×

Evaluation of cyber security and modelling of risk propagation with Petri nets. (English) Zbl 1423.68317

Summary: This article presents a new method of risk propagation among associated elements. On the basis of coloured Petri nets, a new class called propagation nets is defined. This class provides a formal model of a risk propagation. The proposed method allows for model relations between nodes forming the network structure. Additionally, it takes into account the bidirectional relations between components as well as relations between isomorphic, symmetrical components in various branches of the network. This method is agnostic in terms of use in various systems and it can be adapted to the propagation model of any systems’ characteristics; however, it is intentionally proposed to assess the risk of critical infrastructures. In this paper, as a proof of concept example, we show the formal model of risk propagation proposed within the project Cyberspace Security Threats Evaluation System of the Republic of Poland. In the article, the idea of the method is presented as well as its use case for evaluation of risk for cyber threats. With the adaptation of Petri nets, it is possible to evaluate the risk for the particular node and assess the impact of this risk for all related nodes including hierarchic relations of components as well as isomorphism of elements.

MSC:

68Q85 Models and methods for concurrent and distributed computing (process algebras, bisimulation, transition nets, etc.)

Software:

nuXmv; dot; NuSMV; CADP
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Piotrowski, R.; Śliwa, J.; Cyberspace Situational Awarness in National Security System; Proceedings of the International Conference on Military Communications and Information Systems (ICMCIS): ; ,1-6.
[2] ; ISO/IEC Information Technology. Security Techniques. Information Security Risk management, ISO/IEC 27005:2011: Geneva, Switzerland 2011; .
[3] Ross, R.; ; Guide for Conducting Risk Assessments: Gaithersburg, MA, USA 2011; .
[4] Sun, L.; Srivastava, R.; Mock, T.; An Information Systems Security Risk Assessment Model Under the Dempster-Shafer Theory of Belief Functions; J. Manag. Inf. Syst.: 2006; Volume 22 ,109-142.
[5] Yi, T.; Lei, Y.; Chen, H.P.; Siamak, T.; Kang, F.; Statistical and Probabilistic Approach in Monitoring-Based Structure Rating and Risk Assessment; Math. Probl. Eng.: 2014; Volume 2014 ,761341.
[6] Vrabel, R.; Abas, M.; Tanuska, P.; Vazan, P.; Kebisek, M.; Elias, M.; Sutova, Z.; Pavliak, D.; Mathematical Approach to Security Risk Assessment; Math. Probl. Eng.: 2015; Volume 2015 ,417597.
[7] Cui, F.; Zhang, L.; Yu, C.; Hu, S.; Zhang, Y.; Estimation of the Disease Burden Attributable to 11 Risk Factors in Hubei Province, China: A Comparative Risk Assessment; Int. J. Environ. Res. Public Health: 2016; Volume 13 .
[8] He, Y.; Peng, S.; Xiong, W.; Xu, Y.; Liu, J.; Association between Polymorphism of Interleukin-1beta and Interleukin-1 Receptor Antagonist Gene and Asthma Risk: A Meta-Analysis; Sci. World J.: 2015; Volume 2015 ,685684.
[9] Farooq, A.; Naveed, A.; Azeem, Z.; Ahmad, T.; Breast and Ovarian Cancer Risk due to Prevalence of BRCA1 and BRCA2 Variants in Pakistani Population: A Pakistani Database Report; J. Oncol.: 2011; Volume 2011 ,632870.
[10] Quan, G.; Performance and Risk Assessment of Soil-Structure Interaction Systems Based on Finite Element Reliability Methods; Math. Probl. Eng.: 2014; Volume 2014 ,704804.
