Abstract
In this paper, the RISKEE method for evaluating risk in cyber security is described. RISKEE is based on attack graphs and the Diamond model combined with the FAIR method for assessing and calculating risk. It can be used to determine the risks of cyber-security attacks as a basis for decision-making. It works by forwarding estimations of attack frequencies and probabilities over an attack graph, calculating the risk at impact nodes with Monte-Carlo simulation, and propagating the resulting risk backward again. The method can be applied throughout all development phases and even be refined at runtime of a system. It involves system analysts, cyber security experts as well as domain experts for judgement of the attack frequencies, system vulnerabilities, and loss magnitudes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Vulnerability can also be judged indirectly in form of resistance strength and threat capability. These two estimations are subtracted by RISKEE to get the percentage of cases where an attack would be successful.
- 2.
Probability-Proportional-Size-Sampling; A stratified sampling strategy.
References
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, p. 217. ACM Press, Washington, DC (2002). https://doi.org/10.1145/586110.586140
Braband, J.: Risk assessment: as simple as possible (and no simpler). In: 1st IET International Conference on System Safety, vol. 2006, pp. 285–300. IEE, London (2006). https://doi.org/10.1049/cp:20060229
Braband, J.: Definition and analysis of a new risk priority number concept. In: Spitzer, C., Schmocker, U., Dang, V.N. (eds.) Probabilistic Safety Assessment and Management, pp. 2006–2011. Springer, London (2004). https://doi.org/10.1007/978-0-85729-410-4_322
Caltagirone, S., Pendergast, A., Betz, C.: The diamond model of intrusion analysis. Technical report. Center for Cyber Intelligence Analysis and Threat Research (2013)
Clemen, R.T., Winkler, R.L.: Combining probability distributions from experts in risk analysis. Risk Anal. 19(2), 187–203 (1999)
Cox, A.L.: What’s wrong with risk matrices? Risk Anal. 28(2), 497–512 (2008). https://doi.org/10.1111/j.1539-6924.2008.01030.x
Cox, A.L., Babayev, D., Huber, W.: Some limitations of qualitative risk rating systems. Risk Anal. 25(3), 651–662 (2005)
Cox, A.L., Popken, D.A.: Some limitations of aggregate exposure metrics. Risk Anal. 27(2), 439–445 (2007)
Dobaj, J., Schmittner, C., Krisper, M., Macher, G.: Towards quantitative integrated security and safety risk assessment. In: Proceedings of the DECSOS Workshop for SAFECOMP 2019 Conference on Computer Safety, Reliability, and Security, p. 14 (2018)
Ferrell, W.R.: Combining individual judgments. In: Wright, G. (ed.) Behavioral Decision Making, pp. 111–145. Springer, Boston (1985). https://doi.org/10.1007/978-1-4613-2391-4_6
Franklin, B.D., Shebl, N.A., Barber, N.: Failure mode and effects analysis: too little for too much? BMJ Qual. Saf. 21(7), 607–611 (2012). https://doi.org/10.1136/bmjqs-2011-000723
Freund, J.: Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, Oxford (2015)
Huang, M.S.: An approach for improvement of risk priority number in FMEA. DEStech Transactions on Computer Science and Engineering (itme), April 2017. https://doi.org/10.12783/dtcse/itme2017/8010
Hubbard, D.W.: The Failure of Risk Management: Why It’s Broken and How to Fix It. Wiley, Hoboken (2009). oCLC: ocn268790760
IEC: IEC 60812: Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA) (2006)
ISO: ISO 26262 Road vehicles - Functional safety (2011)
Krisper, M., Dobaj, J., Macher, G.: Pitfalls, fallacies, and other problems in risk matrices using ordinal scales. Currently Under Review, p. 11 (2019, Submitted)
Macher, G., et al.: Integration of security in the development lifecycle of dependable automotive CPS (2017)
Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design, Automation & Test in Europe Conference & Exhibition (2015)
Messnarz, R., Sporer, H.: Functional safety case with FTA and FMEDA consistency approach. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 387–397. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_32
Metropolis, N., Ulam, S.: The Monte Carlo method. J. Am. Stat. Assoc. 44(247), 335–341 (1949). https://doi.org/10.1080/01621459.1949.10483310
Microsoft Corporation: Threat Modeling Tool. https://docs.microsoft.com/en-us/azure/security/azure-security-threat-modeling-tool-threats
Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61–74 (2012). https://doi.org/10.1109/TDSC.2011.34
RiskAMP: The beta-PERT Distribution—RiskAMP (2010). https://www.riskamp.com/beta-pert
Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10506-2_21
Schneier, B.: Attack trees - modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999). http://www.schneier.com/attacktrees.pdf
Sellappan, N., Palanikumar, K.: Modified prioritization methodology for risk priority number in failure mode and effects. Analysis 3(4), 10 (2013)
Stevens, S.S.: On the Theory of Scales of Measurement (1946)
Stone, M.: The opinion pool. In: Annals of Mathematical Statistics (1961)
The Open Group: FAIR - ISO/IEC 27005 cookbook (c103) (2010)
The Open Group: Risk Analysis (O-RA), October 2013. https://publications.opengroup.org/c13g
The Open Group: Risk Taxonomy (O-RT) 2.0, October 2013. https://publications.opengroup.org/c13k
Thomas, P., Bratvold, R.B., Bickel, E.: The risk of using risk matrices. In: SPE Annual Technical Conference and Exhibition. Society of Petroleum Engineers, New Orleans, Louisiana, USA (2013). https://doi.org/10.2118/166269-MS
Tidwell, T., Larson, R., Fitch, K., Hale, J.: Modeling internet attacks. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (2001)
Vesely, W.E., Goldberg, F.F., Roberts, N.H., Haasl, D.F.: Fault Tree Handbook (NUREG-0492). U.S. Nuclear Regulatory Commission (1981)
Vose, D.: Risk Analysis: A Quantitative Guide, 3rd edn. Wiley, Hoboken (2008)
Xing, L., Amari, S.V.: Fault tree analysis. In: Misra, K.B. (ed.) Handbook of Performability Engineering, pp. 595–620. Springer, London (2008). https://doi.org/10.1007/978-1-84800-131-2_38
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Krisper, M., Dobaj, J., Macher, G., Schmittner, C. (2019). RISKEE: A Risk-Tree Based Method for Assessing Risk in Cyber Security. In: Walker, A., O'Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2019. Communications in Computer and Information Science, vol 1060. Springer, Cham. https://doi.org/10.1007/978-3-030-28005-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-28005-5_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-28004-8
Online ISBN: 978-3-030-28005-5
eBook Packages: Computer ScienceComputer Science (R0)