The advent of cloud computing and Internet of Things (IoT) has deeply changed the design and operation of IT systems, affecting mature concepts like trust, security, and privacy. The benefits in terms of new services and applications come at a price of new fundamental risks, and the need of adapting risk management frameworks to properly understand and address them. While research on risk management is an established practice that dates back to the 90s, many of the existing frameworks do not even come close to address the intrinsic complexity and heterogeneity of modern systems. They rather target static environments and monolithic systems thus undermining their usefulness in real-world use cases. In this paper, we present an assurance-based risk management framework that addresses the requirements of risk management in modern distributed systems. The proposed framework implements a risk management process integrated with assurance techniques. Assurance techniques monitor the correct behavior of the target system, that is, the correct working of the mechanisms implemented by the organization to mitigate the risk. Flow networks compute risk mitigation and retrieve the residual risk for the organization. The performance and quality of the framework are evaluated in a simulated industry 4.0 scenario.
An Assurance-Based Risk Management Framework for Distributed Systems / M. Anisetti, C.A. Ardagna, N. Bena, A. Foppiani - In: 2021 IEEE International Conference on Web Services (ICWS)[s.l] : IEEE, 2021. - ISBN 978-1-6654-1681-8. - pp. 482-492 (( convegno ICWS tenutosi a Chicago nel 2021 [10.1109/ICWS53863.2021.00068].
An Assurance-Based Risk Management Framework for Distributed Systems
M. AnisettiPrimo
;C.A. ArdagnaSecondo
;N. Bena;
2021
Abstract
The advent of cloud computing and Internet of Things (IoT) has deeply changed the design and operation of IT systems, affecting mature concepts like trust, security, and privacy. The benefits in terms of new services and applications come at a price of new fundamental risks, and the need of adapting risk management frameworks to properly understand and address them. While research on risk management is an established practice that dates back to the 90s, many of the existing frameworks do not even come close to address the intrinsic complexity and heterogeneity of modern systems. They rather target static environments and monolithic systems thus undermining their usefulness in real-world use cases. In this paper, we present an assurance-based risk management framework that addresses the requirements of risk management in modern distributed systems. The proposed framework implements a risk management process integrated with assurance techniques. Assurance techniques monitor the correct behavior of the target system, that is, the correct working of the mechanisms implemented by the organization to mitigate the risk. Flow networks compute risk mitigation and retrieve the residual risk for the organization. The performance and quality of the framework are evaluated in a simulated industry 4.0 scenario.
| File | Dimensione | Formato | |
|---|---|---|---|
|
AABF.ICWS2021.pdf
accesso aperto
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
340.85 kB
Formato
Adobe PDF
|
340.85 kB | Adobe PDF | Visualizza/Apri |
|
An_Assurance-Based_Risk_Management_Framework_for_Distributed_Systems.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
379.17 kB
Formato
Adobe PDF
|
379.17 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
