research-article

On the role of primary and secondary assets in adaptive security: an application in smart grids

Authors:

Bashar NuseibehAuthors Info & Claims

SEAMS '12: Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems

Pages 165 - 170

Published: 04 June 2012 Publication History

Get Access

Abstract

Adaptive security aims to protect valuable assets managed by a system, by applying a varying set of security controls. Engineering adaptive security is not an easy task. A set of effective security countermeasures should be identified. These countermeasures should not only be applied to (primary) assets that customers desire to protect, but also to other (secondary) assets that can be exploited by attackers to harm the primary assets. Another challenge arises when assets vary dynamically at runtime. To accommodate these variabilities, it is necessary to monitor changes in assets, and apply the most appropriate countermeasures at runtime. The paper provides three main contributions for engineering adaptive security. First, it proposes a modeling notation to represent primary and secondary assets, along with their variability. Second, it describes how to use the extended models in engineering security requirements and designing required monitoring functions. Third, the paper illustrates our approach through a set of adaptive security scenarios in the customer domain of a smart grid. We suggest that modeling secondary assets aids the deployment of countermeasures, and, in combination with a representation of assets variability, facilitates the design of monitoring functions.

References

[1]

M. Salehie, L. Pasquale, I. Omoronyia, R. Ali, and B. Nuseibeh, "Requirements-Driven Adaptive Security: Protecting Variable Assets At Runtime," Lero- Irish Software Eng. Research Centre, Tech. Rep. Lero-TR-2012-01, 2012.

Google Scholar

[2]

"Smart Grids European Technology Platform," http://www.smartgrids.eu/.

Google Scholar

[3]

G. Kiczales et al., "Aspect-Oriented Programming," in Proceedings of the 11th European Conference on Object-Oriented Programming, 1997, pp. 220--242.

Google Scholar

[4]

"The AspectJ Project," http://www.eclipse.org/aspectj/.

Google Scholar

[5]

H. Debar, M. Dacier, and A. Wespi, "A revised taxonomy for intrusion-detection systems," Annals of Telecommunications, vol. 55, no. 7, pp. 361--378, 2000.

Google Scholar

[6]

K. Julisch, "Clustering intrusion detection alarms to support root cause analysis," ACM Transactions on Information and System Security, vol. 6, no. 4, pp. 443--471, 2003.

Digital Library

Google Scholar

[7]

Atighetchi et al., "Adaptive cyberdefense for survival and intrusion tolerance," Internet Computing, IEEE, vol. 8, no. 6, pp. 25--33, 2004.

Digital Library

Google Scholar

[8]

J. Weise, "Desiging an adaptive security architecture," 2008, wikis.sun.com/download/attachments/57526796/820-6825.pdf.

Google Scholar

Cited By

View all

Salehie MPasquale LOmoronyia INuseibeh B(2012)Adaptive security and privacy in smart gridsProceedings of the First International Workshop on Software Engineering Challenges for the Smart Grid10.5555/2666759.2666769(46-49)Online publication date: 3-Jun-2012
https://dl.acm.org/doi/10.5555/2666759.2666769

Recommendations

Adaptive security and privacy in smart grids: a software engineering vision
SE4SG '12: Proceedings of the First International Workshop on Software Engineering Challenges for the Smart Grid

Despite the benefits offered by smart grids, energy producers, distributors and consumers are increasingly concerned about possible security and privacy threats. These threats typically manifest themselves at runtime as new usage scenarios arise and ...
Metrics-driven security objective decomposition for an e-health application with adaptive security management
ASPI '13: Proceedings of the International Workshop on Adaptive Security

Emerging E-health applications utilizing IoT (Internet of Things) solutions should be sufficiently secure and robust. Adaptive security management techniques enable maintenance of sufficient security level during changing context, threats and usage ...
Applicability of security metrics for adaptive security management in a universal banking hub system
ECSA '10: Proceedings of the Fourth European Conference on Software Architecture: Companion Volume

Banking applications require a high standard of security, resilience and adaptation. The results presented here were obtained from a case study of the deployment of the security metrics-driven adaptive security solutions of a distributed middleware in ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SEAMS '12: Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems

June 2012

79 pages

ISBN:9781467317870

General Chair:
Hausi A. Müller
University of Victoria, Canada
,
Program Chair:
Luciano Baresi
Politecnico di Milano, Italy

Publisher

IEEE Press

Publication History

Published: 04 June 2012

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '12

Sponsor:

SIGSOFT
University of Zurich

ICSE '12: 34th International Conference on Software Engineering

June 4 - 5, 2012

Zurich, Switzerland

Acceptance Rates

Overall Acceptance Rate 17 of 31 submissions, 55%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
68
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Salehie MPasquale LOmoronyia INuseibeh B(2012)Adaptive security and privacy in smart gridsProceedings of the First International Workshop on Software Engineering Challenges for the Smart Grid10.5555/2666759.2666769(46-49)Online publication date: 3-Jun-2012
https://dl.acm.org/doi/10.5555/2666759.2666769

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Adaptive security and privacy in smart grids: a software engineering vision

Metrics-driven security objective decomposition for an e-health application with adaptive security management

Applicability of security metrics for adaptive security management in a universal banking hub system