SYJan 7, 2019
Formalized Risk Assessment for Safety and SecurityJoachim Draeger, Stefan Hahndel
The manifold interactions between safety and security aspects makes it plausible to handle safety and security risks in an unified way. The paper develops a corresponding approach based on the discrete event systems (DEVS) paradigm. The simulation-based calculation of an individual system evolution path provides the contribution of this special path of dynamics to the overall risk of running the system. Accidentally and intentionally caused failures are distinguished by the way, in which the risk contributions of the various evolution paths are aggregated to the overall risk. The consistency of the proposed risk assessment method with 'traditional' notions of risk shows its plausibility. Its non-computability, on the other hand, makes the proposed risk assessment better suitable to the IT security domain than other concepts of risk developed for both safety and security. Power grids are discussed as an application example and demonstrates some of the advantages of the proposed method.
CRNov 5, 2018
Malware Epidemics Effects in a Lanchester Conflict ModelJoachim Draeger, Stephanie Öttl
We propose a framework for examining the effects of infections with self-replicating malware on military forces engaged in kinetic combat. The framework uses models, in which kinetic attrition is represented by a Lanchester model coupled with an SIR-like model describing the malware propagation across the forces. Basic knowledge about the expected circumstances restricts the set of scenarios to be analyzed using the model. Remaining uncertainties are taken into account as random variations given by information-theoretic principles. The situation assessment is realized by Monte-Carlo simulations with the risk as a possible assessment measure. An application of the proposed framework to a simple exemplary situation demonstrates its usage in practice. The assumed uncertainties about the considered situation lead to an outcome statistics, which changes corresponding to the improving knowledge about the situation. Large uncertainties may lead to results profoundly different from point estimates. For assuring practicability, the paper provides options to determine the values of important model parameters by measurement. It also discusses how to utilize the assessment results calculated with help of the framework.