the model over a mobile money transfer service. The service, security policies and countermeasures are expressed using the OrBAC formalism.",

keywords = "Combination approach, Countermeasure selection, Impact analysis, OrBAC model, RORI index, Risk mitigation, Surface coverage",

author = "\{Gonzalez Granadillo\}, Gustavo and Malek Belhaouane and Herv{\'e} Debar and Gr{\'e}goire Jacob",

note = "Funding Information: The research leading to these results has received funding from the European Commission within the context of the Seventh Framework Programme (FP7-ICT-2009-5) under Grant Agreement No. 257644 (MAnagement of Security information and events in Service Infrastructures, MASSIF Project). ",

year = "2014",

month = feb,

day = "1",

doi = "10.1007/s10207-013-0207-8",

language = "English",

volume = "13",

pages = "63--79",

journal = "International Journal of Information Security",

issn = "1615-5262",

number = "1",

}

TY - JOUR

T1 - RORI-based countermeasure selection using the OrBAC formalism

AU - Gonzalez Granadillo, Gustavo

AU - Belhaouane, Malek

AU - Debar, Hervé

AU - Jacob, Grégoire

N1 - Funding Information: The research leading to these results has received funding from the European Commission within the context of the Seventh Framework Programme (FP7-ICT-2009-5) under Grant Agreement No. 257644 (MAnagement of Security information and events in Service Infrastructures, MASSIF Project).

PY - 2014/2/1

Y1 - 2014/2/1

N2 - Attacks against information systems have grown in sophistication and complexity, making the detection and reaction process a challenging task for security administrators. In reaction to these attacks, the definition of security policies is an effective way to protect information systems from further damages, but it requires a great expertise and knowledge. If stronger security policies can constitute powerful countermeasures, inappropriate policies, on the other hand, may result in disastrous consequences for the organization. The implementation of stronger security policies requires in many cases the evaluation and analysis of multiple countermeasures. Current research promotes the implementation of multiple countermeasures as a strategy to react over complex attacks; however, the methodology is either hardly explained or very complicated to implement. This paper introduces a well-structured approach to evaluate and select optimal countermeasures based on the return on response investment (RORI) index. An implementation of a real case study is provided at the end of the document to show the applicability of the model over a mobile money transfer service. The service, security policies and countermeasures are expressed using the OrBAC formalism.

AB - Attacks against information systems have grown in sophistication and complexity, making the detection and reaction process a challenging task for security administrators. In reaction to these attacks, the definition of security policies is an effective way to protect information systems from further damages, but it requires a great expertise and knowledge. If stronger security policies can constitute powerful countermeasures, inappropriate policies, on the other hand, may result in disastrous consequences for the organization. The implementation of stronger security policies requires in many cases the evaluation and analysis of multiple countermeasures. Current research promotes the implementation of multiple countermeasures as a strategy to react over complex attacks; however, the methodology is either hardly explained or very complicated to implement. This paper introduces a well-structured approach to evaluate and select optimal countermeasures based on the return on response investment (RORI) index. An implementation of a real case study is provided at the end of the document to show the applicability of the model over a mobile money transfer service. The service, security policies and countermeasures are expressed using the OrBAC formalism.

KW - Combination approach

KW - Countermeasure selection

KW - Impact analysis

KW - OrBAC model

KW - RORI index

KW - Risk mitigation

KW - Surface coverage

U2 - 10.1007/s10207-013-0207-8

DO - 10.1007/s10207-013-0207-8

M3 - Article

AN - SCOPUS:84893668116

SN - 1615-5262

VL - 13

SP - 63

EP - 79

JO - International Journal of Information Security

JF - International Journal of Information Security

IS - 1

ER -

RORI-based countermeasure selection using the OrBAC formalism

Abstract

Keywords

Access to Document

Fingerprint

Cite this