lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security Risk Analysis of Multi-Stage Attacks Based on Data Criticality
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). (PROSSES;ERES)ORCID iD: 0000-0002-5057-2790
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). (prosses)
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM). (PROSSES;ERES)ORCID iD: 0000-0002-0377-5595
Outpost24, Sweden.
2021 (English)In: The 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021), June 3th, 2021, IEEE, 2021, p. 13-20Conference paper, Published paper (Refereed)
Abstract [en]

In recent years, it has become more challenging for organizations to assess the security risks of their assets properly, as more vulnerabilities are discovered, exploited, and weaponized. Further, attackers usually use complex multi-stage attack strategies to compromise a system and achieve their goals by exploiting several vulnerabilities.The number of affected assets and the strategy used to create the compromises by the threat actor will often dictate the costs and damages to the organization.When performing risk analysis, in addition to existing vulnerabilities, it is important, but often neglected, to consider the criticality of the data residing in the vulnerable asset. However, graphical threat modeling techniques often do not offer suitable toolsfor this type of analysis.In this paper, we propose a class of security risk metrics to estimate the cost of an attack that considers the criticality of data in addition to the dependencies among vulnerabilities. Our metrics are based on graphical modeling techniques in which we incorporate data criticality. We applied our approach to a real-life case study and obtained promising results.

Place, publisher, year, edition, pages
IEEE, 2021. p. 13-20
Keywords [en]
Data Criticality, Security Analysis, Security Metrics, Graphical Threat Modeling
National Category
Computer Sciences
Research subject
Computer and Information Sciences Computer Science, Computer Science
Identifiers
URN: urn:nbn:se:lnu:diva-103734DOI: 10.1109/EnCyCriS52570.2021.00010ISI: 000863013000003Scopus ID: 2-s2.0-85113866854ISBN: 9781665445535 (electronic)ISBN: 9781665445542 (print)OAI: oai:DiVA.org:lnu-103734DiVA, id: diva2:1558304
Conference
The 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021), June 3th, 2021, Madrid
Available from: 2021-05-28 Created: 2021-05-28 Last updated: 2024-08-28Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Skandylas, CharilaosKhakpour, Narges

Search in DiVA

By author/editor
Skandylas, CharilaosKhakpour, Narges
By organisation
Department of computer science and media technology (CM)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 390 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf