Litcius/Paper detail

ARES: Automated Risk Estimation in Smart Sensor Environments

Athanasios Dimitriadis, José Luis Flores, Boonserm Kulvatunyou, Nenad Ivezic, Ioannis Mavridis

2020Sensors17 citationsDOIOpen Access PDF

Abstract

Industry 4.0 adoption demands integrability, interoperability, composability, and security. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based standards, ontology, business process model life cycle management and the context of business processes. Security is addressed by conducting risk management as a first step. Nevertheless, security risks are very much influenced by the assets that the business processes are supported. To this end, this paper proposes an approach for automated risk estimation in smart sensor environments, called ARES, which integrates with the business process model life cycle management. To do so, ARES utilizes standards for platform, vulnerability, weakness, and attack pattern enumeration in conjunction with a well-known vulnerability scoring system. The applicability of ARES is demonstrated with an application example that concerns a typical case of a microSCADA controller and a prototype tool called Business Process Cataloging and Classification System. Moreover, a computer-aided procedure for mapping attack patterns-to-platforms is proposed, and evaluation results are discussed revealing few limitations.

Topics & Concepts

Computer scienceInteroperabilityBusiness processOntologyRisk managementSoftware engineeringProcess managementContext (archaeology)Business process modelingVulnerability (computing)Risk analysis (engineering)ComposabilitySystems engineeringComputer securityEngineeringWork in processWorld Wide WebDistributed computingManagementEconomicsPaleontologyEpistemologyPhilosophyOperations managementMedicineBiologyDigital Transformation in IndustryInformation and Cyber SecurityBig Data and Business Intelligence