Trust Based Interdependency Weighting for On-Line Risk Monitoring in Interdependent Critical Infrastructures

Trust Based Interdependency Weighting for On-Line Risk Monitoring in Interdependent Critical Infrastructures

Filipe Caldeira (CISUC - DEI, University of Coimbra, Coimbra, Portugal & Polytechnic Institute of Viseu, Viseu, Portugal), Thomas Schaberreiter (Centre de Recherche Public Henri Tudor, Luxembourg & Computer Science and Communications Research Unit (CSC), University of Luxembourg, Luxembourg), Sébastien Varrette (Computer Science and Communications Research Unit (CSC), University of Luxembourg, Luxembourg), Edmundo Monteiro (CISUC - DEI, University of Coimbra, Coimbra, Portugal), Paulo Simões (CISUC - DEI, University of Coimbra, Coimbra, Portugal), Pascal Bouvry (Computer Science and Communications Research Unit (CSC), University of Luxembourg, Luxembourg) and Djamel Khadraoui (Centre de Recherche Public Henri Tudor, Luxembourg)
Copyright: © 2013 |Pages: 23
DOI: 10.4018/ijsse.2013100103

Abstract

Critical infrastructure (CI) services are constantly consumed by the society and are not expected to fail. A common definition states that CIs are so vital to our society that a disruption would have a severe impact on both the society and the economy. CI sectors include, amongst others, electricity, telecommunication and transport. CIs can be mutually dependent on each others services and a failure in one of these elements can cascade to another (inter)dependent CI. CI security modelling was introduced in previous work to enable on-line risk monitoring in CIs that depend on each other by exchanging risk alerts expressed in terms of a breach of Confidentiality, a breach of Integrity and degrading Availability (C,I,A). While generally providing a solid basis for risk monitoring, there is no way of evaluating if a risk alert received from an external CI is accurate. In this paper the authors propose a solution to this problem by adding a trust based component to the CI security model in order to improve its accuracy and resilience to inconsistent or inaccurate risk alerts provided by (inter)dependent CIs, allowing to evaluate the correctness of the received alerts. The proposed approach is validated on a realistic scenario by evaluating a dependency between the computing and the telecommunication sectors in the context of the Grid'5000 platform.
Article Preview

Related work is split in two groups: Related work in the field of CIs (CI dependencies, CI models and CI risk models) and related work in the field of trust and reputation management. To the best of our knowledge, it was never attempted to combine trust models and CI models before.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 9: 4 Issues (2018): Forthcoming, Available for Pre-Order
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing