The advent of cloud computing and Internet of Things (IoT) has deeply changed the design and operation of IT systems, affecting mature concepts like trust, security, and privacy. The benefits in terms of new services and applications come at a price of new fundamental risks, and the need of adapting risk management frameworks to properly understand and address them. While research on risk management is an established practice that dates back to the 90s, many of the existing frameworks do not even come close to address the intrinsic complexity and heterogeneity of modern systems. They rather target static environments and monolithic systems thus undermining their usefulness in real-world use cases. In this paper, we present an assurance-based risk management framework that addresses the requirements of risk management in modern distributed systems. The proposed framework implements a risk management process integrated with assurance techniques. Assurance techniques monitor the correct behavior of the target system, that is, the correct working of the mechanisms implemented by the organization to mitigate the risk. Flow networks compute risk mitigation and retrieve the residual risk for the organization. The performance and quality of the framework are evaluated in a simulated industry 4.0 scenario.

An Assurance-Based Risk Management Framework for Distributed Systems / M. Anisetti, C.A. Ardagna, N. Bena, A. Foppiani - In: 2021 IEEE International Conference on Web Services (ICWS)[s.l] : IEEE, 2021. - ISBN 978-1-6654-1681-8. - pp. 482-492 (( convegno ICWS tenutosi a Chicago nel 2021 [10.1109/ICWS53863.2021.00068].

An Assurance-Based Risk Management Framework for Distributed Systems

M. Anisetti
Primo
;
C.A. Ardagna
Secondo
;
N. Bena;
2021

Abstract

The advent of cloud computing and Internet of Things (IoT) has deeply changed the design and operation of IT systems, affecting mature concepts like trust, security, and privacy. The benefits in terms of new services and applications come at a price of new fundamental risks, and the need of adapting risk management frameworks to properly understand and address them. While research on risk management is an established practice that dates back to the 90s, many of the existing frameworks do not even come close to address the intrinsic complexity and heterogeneity of modern systems. They rather target static environments and monolithic systems thus undermining their usefulness in real-world use cases. In this paper, we present an assurance-based risk management framework that addresses the requirements of risk management in modern distributed systems. The proposed framework implements a risk management process integrated with assurance techniques. Assurance techniques monitor the correct behavior of the target system, that is, the correct working of the mechanisms implemented by the organization to mitigate the risk. Flow networks compute risk mitigation and retrieve the residual risk for the organization. The performance and quality of the framework are evaluated in a simulated industry 4.0 scenario.
Assurance; Network Flows; Risk Management; Security; Testing
Settore INF/01 - Informatica
H20_RIA19EDAMI_01 - Cyber security cOmpeteNce fOr Research anD Innovation (CONCORDIA) - DAMIANI, ERNESTO - H20_RIA - Horizon 2020_Research & Innovation Action/Innovation Action - 2019
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
AABF.ICWS2021.pdf

accesso aperto

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 340.85 kB
Formato Adobe PDF
340.85 kB Adobe PDF Visualizza/Apri
An_Assurance-Based_Risk_Management_Framework_for_Distributed_Systems.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 379.17 kB
Formato Adobe PDF
379.17 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/2434/905218
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact