Abstract
Several multi-disciplinary aspects need to be addressed in security risk evaluation, including the estimation of risk attributes. One of the most widespread definitions of security risk relates it to the attributes of: probability of occurrence (or rather “frequency”) of threats, system vulnerability with respect to the threat (or rather “probability of success of the threat”), and expected consequences (or rather “damage”). In this paper we provide a straightforward generic model based on Stochastic Petri Nets which can be adopted for the quantitative evaluation of physical vulnerability. The model allows to evaluate besides effectiveness parameters (e.g. probability of sensing, assessment, neutralization, etc.) also efficiency related ones (e.g. time to sense, assess, neutralize, etc.). Some examples will be provided in order to show how the model can be used in real-world protection systems applications.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Journal of physical security, http://jps.anl.gov/
A risk assessment methodology for physical security. White paper. Technical report, SANDIA National Laboratories (2008)
Ajmone Marsan, M., Balbo, G., Conte, G., Donatelli, S., Franceschinis, G.: Modelling with generalized stochastic petri nets. SIGMETRICS Perform. Eval. Rev. 26, 2 (1998)
Baker, G.H.: A vulnerability assessment methodology for critical infrastructure sites. In: DHS Symposium: Rand D Partnerships in Homeland Security (2005)
Bernardi, S., Flammini, F., Marrone, S., Merseguer, J., Papa, C., Vittorini, V.: Model-driven availability evaluation of railway control systems. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 15–28. Springer, Heidelberg (2011)
Broder, J.F.: Risk Analysis and the Security Survey. Butterworth-Heinemann (2006)
Casola, V., Mazzeo, A., Mazzocca, N., Vittorini, V.: A policy-based methodology for security evaluation: A security metric for public key infrastructures. Journal of Computer Security 15(2), 197–229 (2007)
Casola, V., Preziosi, R., Rak, M., Troiano, L.: A reference model for security level evaluation: Policy and fuzzy techniques. Journal of Universal Computer Science 11(1), 150–174 (2005)
Risk Steering Committee. DHS risk lexicon, http://www.dhs.gov/xlibrary/assets/dhs_risk_lexicon.pdf
Flammini, F., Gaglione, A., Mazzocca, N., Pragliola, C.: Quantitative security risk assessment and management for railway transportation infrastructures. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 180–189. Springer, Heidelberg (2009)
Garcia, M.L.: Vulnerability Assessment of Physical Protection Systems. Butterworth-Heinemann (2005)
Hennessey, B., Wesson, R.B., Norman, B.: Security simulation for vulnerability assessment. IEEE Aerospace and Electronic Systems Magazine 22(9), 11–16 (2007)
Cox Jr., L.A.: Some limitations of risk = threat x vulnerability x consequence for risk analysis of terrorist attacks. Risk Analysis 28(6) (2008)
Lewis, T.G., Darken, R.P., Mackin, T., Dudenhoeffer, D.: Model-Based Risk Analysis for Critical Infrastructures. Critical Infrastructure Security - WIT Press (2011)
Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-based evaluation: From dependability to security. IEEE Trans. Dependable Secur. Comput. 1, 48–65 (2004)
Rinaldi, S.M.: Modeling and simulating critical infrastructures and their interdependencies. In: Proceedings of the 37th HICSS 2004 - Track 2, vol. 2. IEEE Computer Society, Washington, DC (2004)
Sallhammar, K.: Stochastic Models for Combined Security and Dependability Evaluation. PhD thesis, Norwegian University of Science and Technology (2007)
Taylor, M.E., Kiekintveld, C., Western, C., Tambe, M.: A framework for evaluating deployed security systems: Is there a chink in your armor? Informatica 34 (2010), Special Issue on Quantitative Risk Analysis Techniques for Security Applications
Weingart, S.H.: Physical security devices for computer subsystems: A survey of attacks and defenses. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 302–317. Springer, Heidelberg (2000)
Zimmermann, A., Freiheit, J., German, R., Hommel, G.: Petri net modelling and performability evaluation with timeNET 3.0. In: Haverkort, B.R., Bohnenkamp, H.C., Smith, C.U. (eds.) TOOLS 2000. LNCS, vol. 1786, pp. 188–202. Springer, Heidelberg (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Flammini, F., Marrone, S., Mazzocca, N., Vittorini, V. (2013). Petri Net Modelling of Physical Vulnerability. In: Bologna, S., Hämmerli, B., Gritzalis, D., Wolthusen, S. (eds) Critical Information Infrastructure Security. CRITIS 2011. Lecture Notes in Computer Science, vol 6983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41476-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-41476-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41475-6
Online ISBN: 978-3-642-41476-3
eBook Packages: Computer ScienceComputer Science (R0)