On the Automated Management of Security Incidents in Smart Spaces

Files in This Item:
File Description SizeFormat 
paper.pdf59.21 MBAdobe PDFDownload
Title: On the Automated Management of Security Incidents in Smart Spaces
Authors: Alrimawi, FaeqPasquale, LilianaNuseibeh, Bashar
Permanent link: http://hdl.handle.net/10197/11550
Date: 9-Aug-2019
Online since: 2020-09-08T14:34:17Z
Abstract: The proliferation of smart spaces, such as smart buildings, is increasing opportunities for offenders to exploit the interplay between cyber and physical components, in order to trigger security incidents. Organizations are obliged to report security incidents to comply with recent data protection regulations. Organizations can also use incident reports to improve security of the smart spaces where they operate. Incident reporting is often documented in structured natural language. However, reports often do not capture relevant information about cyber and physical vulnerabilities present in a smart space that are exploited during an incident. Moreover, sharing information about security incidents can be difficult, or even impossible, since a report may contain sensitive information about an organization. In previous work, we provided a meta-model to represent security incidents in smart spaces. We also developed an automated approach to share incident knowledge across different organizations. In this paper we focus on incident reporting. We provide a System Editor to represent smart buildings where incidents can occur. Our editor allows us to represent cyber and physical components within a smart building and their interplay. We also propose an Incident Editor to represent the activities of an incident, including -for each activity- the target and the resources exploited, the location where the activity occurred, and the activity initiator. Building on our previous work, incidents represented using our editor can be shared across various organizations, and instantiated in different smart spaces to assess how they can re-occur. We also propose an Incident Filter component that allows viewing and prioritizing the most relevant incident instantiations, for example, involving a minimum number of activities. We assess the feasibility of our approach in assisting incident reporting using an example of a security incident that occurred in a research center.
Funding Details: European Commission Horizon 2020
European Research Council
Science Foundation Ireland
Type of material: Journal Article
Publisher: IEEE
Journal: IEEE Access
Volume: 7
Start page: 111513
End page: 111527
Copyright (published version): 2019 IEEE
Keywords: SecurityOrganizationsSmart buildingsHVACNatural languagesServers
DOI: 10.1109/access.2019.2934221
Language: en
Status of Item: Peer reviewed
Appears in Collections:Computer Science Research Collection

Show full item record

Page view(s)

checked on Sep 22, 2020


checked on Sep 22, 2020

Google ScholarTM



This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. For other possible restrictions on use please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.