[11] Serra-Llobet, A.; Conrad, E.; Schaefer, K.; Governing for Integrated Water and Flood Risk Management: Comparing Top-Down and Bottom-Up Approaches in Spain and California; Water: 2016; Volume 8 .
[12] Szpyrka, M.; Jasiul, B.; Wrona, K.; Dziedzic, F.; Telecommunications Networks Risk Assessment with Bayesian Networks; Computer Information Systems and Industrial Management, Proceedings of the 12th IFIP TC8 International Conference CISIM 2013, Krakow, Poland, 25-27 September 2013: Berlin, Germany 2013; Volume Volume 8104 ,277-288.
[13] Garrido, A.; Essential Graphs and Bayesian Networks; Proceedings of the First International Conference on Complexity and Intelligence of the Artificial and Natural Complex Systems, Medical Applications of the Complex Systems, Biomedical Computing (CANS’08): Piscataway, NJ, USA 2008; ,149-156.
[14] Schneier, B.; Attack Trees; Dr Dobb’s J.: 1999; Volume 24 ,21-29.
[15] Szwed, P.; Skrzynski, P.; Chmiel, W.; Risk assessment for a video surveillance system based on Fuzzy Cognitive Maps; Multimed. Tools Appl.: 2016; Volume 75 ,10667-10690.
[16] Henry, M.H.; Layer, R.M.; Snow, K.Z.; Zaret, D.R.; Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations; Proceedings of the 2009 IEEE Conference on Technologies for Homeland Security: ; ,607-614.
[17] Jensen, K.; Kristensen, L.; ; Coloured Petri Nets. Modelling and Validation of Concurrent Systems: Heidelberg, Germany 2009; . · Zbl 1215.68153
[18] Jasiul, B.; Szpyrka, M.; Śliwa, J.; Detection and Modeling of Cyber Attacks with Petri Nets; Entropy: 2014; Volume 16 ,6602-6623.
[19] Szpyrka, M.; Analysis of RTCP-nets with Reachability Graphs; Fundam. Inform.: 2006; Volume 74 ,375-390. · Zbl 1106.68076
[20] Baier, C.; Katoen, J.P.; ; Principles of Model Checking: London, UK 2008; . · Zbl 1179.68076
[21] O’Sullivan, B.; Goerzen, J.; Stewart, D.; ; Real World Haskell: Sebastopol, CA, USA 2008; .
[22] Gansner, E.; Koutsofios, E.; North, S.; Drawing Graphs with Dot; ; . · Zbl 1054.68583
[23] Cavada, R.; Cimatti, A.; Dorigatti, M.; Griggio, A.; Mariotti, A.; Micheli, A.; Mover, S.; Roveri, M.; Tonetta, S.; The nuXmv Symbolic Model Checker; Computer Aided Verification: Berlin, Germany 2014; Volume Volume 8559 ,334-342.
[24] Clarke, E.; Grumberg, O.; Peled, D.; ; Model Checking: Cambridge, MA, USA 1999; . · Zbl 0847.68063
[25] Emerson, E.; Temporal and modal logic; Handbook of Theoretical Computer Science: Amsterdam, the Netherlands 1990; Volume Volume B ,995-1072. · Zbl 0900.03030
[26] Cimatti, A.; Clarke, E.; Giunchiglia, F.; Roveri, M.; NUSMV: A new symbolic model checker; Int. J. Softw. Tools Technol. Transf.: 2000; Volume 2 ,410-425. · Zbl 1059.68582
[27] Kripke, S.; A semantical analysis of modal logic I: Normal modal propositional calculi; Z. Math. Logik und Grundlagen der Math.: 1963; Volume 9 ,67-96. · Zbl 0118.01305
[28] Szpyrka, M.; Biernacki, J.; Biernacka, A.; Tools and methods for RTCP-nets modelling and verification; Arch. Control Sci.: 2016; Volume 26 ,339-365. · Zbl 1456.68120
[29] Garavel, H.; Lang, F.; Mateescu, R.; Serwe, W.; CADP 2006: A Toolbox for the Construction and Analysis of Distributed Processes; Computer Aided Verification: Berlin, Germany 2007; Volume Volume 4590 ,158-163. · Zbl 1316.68074
[30] Emerson, E.; ; Model checking and the Mu-Calculus: Providence, RI, USA 1997; ,185-214. · Zbl 0877.03020
[31] Mateescu, R.; Sighireanu, M.; ; Efficient On-the-Fly Model-Checking for Regular Alternation-Free μ-Calculus: Rocquencourt, France 2000; . · Zbl 1026.68098
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.