Skip to main content
SpringerLink
Log in

Towards the Definition of a Security Incident Response Modelling Language

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11033))

Included in the following conference series:

Abstract

This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Antoniol, G., Canfora, G., Casazza, G., De Lucia, A., Merlo, E.: Recovering traceability links between code and documentation. IEEE Trans. Softw. Eng. 28(10), 970–983 (2002)

    Article  Google Scholar 

  2. Bareiss, P., Schutz, D., Priego, R., Marcos, M., Vogel-Heuser, B.: A model-based failure recovery approach for automated production systems combining SysML and industrial standards, pp. 1–7. IEEE, September 2016

    Google Scholar 

  3. Chen, P., Scown, C., Matthews, H.S., Garrett, J.H., Hendrickson, C.: Managing critical infrastructure interdependence through economic input-output methods. J. Infrastruct. Syst. 15(3), 200–210 (2009)

    Article  Google Scholar 

  4. Compagna, L., El Khoury, P., Krausov, A., Massacci, F., Zannone, N.: How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artif. Intell. Law 17(1), 1–30 (2009)

    Article  Google Scholar 

  5. Crane, S., Larsen, P., Brunthaler, S., Franz, M.: Booby trapping software, pp. 95–106. ACM Press (2013)

    Google Scholar 

  6. Filipov, D., Roth, A., Nakashima, E.: Companies struggle to recover after massive cyberattack with ransom demands. The Washington Post, June 2017

    Google Scholar 

  7. Firesmith, D.G.: Engineering safety and security related requirements for software intensive systems, p. 169. IEEE, May 2007

    Google Scholar 

  8. Fox-Brewster, T.: Medical Devices Hit by Ransomware for the First Time in US Hospitals. Forbes, May 2017

    Google Scholar 

  9. Harel, D.: On visual formalisms. Commun. ACM 31(5), 514–530 (1988)

    Article  MathSciNet  Google Scholar 

  10. Henley, J., Solon, O.: ‘Petya’ ransomware attack strikes companies across Europe and US. The Guardian, June 2017

    Google Scholar 

  11. Matulevicius, R., Mouratidis, H., Mayer, N., Dubois, E., Heymans, P.: Syntactic and semantic extensions to secure tropos to support security risk management. J. Univers. Comput. Sci. 18(6), 816–844 (2012)

    Google Scholar 

  12. Mead, N.R.: Requirements engineering for survivable systems. Technical report CMU/SEI-2003-TN-013, Carnegie Mellon University, September 2003

    Google Scholar 

  13. Mead, N.R., Stehney, T.: Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Softw. Eng. Notes 30(4), 1 (2005)

    Article  Google Scholar 

  14. Mellado, D., Fernndez-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stand. Interfaces 29(2), 244–253 (2007)

    Article  Google Scholar 

  15. MITRE. Adversarial Tactics, Techniques & Common Knowledge. https://attack.mitre.org/wiki/Main_page. Accessed 30 May 2018

  16. Mohurle, S., Patil, M.: A brief study of WannaCry threat: ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5), 1938–1940 (2017)

    Google Scholar 

  17. Moody, D.: The physics of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35(6), 756–779 (2009)

    Article  Google Scholar 

  18. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007)

    Article  Google Scholar 

  19. OASIS. Structured Threat Information Expression. https://oasis-open.github.io/cti-documentation/stix/intro. Accessed 30 May 2018

  20. National Audit Office. Investigation: WannaCry cyber attack and the NHS. Department of Health Report HC414, National Audit Office, October 2017

    Google Scholar 

  21. Othman, S.H., Beydoun, G.: A disaster management metamodel (DMM) validated. In: Kang, B.-H., Richards, D. (eds.) PKAW 2010. LNCS (LNAI), vol. 6232, pp. 111–125. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15037-1_11

    Chapter  Google Scholar 

  22. Recker, J., Indulska, M., Rosemann, M., Green, P.: Business process modeling - a comparative analysis. J. Assoc. Inf. Syst. 10(4), 333–363 (2009)

    Google Scholar 

  23. Homeland Security. Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. Technical report, Department of Homeland Security (DHS) National Cybersecurity, Communications Integration Center (NCCIC) and Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), September 2016

    Google Scholar 

  24. Sindre, G., Firesmith, D.G., Opdahl, A.L.: A reuse-based approach to determining security requirements. Requir. Eng. 10, 34–44 (2004)

    Article  Google Scholar 

  25. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)

    Article  Google Scholar 

  26. Hwang, S., Kesselman, C.: Grid workflow: a flexible failure handling framework for the grid, pp. 126–137. IEEE Computer Society (2003)

    Google Scholar 

  27. Winkler, S., von Pilgrim, J.: A survey of traceability in requirements engineering and model-driven development. Softw. Syst. Model. 9(4), 529–565 (2010)

    Article  Google Scholar 

  28. Yu, E., Liu, L., Mylopoulos, J.: A social ontology for integrating security and software engineering. In: Integrating Security and Software Engineering: Advances and Future Visions, pp. 70–106 (2007)

    Google Scholar 

  29. Zhu, Z., Sivakumar, K., Parasuraman, A.: A mathematical model of service failure and recovery strategies. Decis. Sci. 35(3), 493–525 (2004)

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to thank the Engineering and Physical Sciences Research Council (EPSRC) for their support.

Author information

Authors and Affiliations

  1. Centre for Secure, Intelligent and Usable Systems, University of Brighton, Brighton, UK

    Myrsini Athinaiou, Haralambos Mouratidis, Theo Fotis & Michalis Pavlidis

  2. Surrey Centre for Cyber Security, University of Surrey, Guildford, UK

    Emmanouil Panaousis

Authors
  1. Myrsini Athinaiou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Theo Fotis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michalis Pavlidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Emmanouil Panaousis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Myrsini Athinaiou , Haralambos Mouratidis , Theo Fotis , Michalis Pavlidis or Emmanouil Panaousis .

Editor information

Editors and Affiliations

  1. University of Plymouth, Plymouth, United Kingdom

    Steven Furnell

  2. University of Brighton, Brighton, United Kingdom

    Haralambos Mouratidis

  3. Universität Regensburg, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Athinaiou, M., Mouratidis, H., Fotis, T., Pavlidis, M., Panaousis, E. (2018). Towards the Definition of a Security Incident Response Modelling Language. In: Furnell, S., Mouratidis, H., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2018. Lecture Notes in Computer Science(), vol 11033. Springer, Cham. https://doi.org/10.1007/978-3-319-98385-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98385-1_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98384-4

  • Online ISBN: 978-3-319-98385-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation