Towards a Security Impact Analysis Framework: A Risk- based and MITRE Attack Approach - IRT SystemX Accéder directement au contenu
Communication Dans Un Congrès Année : 2022

Towards a Security Impact Analysis Framework: A Risk- based and MITRE Attack Approach

Abdelhadi Belfadel
Martin Boyer
  • Fonction : Auteur
  • PersonId : 1118945
Jerome Letailleur
  • Fonction : Auteur
Yohann Petiot
  • Fonction : Auteur
Mohamed Reda Yaich

Résumé

Cyber security assessment aims at determining the cybersecurity state of an assessed asset to check how effectively the asset fulfills specific security objectives. We are confronted with a lack of an integrated framework coupling a top-down approach such as a risk-based analysis of information systems, with a bottom-up approach such as MITRE Attack to map and understand the details of the actions taken by the attackers to evaluate a defensive coverage throughout the development life cycle. We depict in this ongoing work the description of a Security Impact Analysis Framework (SAIF) to support cyber analysts, cyber administrators, and developers in their daily tasks of security impact analysis and provide project stakeholders with sufficient security proof and defense gaps. The goal is to avoid the use of a myriad of "tool islands" to automate the security impact assessment process providing sufficient safety evidence throughout the development cycle of a project. A case study of the development of an autonomous shuttle service is used to illustrate some selected assets from the MITRE Attack approach as practical usage of this framework.
Fichier principal
Vignette du fichier
Security_Impact_Analysis_Framework__SIAF.pdf (698.44 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03787515 , version 1 (07-12-2022)

Identifiants

  • HAL Id : hal-03787515 , version 1

Citer

Abdelhadi Belfadel, Martin Boyer, Jerome Letailleur, Yohann Petiot, Mohamed Reda Yaich. Towards a Security Impact Analysis Framework: A Risk- based and MITRE Attack Approach. 27th European Symposium on Research in Computer Security (ESORICS) 2022, Sep 2022, Copenhagen, Denmark. ⟨hal-03787515⟩

Collections

IRT-SYSTEMX
167 Consultations
373 Téléchargements

Partager

Gmail Facebook X LinkedIn More