On the Automated Management of Security Incidents in Smart Spaces
|Title:||On the Automated Management of Security Incidents in Smart Spaces||Authors:||Alrimawi, Faeq; Pasquale, Liliana; Nuseibeh, Bashar||Permanent link:||http://hdl.handle.net/10197/11550||Date:||9-Aug-2019||Online since:||2020-09-08T14:34:17Z||Abstract:||The proliferation of smart spaces, such as smart buildings, is increasing opportunities for offenders to exploit the interplay between cyber and physical components, in order to trigger security incidents. Organizations are obliged to report security incidents to comply with recent data protection regulations. Organizations can also use incident reports to improve security of the smart spaces where they operate. Incident reporting is often documented in structured natural language. However, reports often do not capture relevant information about cyber and physical vulnerabilities present in a smart space that are exploited during an incident. Moreover, sharing information about security incidents can be difficult, or even impossible, since a report may contain sensitive information about an organization. In previous work, we provided a meta-model to represent security incidents in smart spaces. We also developed an automated approach to share incident knowledge across different organizations. In this paper we focus on incident reporting. We provide a System Editor to represent smart buildings where incidents can occur. Our editor allows us to represent cyber and physical components within a smart building and their interplay. We also propose an Incident Editor to represent the activities of an incident, including -for each activity- the target and the resources exploited, the location where the activity occurred, and the activity initiator. Building on our previous work, incidents represented using our editor can be shared across various organizations, and instantiated in different smart spaces to assess how they can re-occur. We also propose an Incident Filter component that allows viewing and prioritizing the most relevant incident instantiations, for example, involving a minimum number of activities. We assess the feasibility of our approach in assisting incident reporting using an example of a security incident that occurred in a research center.||Funding Details:||European Commission Horizon 2020
European Research Council
Science Foundation Ireland
|Type of material:||Journal Article||Publisher:||IEEE||Journal:||IEEE Access||Volume:||7||Start page:||111513||End page:||111527||Copyright (published version):||2019 IEEE||Keywords:||Security; Organizations; Smart buildings; HVAC; Natural languages; Servers||DOI:||10.1109/access.2019.2934221||Language:||en||Status of Item:||Peer reviewed|
|Appears in Collections:||Computer Science Research Collection|
Show full item record
This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. For other possible restrictions on use please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.